HomePhabricator

Huge refactor of security policy enforcer stuff.
Audited16c8f8b6e48dUnpublished

Authored by mmodell on Oct 26 2014, 9:16 PM.

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.
This commit has been deleted in the repository: it is no longer reachable from any branch, tag, or ref.

Description

Huge refactor of security policy enforcer stuff.

This revision involves 3 cooperating classes to secure tasks considered
either 'sensitive' or 'security bug'

  1. SecurityPolicyListener applies an initial security policy to tasks submitted with the 'security' option set to anything other than 'none'
  2. The default security policy now includes a new custom policy rule, implemented in PhabricatorPolicyRuleTaskSubscribers, which allows anyone subscribed to a task to /view + comment/ on the task. !
  3. SecurityPolicyEnforcerAction is a herald custom action which is used to reset the security policy if anyone tries to override the policy to 'public' or 'any user' when the security flag is set to something other than 'none', this is just a sanity check to keep someone from inadvertantly or maliciously revealing a secure task without explicitly setting the security to 'none'

Note: The following pre-existing behavior is not changed by the new patch:

The task author, the assignee, and any member of the corresponding 'security' project
will be able to view/edit the task without explicitly being subscribed.

Bug: T493
Bug: T76008

Change-Id: I5b1fcb35c6f390f1a54acfe4081da28f76245ab4

Details

Group Auditors
Restricted Owners Package
Restricted Owners Package
Committed
mmodellDec 31 2014, 9:23 PM
Parents
rPHEX57790e600a2f: Policy Enforcer should not remove user-submitted projects
Branches
Unknown
Tags
Unknown
ChangeId
I5b1fcb35c6f390f1a54acfe4081da28f76245ab4