recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Give PhabricatorAuthPassword a formal CAN_EDIT policy

Summary:
Depends on D19585. Ref T13164. This is a precursor for D19586, which causes Editors to start doing more explicit CAN_EDIT checks.

Passwords have an Editor, but don't actually define a CAN_EDIT capability. Define one (you can edit a password if you can edit the object the password is associated with).

(Today, this object is always a User -- this table just unified VCS passwords and Account passwords so they can be handled more consistently.)

Test Plan:
- With D19586, ran unit tests and got a pass.
- Edited my own password.
- Tried to edit another user's password and wasn't permitted to.

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T13164

Differential Revision: https://secure.phabricator.com/D19592

epriestley 0ccf1410 7e29ec2e

+2 -1
+2 -1
src/applications/auth/storage/PhabricatorAuthPassword.php
··· 178 178 public function getCapabilities() { 179 179 return array( 180 180 PhabricatorPolicyCapability::CAN_VIEW, 181 + PhabricatorPolicyCapability::CAN_EDIT, 181 182 ); 182 183 } 183 184 ··· 195 196 196 197 public function getExtendedPolicy($capability, PhabricatorUser $viewer) { 197 198 return array( 198 - array($this->getObject(), PhabricatorPolicyCapability::CAN_VIEW), 199 + array($this->getObject(), $capability), 199 200 ); 200 201 } 201 202