Paths

Table of Contentst

Differential D20716

In Phortune, use actual merchant authority (not authority grants) to control account visibility
ClosedPublic
Actions

Authored by epriestley on Aug 16 2019, 3:18 PM.

Tags

None

Referenced Files

	F14843662: D20716.id49397.diff
	Sun, Feb 2, 8:52 AM

	Unknown Object (File)
	Wed, Jan 29, 7:35 AM

	Unknown Object (File)
	Tue, Jan 28, 7:10 PM

	Unknown Object (File)
	Tue, Jan 28, 8:22 AM

	Unknown Object (File)
	Tue, Jan 28, 4:02 AM

	Unknown Object (File)
	Mon, Jan 27, 4:16 AM

	Unknown Object (File)
	Sat, Jan 25, 5:29 AM

	Unknown Object (File)
	Sat, Jan 25, 5:29 AM

Subscribers

None

Details

Reviewers: None
Maniphest Tasks: T13366: Update Phortune to work better with "enterprise" billing/accounts departments
Commits: rPa3213ab20be6: In Phortune, use actual merchant authority (not authority grants) to control…

Summary

Depends on D20715. Ref T13366. See that task for discussion.

Replace the unreliable "grantAuthority()"-based check with an actual "can the viewer edit any merchant this account has a relationship with?" check.

This makes these objects easier to use from a policy perspective and makes it so that the Query alone can fully enforce permissions properly with no setup, so general infrastructure (like handles and transactions) works properly with Phortune objects.

Test Plan

Viewed merchants and accounts as users with no authority, direct authority on the account, and indirect authority via a merchant relationship.

Diff Detail

Repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

epriestley created this revision.Aug 16 2019, 3:18 PM

Harbormaster completed remote builds in B23257: Diff 49397.Aug 16 2019, 3:19 PM

epriestley requested review of this revision.Aug 16 2019, 3:19 PM

epriestley added a child revision: D20717: Update Phortune payment account interfaces to handle merchant vs customer views.Aug 16 2019, 4:38 PM

This revision was not accepted when it landed; it landed in state Needs Review.Aug 23 2019, 4:02 AM

Closed by commit rPa3213ab20be6: In Phortune, use actual merchant authority (not authority grants) to control… (authored by epriestley). · Explain Why

This revision was automatically updated to reflect the committed changes.

epriestley added a commit: rPa3213ab20be6: In Phortune, use actual merchant authority (not authority grants) to control….

epriestley mentioned this in T13393: Improve repository shard migration pathway in the shared cluster.Aug 30 2019, 3:50 PM

Revision Contents
Changeset List

Path

Size

src/

applications/

phortune/

controller/

merchant/

PhortuneMerchantInvoiceCreateController.php

7 lines

query/

PhortuneMerchantQuery.php

69 lines

storage/

PhortuneAccount.php

22 lines

Diff 49433

src/applications/phortune/controller/merchant/PhortuneMerchantInvoiceCreateController.php

Loading...

src/applications/phortune/query/PhortuneMerchantQuery.php

Loading...

src/applications/phortune/storage/PhortuneAccount.php

Loading...