From f348721aed42fb2015a7ce4ee1983e5ac343a2c5 Mon Sep 17 00:00:00 2001
From: epriestley <git@epriestley.com>
Date: Wed, 14 Mar 2018 12:48:20 -0700
Subject: [PATCH] When loading project membership to evaluate the "Subscribers"
 policy, use the ominipotent viewer

Summary: See PHI448. Ref T13106. The current implementation here can end up in an infinite stack if, e.g., a project uses "Visible to: Subscribers".

Test Plan: Will push.

Maniphest Tasks: T13106

Differential Revision: https://secure.phabricator.com/D19226
---
 .../PhabricatorSubscriptionsSubscribersPolicyRule.php      | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/applications/subscriptions/policyrule/PhabricatorSubscriptionsSubscribersPolicyRule.php b/src/applications/subscriptions/policyrule/PhabricatorSubscriptionsSubscribersPolicyRule.php
index b7644cd68d..922f8c9651 100644
--- a/src/applications/subscriptions/policyrule/PhabricatorSubscriptionsSubscribersPolicyRule.php
+++ b/src/applications/subscriptions/policyrule/PhabricatorSubscriptionsSubscribersPolicyRule.php
@@ -45,10 +45,13 @@ final class PhabricatorSubscriptionsSubscribersPolicyRule
       $this->subscribed[$viewer_phid] = array();
     }
 
-    // Load the project PHIDs the user is a member of.
+    // Load the project PHIDs the user is a member of. We use the omnipotent
+    // user here because projects may themselves have "Subscribers" visibility
+    // policies and we don't want to get stuck in an infinite stack of
+    // recursive policy checks. See T13106.
     if (!isset($this->sourcePHIDs[$viewer_phid])) {
       $projects = id(new PhabricatorProjectQuery())
-        ->setViewer($viewer)
+        ->setViewer(PhabricatorUser::getOmnipotentUser())
         ->withMemberPHIDs(array($viewer_phid))
         ->execute();