recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Fix an issue where raw diffs that are not attached to revisions could skip repository policy checks

Summary:
See PHI1697. If a diff is not attached to a revision (for example, if it was created with "arc diff --only"), but is attached to a repository, it is supposed to be visible only to users who can see that repository.

It currently skips this extended policy check and may incorrectly be visible to too many users.

(Once a diff is attached to a revision, this rule is enforced properly via the revision policy.)

Test Plan:
- Set repository R to be visible only to Alice.
- As Alice, created a diff from a working copy of repository R with "arc diff --only".
- As Bailey, viewed the diff.
- Before: visible diff.
- After: policy exception (as expected).

Differential Revision: https://secure.phabricator.com/D21103

epriestley 19e0abcb 5597f4e6

+5
+5
src/applications/differential/storage/DifferentialDiff.php
··· 472 472 $this->getRevision(), 473 473 PhabricatorPolicyCapability::CAN_VIEW, 474 474 ); 475 + } else if ($this->getRepositoryPHID()) { 476 + $extended[] = array( 477 + $this->getRepositoryPHID(), 478 + PhabricatorPolicyCapability::CAN_VIEW, 479 + ); 475 480 } 476 481 break; 477 482 }