HomePhabricator

In Audit, use repository identities to prevent author-auditors

Description

In Audit, use repository identities to prevent author-auditors

Summary:
See PHI2015. Diffusion attempts to prevent a commit's author from being made an auditor, but currently uses an out-of-date method for identifying the author.

Use the modern ("Repository Identity" aware) method instead.

Test Plan:

  • Authored a commit as user "X", mapped to my account.
  • Pushed/imported/discovered it.
  • Changed the identity mapping for "X" from my account to a different account.
  • Tried to add myself as an auditor.
    • Before: error, "author can't be an auditor".
    • After: succeeds.
  • Tried to add the newly mapped user as an auditor. This correctly fails with the "author can't be an auditor" error.

It's possible to put commits into a wonky state by remapping the author identity to a user who is already an auditor, but I think that isn't important and we can't do much about it, realistically.

Differential Revision: https://secure.phabricator.com/D21594

Details

Provenance
epriestleyAuthored on Mar 4 2021, 5:29 PM
epriestleyPushed on Mar 4 2021, 5:33 PM
Differential Revision
D21594: In Audit, use repository identities to prevent author-auditors
Parents
rP9b6a030292d1: Use the same icon for "Resigned" in Differential and Diffusion
Branches
Unknown
Tags
Unknown
Build Status
Buildable 25217
Build 34801: Run Core Tests