phorge-phorge/src/applications/auth/query/PhabricatorAuthProviderConfigQuery.php

<?php

final class PhabricatorAuthProviderConfigQuery
  extends PhabricatorCursorPagedPolicyAwareQuery {

  private $ids;
  private $phids;
  private $providerClasses;

  const STATUS_ALL = 'status:all';
  const STATUS_ENABLED = 'status:enabled';

  private $status = self::STATUS_ALL;

  public function withPHIDs(array $phids) {
    $this->phids = $phids;
    return $this;
  }

  public function withIDs(array $ids) {
    $this->ids = $ids;
    return $this;
  }

  public function withStatus($status) {
    $this->status = $status;
    return $this;
  }

  public function withProviderClasses(array $classes) {
    $this->providerClasses = $classes;
    return $this;
  }

  public static function getStatusOptions() {
    return array(
      self::STATUS_ALL      => pht('All Providers'),
      self::STATUS_ENABLED  => pht('Enabled Providers'),
    );
  }

  protected function loadPage() {
    $table = new PhabricatorAuthProviderConfig();
    $conn_r = $table->establishConnection('r');

    $data = queryfx_all(
      $conn_r,
      'SELECT * FROM %T %Q %Q %Q',
      $table->getTableName(),
      $this->buildWhereClause($conn_r),
      $this->buildOrderClause($conn_r),
      $this->buildLimitClause($conn_r));

    return $table->loadAllFromArray($data);
  }

  protected function buildWhereClause(AphrontDatabaseConnection $conn) {
    $where = array();

    if ($this->ids !== null) {
      $where[] = qsprintf(
        $conn,
        'id IN (%Ld)',
        $this->ids);
    }

    if ($this->phids !== null) {
      $where[] = qsprintf(
        $conn,
        'phid IN (%Ls)',
        $this->phids);
    }

    if ($this->providerClasses !== null) {
      $where[] = qsprintf(
        $conn,
        'providerClass IN (%Ls)',
        $this->providerClasses);
    }

    $status = $this->status;
    switch ($status) {
      case self::STATUS_ALL:
        break;
      case self::STATUS_ENABLED:
        $where[] = qsprintf(
          $conn,
          'isEnabled = 1');
        break;
      default:
        throw new Exception(pht("Unknown status '%s'!", $status));
    }

    $where[] = $this->buildPagingClause($conn);

    return $this->formatWhereClause($conn, $where);
  }

  public function getQueryApplicationClass() {
    return 'PhabricatorAuthApplication';
  }

}
Add PhabricatorAuthProviderConfigQuery Summary: Ref T1536. See D6196. Code not called yet. Test Plan: Static checks only. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T1536 Differential Revision: https://secure.phabricator.com/D6197 2013-06-17 10:49:18 -07:00			`<?php`

			`final class PhabricatorAuthProviderConfigQuery`
			`extends PhabricatorCursorPagedPolicyAwareQuery {`

			`private $ids;`
			`private $phids;`
Very rough edit workflow for AuthProvider configuration Summary: Ref T1536. Many rough / broken edges, but adds the rough skeleton of the provider edit workflow. Test Plan: {F46333} Reviewers: btrahan Reviewed By: btrahan CC: aran, chad Maniphest Tasks: T1536 Differential Revision: https://secure.phabricator.com/D6200 2013-06-17 10:52:38 -07:00			`private $providerClasses;`
Add PhabricatorAuthProviderConfigQuery Summary: Ref T1536. See D6196. Code not called yet. Test Plan: Static checks only. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T1536 Differential Revision: https://secure.phabricator.com/D6197 2013-06-17 10:49:18 -07:00
			`const STATUS_ALL = 'status:all';`
			`const STATUS_ENABLED = 'status:enabled';`

			`private $status = self::STATUS_ALL;`

			`public function withPHIDs(array $phids) {`
			`$this->phids = $phids;`
			`return $this;`
			`}`

			`public function withIDs(array $ids) {`
			`$this->ids = $ids;`
			`return $this;`
			`}`

			`public function withStatus($status) {`
			`$this->status = $status;`
			`return $this;`
			`}`

Very rough edit workflow for AuthProvider configuration Summary: Ref T1536. Many rough / broken edges, but adds the rough skeleton of the provider edit workflow. Test Plan: {F46333} Reviewers: btrahan Reviewed By: btrahan CC: aran, chad Maniphest Tasks: T1536 Differential Revision: https://secure.phabricator.com/D6200 2013-06-17 10:52:38 -07:00			`public function withProviderClasses(array $classes) {`
			`$this->providerClasses = $classes;`
			`return $this;`
			`}`

Add PhabricatorAuthProviderConfigQuery Summary: Ref T1536. See D6196. Code not called yet. Test Plan: Static checks only. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T1536 Differential Revision: https://secure.phabricator.com/D6197 2013-06-17 10:49:18 -07:00			`public static function getStatusOptions() {`
			`return array(`
			`self::STATUS_ALL => pht('All Providers'),`
			`self::STATUS_ENABLED => pht('Enabled Providers'),`
			`);`
			`}`

			`protected function loadPage() {`
			`$table = new PhabricatorAuthProviderConfig();`
			`$conn_r = $table->establishConnection('r');`

			`$data = queryfx_all(`
			`$conn_r,`
			`'SELECT * FROM %T %Q %Q %Q',`
			`$table->getTableName(),`
			`$this->buildWhereClause($conn_r),`
			`$this->buildOrderClause($conn_r),`
			`$this->buildLimitClause($conn_r));`

			`return $table->loadAllFromArray($data);`
			`}`

Update many Phabricator queries for new %Q query semantics Summary: Depends on D19785. Ref T13217. This converts many of the most common clause construction pathways to the new %Q / %LQ / %LO / %LA / %LJ semantics. Test Plan: Browsed around a bunch, saw fewer warnings and no obvious behavioral errors. The transformations here are generally mechanical (although I did them by hand). Reviewers: amckinley Reviewed By: amckinley Subscribers: hach-que Maniphest Tasks: T13217 Differential Revision: https://secure.phabricator.com/D19789 2018-11-07 02:48:26 -08:00			`protected function buildWhereClause(AphrontDatabaseConnection $conn) {`
Add PhabricatorAuthProviderConfigQuery Summary: Ref T1536. See D6196. Code not called yet. Test Plan: Static checks only. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T1536 Differential Revision: https://secure.phabricator.com/D6197 2013-06-17 10:49:18 -07:00			`$where = array();`

Update many Phabricator queries for new %Q query semantics Summary: Depends on D19785. Ref T13217. This converts many of the most common clause construction pathways to the new %Q / %LQ / %LO / %LA / %LJ semantics. Test Plan: Browsed around a bunch, saw fewer warnings and no obvious behavioral errors. The transformations here are generally mechanical (although I did them by hand). Reviewers: amckinley Reviewed By: amckinley Subscribers: hach-que Maniphest Tasks: T13217 Differential Revision: https://secure.phabricator.com/D19789 2018-11-07 02:48:26 -08:00			`if ($this->ids !== null) {`
Add PhabricatorAuthProviderConfigQuery Summary: Ref T1536. See D6196. Code not called yet. Test Plan: Static checks only. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T1536 Differential Revision: https://secure.phabricator.com/D6197 2013-06-17 10:49:18 -07:00			`$where[] = qsprintf(`
Update many Phabricator queries for new %Q query semantics Summary: Depends on D19785. Ref T13217. This converts many of the most common clause construction pathways to the new %Q / %LQ / %LO / %LA / %LJ semantics. Test Plan: Browsed around a bunch, saw fewer warnings and no obvious behavioral errors. The transformations here are generally mechanical (although I did them by hand). Reviewers: amckinley Reviewed By: amckinley Subscribers: hach-que Maniphest Tasks: T13217 Differential Revision: https://secure.phabricator.com/D19789 2018-11-07 02:48:26 -08:00			`$conn,`
Add PhabricatorAuthProviderConfigQuery Summary: Ref T1536. See D6196. Code not called yet. Test Plan: Static checks only. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T1536 Differential Revision: https://secure.phabricator.com/D6197 2013-06-17 10:49:18 -07:00			`'id IN (%Ld)',`
			`$this->ids);`
			`}`

Update many Phabricator queries for new %Q query semantics Summary: Depends on D19785. Ref T13217. This converts many of the most common clause construction pathways to the new %Q / %LQ / %LO / %LA / %LJ semantics. Test Plan: Browsed around a bunch, saw fewer warnings and no obvious behavioral errors. The transformations here are generally mechanical (although I did them by hand). Reviewers: amckinley Reviewed By: amckinley Subscribers: hach-que Maniphest Tasks: T13217 Differential Revision: https://secure.phabricator.com/D19789 2018-11-07 02:48:26 -08:00			`if ($this->phids !== null) {`
Add PhabricatorAuthProviderConfigQuery Summary: Ref T1536. See D6196. Code not called yet. Test Plan: Static checks only. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T1536 Differential Revision: https://secure.phabricator.com/D6197 2013-06-17 10:49:18 -07:00			`$where[] = qsprintf(`
Update many Phabricator queries for new %Q query semantics Summary: Depends on D19785. Ref T13217. This converts many of the most common clause construction pathways to the new %Q / %LQ / %LO / %LA / %LJ semantics. Test Plan: Browsed around a bunch, saw fewer warnings and no obvious behavioral errors. The transformations here are generally mechanical (although I did them by hand). Reviewers: amckinley Reviewed By: amckinley Subscribers: hach-que Maniphest Tasks: T13217 Differential Revision: https://secure.phabricator.com/D19789 2018-11-07 02:48:26 -08:00			`$conn,`
Add PhabricatorAuthProviderConfigQuery Summary: Ref T1536. See D6196. Code not called yet. Test Plan: Static checks only. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T1536 Differential Revision: https://secure.phabricator.com/D6197 2013-06-17 10:49:18 -07:00			`'phid IN (%Ls)',`
			`$this->phids);`
			`}`

Update many Phabricator queries for new %Q query semantics Summary: Depends on D19785. Ref T13217. This converts many of the most common clause construction pathways to the new %Q / %LQ / %LO / %LA / %LJ semantics. Test Plan: Browsed around a bunch, saw fewer warnings and no obvious behavioral errors. The transformations here are generally mechanical (although I did them by hand). Reviewers: amckinley Reviewed By: amckinley Subscribers: hach-que Maniphest Tasks: T13217 Differential Revision: https://secure.phabricator.com/D19789 2018-11-07 02:48:26 -08:00			`if ($this->providerClasses !== null) {`
Very rough edit workflow for AuthProvider configuration Summary: Ref T1536. Many rough / broken edges, but adds the rough skeleton of the provider edit workflow. Test Plan: {F46333} Reviewers: btrahan Reviewed By: btrahan CC: aran, chad Maniphest Tasks: T1536 Differential Revision: https://secure.phabricator.com/D6200 2013-06-17 10:52:38 -07:00			`$where[] = qsprintf(`
Update many Phabricator queries for new %Q query semantics Summary: Depends on D19785. Ref T13217. This converts many of the most common clause construction pathways to the new %Q / %LQ / %LO / %LA / %LJ semantics. Test Plan: Browsed around a bunch, saw fewer warnings and no obvious behavioral errors. The transformations here are generally mechanical (although I did them by hand). Reviewers: amckinley Reviewed By: amckinley Subscribers: hach-que Maniphest Tasks: T13217 Differential Revision: https://secure.phabricator.com/D19789 2018-11-07 02:48:26 -08:00			`$conn,`
Very rough edit workflow for AuthProvider configuration Summary: Ref T1536. Many rough / broken edges, but adds the rough skeleton of the provider edit workflow. Test Plan: {F46333} Reviewers: btrahan Reviewed By: btrahan CC: aran, chad Maniphest Tasks: T1536 Differential Revision: https://secure.phabricator.com/D6200 2013-06-17 10:52:38 -07:00			`'providerClass IN (%Ls)',`
			`$this->providerClasses);`
			`}`

Add PhabricatorAuthProviderConfigQuery Summary: Ref T1536. See D6196. Code not called yet. Test Plan: Static checks only. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T1536 Differential Revision: https://secure.phabricator.com/D6197 2013-06-17 10:49:18 -07:00			`$status = $this->status;`
			`switch ($status) {`
			`case self::STATUS_ALL:`
			`break;`
			`case self::STATUS_ENABLED:`
			`$where[] = qsprintf(`
Update many Phabricator queries for new %Q query semantics Summary: Depends on D19785. Ref T13217. This converts many of the most common clause construction pathways to the new %Q / %LQ / %LO / %LA / %LJ semantics. Test Plan: Browsed around a bunch, saw fewer warnings and no obvious behavioral errors. The transformations here are generally mechanical (although I did them by hand). Reviewers: amckinley Reviewed By: amckinley Subscribers: hach-que Maniphest Tasks: T13217 Differential Revision: https://secure.phabricator.com/D19789 2018-11-07 02:48:26 -08:00			`$conn,`
Add PhabricatorAuthProviderConfigQuery Summary: Ref T1536. See D6196. Code not called yet. Test Plan: Static checks only. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T1536 Differential Revision: https://secure.phabricator.com/D6197 2013-06-17 10:49:18 -07:00			`'isEnabled = 1');`
			`break;`
			`default:`
phtize all the things Summary: `pht`ize a whole bunch of strings in rP. Test Plan: Intense eyeballing. Reviewers: #blessed_reviewers, epriestley Reviewed By: #blessed_reviewers, epriestley Subscribers: hach-que, Korvin, epriestley Differential Revision: https://secure.phabricator.com/D12797 2015-05-22 17:27:56 +10:00			`throw new Exception(pht("Unknown status '%s'!", $status));`
Add PhabricatorAuthProviderConfigQuery Summary: Ref T1536. See D6196. Code not called yet. Test Plan: Static checks only. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T1536 Differential Revision: https://secure.phabricator.com/D6197 2013-06-17 10:49:18 -07:00			`}`

Update many Phabricator queries for new %Q query semantics Summary: Depends on D19785. Ref T13217. This converts many of the most common clause construction pathways to the new %Q / %LQ / %LO / %LA / %LJ semantics. Test Plan: Browsed around a bunch, saw fewer warnings and no obvious behavioral errors. The transformations here are generally mechanical (although I did them by hand). Reviewers: amckinley Reviewed By: amckinley Subscribers: hach-que Maniphest Tasks: T13217 Differential Revision: https://secure.phabricator.com/D19789 2018-11-07 02:48:26 -08:00			`$where[] = $this->buildPagingClause($conn);`
Add PhabricatorAuthProviderConfigQuery Summary: Ref T1536. See D6196. Code not called yet. Test Plan: Static checks only. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T1536 Differential Revision: https://secure.phabricator.com/D6197 2013-06-17 10:49:18 -07:00
Update many Phabricator queries for new %Q query semantics Summary: Depends on D19785. Ref T13217. This converts many of the most common clause construction pathways to the new %Q / %LQ / %LO / %LA / %LJ semantics. Test Plan: Browsed around a bunch, saw fewer warnings and no obvious behavioral errors. The transformations here are generally mechanical (although I did them by hand). Reviewers: amckinley Reviewed By: amckinley Subscribers: hach-que Maniphest Tasks: T13217 Differential Revision: https://secure.phabricator.com/D19789 2018-11-07 02:48:26 -08:00			`return $this->formatWhereClause($conn, $where);`
Add PhabricatorAuthProviderConfigQuery Summary: Ref T1536. See D6196. Code not called yet. Test Plan: Static checks only. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T1536 Differential Revision: https://secure.phabricator.com/D6197 2013-06-17 10:49:18 -07:00			`}`

Lock policy queries to their applications Summary: While we mostly have reasonable effective object accessibility when you lock a user out of an application, it's primarily enforced at the controller level. Users can still, e.g., load the handles of objects they can't actually see. Instead, lock the queries to the applications so that you can, e.g., never load a revision if you don't have access to Differential. This has several parts: - For PolicyAware queries, provide an application class name method. - If the query specifies a class name and the user doesn't have permission to use it, fail the entire query unconditionally. - For handles, simplify query construction and count all the PHIDs as "restricted" so we get a UI full of "restricted" instead of "unknown" handles. Test Plan: - Added a unit test to verify I got all the class names right. - Browsed around, logged in/out as a normal user with public policies on and off. - Browsed around, logged in/out as a restricted user with public policies on and off. With restrictions, saw all traces of restricted apps removed or restricted. Reviewers: btrahan Reviewed By: btrahan CC: aran Differential Revision: https://secure.phabricator.com/D7367 2013-10-21 17:20:27 -07:00			`public function getQueryApplicationClass() {`
Rename `PhabricatorApplication` subclasses Summary: Ref T5655. Some discussion in D9839. Generally speaking, `Phabricator{$name}Application` is clearer than `PhabricatorApplication{$name}`. Test Plan: # Pinned and uninstalled some applications. # Applied patch and performed migrations. # Verified that the pinned applications were still pinned and that the uninstalled applications were still uninstalled. # Performed a sanity check on the database contents. Reviewers: btrahan, epriestley, #blessed_reviewers Reviewed By: epriestley, #blessed_reviewers Subscribers: hach-que, epriestley, Korvin Maniphest Tasks: T5655 Differential Revision: https://secure.phabricator.com/D9982 2014-07-23 10:03:09 +10:00			`return 'PhabricatorAuthApplication';`
Lock policy queries to their applications Summary: While we mostly have reasonable effective object accessibility when you lock a user out of an application, it's primarily enforced at the controller level. Users can still, e.g., load the handles of objects they can't actually see. Instead, lock the queries to the applications so that you can, e.g., never load a revision if you don't have access to Differential. This has several parts: - For PolicyAware queries, provide an application class name method. - If the query specifies a class name and the user doesn't have permission to use it, fail the entire query unconditionally. - For handles, simplify query construction and count all the PHIDs as "restricted" so we get a UI full of "restricted" instead of "unknown" handles. Test Plan: - Added a unit test to verify I got all the class names right. - Browsed around, logged in/out as a normal user with public policies on and off. - Browsed around, logged in/out as a restricted user with public policies on and off. With restrictions, saw all traces of restricted apps removed or restricted. Reviewers: btrahan Reviewed By: btrahan CC: aran Differential Revision: https://secure.phabricator.com/D7367 2013-10-21 17:20:27 -07:00			`}`

Add PhabricatorAuthProviderConfigQuery Summary: Ref T1536. See D6196. Code not called yet. Test Plan: Static checks only. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T1536 Differential Revision: https://secure.phabricator.com/D6197 2013-06-17 10:49:18 -07:00			`}`