I'm likely to break the paths constraint for frozen API method differential.query. This was added by D2788 as a Facebook-specific patch with no rationale that I can dig up, and the author didn't have any related changes from around that time.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
Mar 15 2021
Mar 14 2021
Mar 13 2021
This is very old and I can't reproduce it, and haven't seen any other reports.
Mar 12 2021
I think lint could reasonably emit two warnings about this:
For now, I fixed the explicit misinformation in audit.can-author-close-audit, at least.
Mar 11 2021
There are also already a bunch of tailored messages in other context:
I looked into this briefly, but I can't find a simple way to show all the current user's database permissions.
Resource (and Phame and Phurl) domains now respond to /status/.
(Or, rather, BlogSite and ShortSite both deal with 404s in a sensible way. They just don't route "/robots.txt", "/favicon.ico", or "/status/".)
This leaves some edge cases doing less-than-ideal things:
A related issue is that if you 404 on the ResourceSite, you hit a cookie exception. This isn't ideal.
We should probably route /robots.txt, but perhaps prevent it from accessing anything?
I don't think those use cases are necessarily bad, there's just a little bit of a slippery slope to, say, "Git sure looks a lot like a database" and then support issues like "it's hard to manage my 3,500 automated review requests".
Adding a data point, "Foist Upon" was a surprise hit among the developers here and additionally we have successfully utilized the conduit API to take advantage of foisting
There are probably also some off-label use cases where, for example, bots create revisions on behalf of users. I'm not thrilled about these, ...
oops 😬
An issue arose when a user loads a page of notifications which include stories they don't have permission to view.
Nothing new has arisen for a while, so presuming this is resolved.
Mar 10 2021
Seems like it works:
I think we can be slightly more general about this, and assume any token beginning with _ is substring search. This covers __FILE__, __construct, etc. Users almost certainly intend these to be substring searches.
Although I didn't look particularly hard, I can't immediately find any more evidence that this is occurring in production.
One remaining artifact here is this configuration option:
This promoted and has been in the Phacility cluster for a few days without issues.
This promoted without exploding.
Can Piledriver be implemented as an Arcanist toolset?