recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Stop requiring CAN_EDIT to reach the TransactionEditor via "*.edit" in EditEngine

Summary:
Depends on D19607. Ref T13189. See PHI642. Ref T13186.

Some transactions can sometimes be applied to objects you can not edit. Currently, using `*.edit` to edit an object always explicitly requires CAN_EDIT.

Now that individual transactions require CAN_EDIT by default and can reduce or replace this requirement, stop requiring CAN_EDIT to reach the editor.

The only expected effect of this change is that low-permission edits (like disabling a user, leaving a project, or leaving a thread) can now work via `*.edit`.

Test Plan:
- Tried to perform a normal edit (changing a task title) against an object with no CAN_EDIT. Still got a permissions error.
- As a non-admin, disabled other users while holding the "Can Disable Users" permission.
- As a non-admin, got a permissions error while trying to disable other users while not holding the "Can Disable Users" permission.

Reviewers: amckinley

Maniphest Tasks: T13189, T13186

Differential Revision: https://secure.phabricator.com/D19608

epriestley cd8b5b82 f9192d07

+13 -1
+13 -1
src/applications/transactions/editengine/PhabricatorEditEngine.php
··· 2003 2003 $identifier = $request->getValue('objectIdentifier'); 2004 2004 if ($identifier) { 2005 2005 $this->setIsCreate(false); 2006 - $object = $this->newObjectFromIdentifier($identifier); 2006 + 2007 + // After T13186, each transaction can individually weaken or replace the 2008 + // capabilities required to apply it, so we no longer need CAN_EDIT to 2009 + // attempt to apply transactions to objects. In practice, almost all 2010 + // transactions require CAN_EDIT so we won't get very far if we don't 2011 + // have it. 2012 + $capabilities = array( 2013 + PhabricatorPolicyCapability::CAN_VIEW, 2014 + ); 2015 + 2016 + $object = $this->newObjectFromIdentifier( 2017 + $identifier, 2018 + $capabilities); 2007 2019 } else { 2008 2020 $this->requireCreateCapability(); 2009 2021