Page MenuHomePhabricator

Fix an issue where raw diffs that are not attached to revisions could skip repository policy checks
ClosedPublic

Authored by epriestley on Apr 13 2020, 7:05 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Dec 8, 6:38 PM
Unknown Object (File)
Sun, Dec 8, 6:19 AM
Unknown Object (File)
Wed, Dec 4, 5:44 PM
Unknown Object (File)
Sun, Dec 1, 1:00 PM
Unknown Object (File)
Fri, Nov 29, 4:25 AM
Unknown Object (File)
Nov 21 2024, 9:17 AM
Unknown Object (File)
Nov 17 2024, 4:35 AM
Unknown Object (File)
Nov 5 2024, 9:27 PM
Subscribers
None

Details

Summary

See PHI1697. If a diff is not attached to a revision (for example, if it was created with "arc diff --only"), but is attached to a repository, it is supposed to be visible only to users who can see that repository.

It currently skips this extended policy check and may incorrectly be visible to too many users.

(Once a diff is attached to a revision, this rule is enforced properly via the revision policy.)

Test Plan
  • Set repository R to be visible only to Alice.
  • As Alice, created a diff from a working copy of repository R with "arc diff --only".
  • As Bailey, viewed the diff.
    • Before: visible diff.
    • After: policy exception (as expected).

Diff Detail

Repository
rP Phabricator
Branch
uri2
Lint
Lint Passed
Unit
Tests Passed
Build Status
Buildable 24080
Build 33152: Run Core Tests
Build 33151: arc lint + arc unit