From 0ccf1410e057cede3e2c2a552cb78981d8ac8179 Mon Sep 17 00:00:00 2001 From: epriestley Date: Thu, 16 Aug 2018 10:07:28 -0700 Subject: [PATCH] Give PhabricatorAuthPassword a formal CAN_EDIT policy Summary: Depends on D19585. Ref T13164. This is a precursor for D19586, which causes Editors to start doing more explicit CAN_EDIT checks. Passwords have an Editor, but don't actually define a CAN_EDIT capability. Define one (you can edit a password if you can edit the object the password is associated with). (Today, this object is always a User -- this table just unified VCS passwords and Account passwords so they can be handled more consistently.) Test Plan: - With D19586, ran unit tests and got a pass. - Edited my own password. - Tried to edit another user's password and wasn't permitted to. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13164 Differential Revision: https://secure.phabricator.com/D19592 --- src/applications/auth/storage/PhabricatorAuthPassword.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/applications/auth/storage/PhabricatorAuthPassword.php b/src/applications/auth/storage/PhabricatorAuthPassword.php index 5343e622fd..3bcb95693e 100644 --- a/src/applications/auth/storage/PhabricatorAuthPassword.php +++ b/src/applications/auth/storage/PhabricatorAuthPassword.php @@ -178,6 +178,7 @@ final class PhabricatorAuthPassword public function getCapabilities() { return array( PhabricatorPolicyCapability::CAN_VIEW, + PhabricatorPolicyCapability::CAN_EDIT, ); } @@ -195,7 +196,7 @@ final class PhabricatorAuthPassword public function getExtendedPolicy($capability, PhabricatorUser $viewer) { return array( - array($this->getObject(), PhabricatorPolicyCapability::CAN_VIEW), + array($this->getObject(), $capability), ); }