HomePhabricator
Diffusion Phabricator 55f4a258d2de

When updating revisions in responset to commits, use the omnipotent viewer to…
55f4a258d2de
Actions

Description

When updating revisions in responset to commits, use the omnipotent viewer to pull diffs

Summary:
Ref T13625. See that task for discussion.

Currently, the Viewer when performing revision updates in response to commits may be an arbitrary low-privilege user (an Application, a disabled User, a bot, a mailing list, etc).

Today, this leads to an exception when trying to make API calls.

Ideally, we probably would not perform the update in these cases. However, performing the update isn't a policy violation and is generally less surprising than not performing it, so continue performing it for now: just use the omnipotent user to interact with the API.

Test Plan:

  • Authored a commit as a bot user without permission to view the repository or revision.
  • Commented out a couple of caches, and used bin/repository reparse --publish ... to republish the commit.
    • Before: exception when trying to interact with the API.
    • After: clean publish.

Maniphest Tasks: T13625

Differential Revision: https://secure.phabricator.com/D21582

Details

Provenance
epriestleyAuthored on Mar 1 2021, 6:54 PM
epriestleyPushed on Mar 1 2021, 7:11 PM
Differential Revision
D21582: When updating revisions in responset to commits, use the omnipotent viewer to pull diffs
Parents
rP0a3093ef9c18: Fix an issue where paginating notifications could fail a GROUP BY test
Branches
Unknown
Tags
Unknown
Tasks
T13625: Daemons may make commit-related API calls as users without privileges
Build Status
Buildable 25185
Build 34757: Run Core Tests

Changes (1)

PathSize
src/
applications/
diffusion/
worker/

rP55f4a258d2de

View Options

src/applications/diffusion/worker/DiffusionUpdateObjectAfterCommitWorker.php

Loading...
Phabricator · Built by Phacility