recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Clean up supplemental capabilitiy checks in transaction edits

Summary:
We have this commented-out chunk of code now which was originally buggy and is now just nonfunctional.

For now, the core edit types don't always require CAN_EDIT (e.g., subscribe, comment, add edges), except for editing the edit policy itself, which always does. Add a supplemental capability check there and let everything else go through with CAN_VIEW. We can buff the policy checks on application editors over time, they all require appropriate capabilities to get to in the first place anyway.

Test Plan: Created and edited some tasks without getting overwhelmed with policy exceptions.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D7351

epriestley 83c99be4 f5c7dd68

+18 -10
+18 -10
src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php
··· 697 697 $object, 698 698 PhabricatorPolicyCapability::CAN_VIEW); 699 699 700 - // TODO: This should be "$object", not "$xaction", but probably breaks a 701 - // lot of stuff if fixed -- you don't need to be able to edit in order to 702 - // comment. Instead, transactions should specify the capabilities they 703 - // require. 700 + foreach ($xactions as $xaction) { 701 + $this->requireCapabilities($object, $xaction); 702 + } 703 + } 704 704 705 - /* 705 + protected function requireCapabilities( 706 + PhabricatorLiskDAO $object, 707 + PhabricatorApplicationTransaction $xaction) { 706 708 707 - PhabricatorPolicyFilter::requireCapability( 708 - $actor, 709 - $xaction, 710 - PhabricatorPolicyCapability::CAN_EDIT); 709 + switch ($xaction->getTransactionType()) { 710 + case PhabricatorTransactions::TYPE_EDIT_POLICY: 711 + // You must have the edit capability to alter the edit policy of an 712 + // object. For other default transaction types, we don't enforce 713 + // anything for the moment. 711 714 712 - */ 715 + PhabricatorPolicyFilter::requireCapability( 716 + $this->requireActor(), 717 + $object, 718 + PhabricatorPolicyCapability::CAN_EDIT); 719 + break; 720 + } 713 721 } 714 722 715 723 private function buildMentionTransaction(