Make Differential views capability-sensitive
e0f99484ac91
Actions

Description

Make Differential views capability-sensitive

Summary:
Ref T603. Make Differential behaviors for logged-out and underprivleged users more similar to other apps.

I'm going to drop this "anonymous access" thing at some point, but reviews.fb.net actually looks like it's running semi-modern code, so leave it alive until we have a more compelling replacement in the upstream.

Test Plan: As a logged out user, browsed Differential and clicked things and such.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D7148

Details

Provenance

epriestley

Authored on Sep 27 2013, 1:45 AM

Reviewer

btrahan

Differential Revision

Restricted Differential Revision

Parents

rP4163da9d624f: Policy - make policy transactions render better in email

Branches

Unknown

Tags

Unknown

Tasks

T603: Support permissions/policies in all Phabricator applications

Event Timeline

When a logged-in user tries to view a diff for a repo they are not allowed to use, it won't show it to them (as it shouldn't), but instead of a permissions error, it generates:

Unhandled Exception ("AphrontQueryParameterException")
Array for %Ld conversion is empty. Query: SELECT * FROM %s WHERE revisionID in (%Ld) ORDER BY sequence

I'm assuming it's just a work in progress, but I figured I'd mention it.