recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Remove overbearing policy checks in Phame

Summary:
Fixes T11584. This controller does unnecessary CAN_EDIT policy checks.

These checks are enforced by `EditEngine`, and you can make certain types of edits (including comments) even without full-blown edit permission.

Test Plan:
- Commented as a user without edit permission.
- Tried to edit as a user without edit permission, was rebuffed with a policy dialog.
- Edited as a user with edit permission.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11584

Differential Revision: https://secure.phabricator.com/D16493

epriestley 4b6da973 4dc37bce

+17 -22
+17 -22
src/applications/phame/controller/post/PhamePostEditController.php
··· 21 21 $post = id(new PhamePostQuery()) 22 22 ->setViewer($viewer) 23 23 ->withIDs(array($id)) 24 - ->requireCapabilities( 25 - array( 26 - PhabricatorPolicyCapability::CAN_VIEW, 27 - PhabricatorPolicyCapability::CAN_EDIT, 28 - )) 29 24 ->executeOne(); 30 25 if (!$post) { 31 26 return new Aphront404Response(); 32 27 } 33 - $blog_id = $post->getBlog()->getID(); 28 + $blog = $post->getBlog(); 34 29 } else { 35 30 $blog_id = head($request->getArr('blog')); 36 31 if (!$blog_id) { 37 32 $blog_id = $request->getStr('blog'); 38 33 } 39 - } 40 34 41 - $query = id(new PhameBlogQuery()) 42 - ->setViewer($viewer) 43 - ->requireCapabilities( 44 - array( 45 - PhabricatorPolicyCapability::CAN_VIEW, 46 - PhabricatorPolicyCapability::CAN_EDIT, 47 - )); 35 + $query = id(new PhameBlogQuery()) 36 + ->setViewer($viewer) 37 + ->requireCapabilities( 38 + array( 39 + PhabricatorPolicyCapability::CAN_VIEW, 40 + PhabricatorPolicyCapability::CAN_EDIT, 41 + )); 48 42 49 - if (ctype_digit($blog_id)) { 50 - $query->withIDs(array($blog_id)); 51 - } else { 52 - $query->withPHIDs(array($blog_id)); 53 - } 43 + if (ctype_digit($blog_id)) { 44 + $query->withIDs(array($blog_id)); 45 + } else { 46 + $query->withPHIDs(array($blog_id)); 47 + } 54 48 55 - $blog = $query->executeOne(); 56 - if (!$blog) { 57 - return new Aphront404Response(); 49 + $blog = $query->executeOne(); 50 + if (!$blog) { 51 + return new Aphront404Response(); 52 + } 58 53 } 59 54 60 55 $this->setBlog($blog);