Huge refactor of security policy enforcer stuff.

Authored by mmodell on Dec 8 2014, 5:05 PM.

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.
This commit has been deleted in the repository: it is no longer reachable from any branch, tag, or ref.


Huge refactor of security policy enforcer stuff.

This revision involves 3 cooperating classes to secure tasks considered either 'sensitive' or 'security bug'

  1. SecurityPolicyListener applies an initial security policy to tasks submitted with the 'security' option set to anything other than 'none'
  2. The default security policy includes a new custom policy rule, implemented in PhabricatorPolicyRuleTaskSubscribers, which allows anyone subscribed to a task to /view + comment/ on the task. In addition to subscribers of the task, the task author and any member of the corresponding 'security' project will also be able to view/edit the task without explicitly being subscribed.
  3. SecurityPolicyEnforcerAction is a herald custom action which is used to reset the security policy if anyone tries to override the policy to 'public' or 'any user' when the security flag is set to something other than 'none', this is just a sanity check to keep someone from inadvertantly or maliciously revealing a secure task without explicitly setting the security to 'none'

Bug: T493
Bug: T76008
Bug: T518
Bug: T75781

Change-Id: I5b1fcb35c6f390f1a54acfe4081da28f76245ab4


Group Auditors
Restricted Owners Package
Restricted Owners Package
mmodellDec 12 2014, 6:36 AM
rPHEXd6c46bcd9303: Sanitize herald effects on maniphest tasks