archive/phabricator
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

Make Herald transcripts policy-aware

Browse Source 
Summary:
Ref T603. Herald transcripts potentially leak a bunch of content (task text, revision/commit content). Don't let users see them if they can't see the actual objects.

This is a little messy but ends up mostly reasonable-ish.

Test Plan:
  - Verified that transcripts for objects I couldn't see no longer appear in the list, and reject access.
  - Verified that transcripts for objects in applications I can't see reject access, albeit less gracefully.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D7221
This commit is contained in:
epriestley
2013-10-04 15:17:18 -07:00
parent a235768d58
commit ee4bdb501b
6 changed files with 162 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
src/applications/herald/controller/HeraldTranscriptController.php
View File

@@ -25,10 +25,15 @@ final class HeraldTranscriptController extends HeraldController {
}
public function processRequest() {
$request = $this->getRequest();
$viewer = $request->getUser();
$xscript = id(new HeraldTranscript())->load($this->id);
$xscript = id(new HeraldTranscriptQuery())
->setViewer($viewer)
->withIDs(array($this->id))
->executeOne();
if (!$xscript) {
throw new Exception('Uknown transcript!');
return new Aphront404Response();
}
require_celerity_resource('herald-test-css');
@@ -46,9 +51,19 @@ final class HeraldTranscriptController extends HeraldController {
pht('Details of this transcript have been garbage collected.')));
$nav->appendChild($notice);
} else {
$map = HeraldAdapter::getEnabledAdapterMap($viewer);
$object_type = $object_xscript->getType();
if (empty($map[$object_type])) {
// TODO: We should filter these out in the Query, but we have to load
// the objectTranscript right now, which is potentially enormous. We
// should denormalize the object type, or move the data into a separate
// table, and then filter this earlier (and thus raise a better error).
// For now, just block access so we don't violate policies.
throw new Exception(
pht("This transcript has an invalid or inaccessible adapter."));
}
$this->adapter = HeraldAdapter::getAdapterForContentType(
$object_xscript->getType());
$this->adapter = HeraldAdapter::getAdapterForContentType($object_type);
$filter = $this->getFilterPHIDs();
$this->filterTranscript($xscript, $filter);