Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F13999521
D17152.id41250.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
2 KB
Referenced Files
None
Subscribers
None
D17152.id41250.diff
View Options
diff --git a/src/applications/policy/filter/PhabricatorPolicyFilter.php b/src/applications/policy/filter/PhabricatorPolicyFilter.php
--- a/src/applications/policy/filter/PhabricatorPolicyFilter.php
+++ b/src/applications/policy/filter/PhabricatorPolicyFilter.php
@@ -874,6 +874,19 @@
$viewer = $this->viewer;
foreach ($objects as $key => $object) {
+ // Don't filter handles: users are allowed to see handles from an
+ // application they can't see even if they can not see objects from
+ // that application. Note that the application policies still apply to
+ // the underlying object, so these will be "Restricted Object" handles.
+
+ // If we don't let these through, PhabricatorHandleQuery will completely
+ // fail to load results for PHIDs that are part of applications which
+ // the viewer can not see, but a fundamental property of handles is that
+ // we always load something and they can safely be assumed to load.
+ if ($object instanceof PhabricatorObjectHandle) {
+ continue;
+ }
+
$phid = $object->getPHID();
if (!$phid) {
continue;
diff --git a/src/applications/project/__tests__/PhabricatorProjectCoreTestCase.php b/src/applications/project/__tests__/PhabricatorProjectCoreTestCase.php
--- a/src/applications/project/__tests__/PhabricatorProjectCoreTestCase.php
+++ b/src/applications/project/__tests__/PhabricatorProjectCoreTestCase.php
@@ -51,6 +51,13 @@
$proj,
PhabricatorPolicyCapability::CAN_VIEW));
+ // This object is visible so its handle should load normally.
+ $handle = id(new PhabricatorHandleQuery())
+ ->setViewer($user)
+ ->withPHIDs(array($proj->getPHID()))
+ ->executeOne();
+ $this->assertEqual($proj->getPHID(), $handle->getPHID());
+
// Change the "Can Use Application" policy for Projecs to "No One". This
// should cause filtering checks to fail even when they are executed
// directly rather than via a Query.
@@ -76,6 +83,19 @@
$proj,
PhabricatorPolicyCapability::CAN_VIEW));
+ // We should still be able to load a handle for the project, even if we
+ // can not see the application.
+ $handle = id(new PhabricatorHandleQuery())
+ ->setViewer($user)
+ ->withPHIDs(array($proj->getPHID()))
+ ->executeOne();
+
+ // The handle should load...
+ $this->assertEqual($proj->getPHID(), $handle->getPHID());
+
+ // ...but be policy filtered.
+ $this->assertTrue($handle->getPolicyFiltered());
+
unset($env);
}
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Fri, Oct 25, 3:20 PM (3 w, 3 d ago)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
6746377
Default Alt Text
D17152.id41250.diff (2 KB)
Attached To
Mode
D17152: Fix excessively strict "Can Use Application" policy filtering
Attached
Detach File
Event Timeline
Log In to Comment