recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Check CAN_VIEW and CAN_EDIT at SearchAttachController

Summary: Fixes T11193. Assume this is the correct place to check for permissions before attaching edges.

Test Plan: Create a task and set edit policy to Admins, log into test account. Try to Edit Subtasks, Merge Duplicates, Attach a Diff, or Attach a Mock, get a Policy Dialog explaing why.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T11193

Differential Revision: https://secure.phabricator.com/D16161

authored by

Chad Little and committed by
chad 83c47012 921a5b49

+5 -3
-2
src/applications/maniphest/controller/ManiphestTaskDetailController.php
··· 198 198 $task_submenu[] = id(new PhabricatorActionView()) 199 199 ->setName(pht('Edit Blocking Tasks')) 200 200 ->setHref("/search/attach/{$phid}/TASK/blocks/") 201 - ->setWorkflow(true) 202 201 ->setIcon('fa-link') 203 202 ->setDisabled(!$can_edit) 204 203 ->setWorkflow(true); ··· 206 205 $task_submenu[] = id(new PhabricatorActionView()) 207 206 ->setName(pht('Merge Duplicates In')) 208 207 ->setHref("/search/attach/{$phid}/TASK/merge/") 209 - ->setWorkflow(true) 210 208 ->setIcon('fa-compress') 211 209 ->setDisabled(!$can_edit) 212 210 ->setWorkflow(true);
-1
src/applications/pholio/event/PholioActionMenuEventListener.php
··· 42 42 return id(new PhabricatorActionView()) 43 43 ->setName(pht('Edit Pholio Mocks')) 44 44 ->setHref("/search/attach/{$phid}/MOCK/edge/") 45 - ->setWorkflow(true) 46 45 ->setIcon('fa-camera-retro') 47 46 ->setDisabled(!$can_edit) 48 47 ->setWorkflow(true);
+5
src/applications/search/controller/PhabricatorSearchAttachController.php
··· 18 18 19 19 $object = id(new PhabricatorObjectQuery()) 20 20 ->setViewer($user) 21 + ->requireCapabilities( 22 + array( 23 + PhabricatorPolicyCapability::CAN_VIEW, 24 + PhabricatorPolicyCapability::CAN_EDIT, 25 + )) 21 26 ->withPHIDs(array($phid)) 22 27 ->executeOne(); 23 28