recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Fix join and remove policy checks for Conpherence

Summary:
I think these got munged when I removed CAN_JOIN.

- If you can view the room, you can join it.
- ~~If you can view the room, you can add others to it.~~ This rule adjustment was removed, see discussion on the revision.
- If you are a participant in the room, you can remove yourself.
- If you can edit a room, you can remove anyone.

Test Plan:
Normal feature set:

- Create a new room that only I can edit, viewable by all users.
- Leave room (bye k thx)
- Create another room, myself only
- Join room from second account
- See ability to only remove myself
- Remove myself
- Rejoin
- Add third account
- Log into first account
- Boot off randos
- Test joining by green button, message, and by + sign.

Policy consistency:

- As a user who can not edit the room, tried to add other members. Received policy exception. The `+` button is currently visible and enabled for all users (even users who have not joined the room) but this is pre-existing.

Reviewers: chad

Subscribers: Korvin

Differential Revision: https://secure.phabricator.com/D17696

authored by

Chad Little and committed by
epriestley c1e8b394 f0fbf7a7

+16 -9
-3
src/applications/conpherence/controller/ConpherenceViewController.php
··· 147 147 $user = $this->getRequest()->getUser(); 148 148 149 149 $participating = $conpherence->getParticipantIfExists($user->getPHID()); 150 - if (!$participating && $user->isLoggedIn()) { 151 - return null; 152 - } 153 150 $draft = PhabricatorDraft::newFromUserAndKey( 154 151 $user, 155 152 $conpherence->getPHID());
+16 -6
src/applications/conpherence/editor/ConpherenceEditor.php
··· 341 341 $add = array_keys(array_diff_key($new_map, $old_map)); 342 342 $rem = array_keys(array_diff_key($old_map, $new_map)); 343 343 344 - $actor_phid = $this->requireActor()->getPHID(); 344 + $actor_phid = $this->getActingAsPHID(); 345 345 346 - // You need CAN_EDIT to change participants other than yourself. 347 - PhabricatorPolicyFilter::requireCapability( 348 - $this->requireActor(), 349 - $object, 350 - PhabricatorPolicyCapability::CAN_EDIT); 346 + $is_join = (($add === array($actor_phid)) && !$rem); 347 + $is_leave = (($rem === array($actor_phid)) && !$add); 348 + 349 + if ($is_join) { 350 + // Anyone can join a thread they can see. 351 + } else if ($is_leave) { 352 + // Anyone can leave a thread. 353 + } else { 354 + // You need CAN_EDIT to add or remove participants. For additional 355 + // discussion, see D17696 and T4411. 356 + PhabricatorPolicyFilter::requireCapability( 357 + $this->requireActor(), 358 + $object, 359 + PhabricatorPolicyCapability::CAN_EDIT); 360 + } 351 361 352 362 break; 353 363 case ConpherenceThreadTitleTransaction::TRANSACTIONTYPE: