Huge refactor of security policy enforcer stuff.

Authored by mmodell on Oct 26 2014, 9:16 PM.

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.
This commit has been deleted in the repository: it is no longer reachable from any branch, tag, or ref.


Huge refactor of security policy enforcer stuff.

This revision involves 3 cooperating classes to secure tasks considered
either 'sensitive' or 'security bug'

  1. SecurityPolicyListener applies an initial security policy to tasks submitted with the 'security' option set to anything other than 'none'
  2. The default security policy now includes a new custom policy rule, implemented in PhabricatorPolicyRuleTaskSubscribers, which allows anyone subscribed to a task to /view + comment/ on the task. !
  3. SecurityPolicyEnforcerAction is a herald custom action which is used to reset the security policy if anyone tries to override the policy to 'public' or 'any user' when the security flag is set to something other than 'none', this is just a sanity check to keep someone from inadvertantly or maliciously revealing a secure task without explicitly setting the security to 'none'

Note: The following pre-existing behavior is not changed by the new patch:

The task author, the assignee, and any member of the corresponding 'security' project
will be able to view/edit the task without explicitly being subscribed.

Bug: T493
Bug: T76008

Change-Id: I5b1fcb35c6f390f1a54acfe4081da28f76245ab4


Group Auditors
Restricted Owners Package
Restricted Owners Package
mmodellDec 31 2014, 5:21 PM
rPHEX57790e600a2f: Policy Enforcer should not remove user-submitted projects