Page MenuHomePhabricator

Remove some defunct old-style transaction policy checks
ClosedPublic

Authored by epriestley on Nov 6 2017, 7:07 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Dec 9, 8:10 PM
Unknown Object (File)
Oct 26 2024, 12:58 PM
Unknown Object (File)
Oct 13 2024, 9:18 PM
Unknown Object (File)
Sep 27 2024, 7:52 PM
Unknown Object (File)
Sep 21 2024, 12:52 PM
Unknown Object (File)
Sep 17 2024, 3:52 PM
Unknown Object (File)
Sep 6 2024, 1:27 AM
Unknown Object (File)
Aug 31 2024, 4:40 PM
Subscribers
None

Details

Summary

Ref PHI193. This method of enforcing policy checks is now (mostly) obsolete, and they're generally checked at the Controller/API level instead.

Notably, this method does not call adjustObjectForPolicyChecks(...) properly, so it can not handle special cases like "creating a project and taking its newly created members into account" for object policies like "Project Members".

Just remove these checks, which are redundant with checks elsewhere.

Test Plan
  • Set Project application default edit policy to "Administrators and Project Members".
  • Tried to create a project as a non-administrator, adding myself.
  • Before patch: policy fatal on a VOID object (the project with no PHID generated yet).
  • After patch: object created properly. Got a sensible policy error if I didn't include myself as a member.
  • Also verified that other edit rules are still enforced/respected (I can't edit stuff I shouldn't be able to edit).
  • There's at least a bit of unit test coverage of this, too, which I updated to work via API (which hits the new broad capability checks) instead of via low-level transactions (which enforce only a subset of policy operations now).

Diff Detail

Repository
rP Phabricator
Branch
proj1
Lint
Lint Passed
Unit
Tests Passed
Build Status
Buildable 18806
Build 25349: Run Core Tests
Build 25348: arc lint + arc unit