phorge-phorge/src/applications/herald/controller/HeraldDeleteController.php

<?php

final class HeraldDeleteController extends HeraldController {

  private $id;

  public function getFilter() {
    // note this controller is only used from a dialog-context at the moment
    // and there is actually no "delete" filter
    return 'delete';
  }

  public function willProcessRequest(array $data) {
    $this->id = $data['id'];
  }

  public function processRequest() {

    $rule = id(new HeraldRule())->load($this->id);
    if (!$rule) {
      return new Aphront404Response();
    }

    $request = $this->getRequest();
    $user = $request->getUser();

    // Anyone can delete a global rule, but only the rule owner can delete a
    // personal one.
    if ($rule->getRuleType() == HeraldRuleTypeConfig::RULE_TYPE_PERSONAL) {
      if ($user->getPHID() != $rule->getAuthorPHID()) {
        return new Aphront400Response();
      }
    }

    if ($request->isFormPost()) {
      $rule->openTransaction();
        $rule->logEdit($user->getPHID(), 'delete');
        $rule->delete();
      $rule->saveTransaction();
      return id(new AphrontReloadResponse())->setURI('/herald/');
    }

    $dialog = new AphrontDialogView();
    $dialog->setUser($request->getUser());
    $dialog->setTitle('Really delete this rule?');
    $dialog->appendChild(hsprintf(
      "Are you sure you want to delete the rule '<strong>%s</strong>'?",
      $rule->getName()));
    $dialog->addSubmitButton('Delete');
    $dialog->addCancelButton('/herald/');
    $dialog->setSubmitURI($request->getPath());

    return id(new AphrontDialogResponse())->setDialog($dialog);

  }

}
Herald CSS, plus edit/save/delete. 2011-03-24 19:07:36 +01:00			`<?php`

Add "final" to all Phabricator "Controller" classes Summary: These are all unambiguously unextensible. Issues I hit: - Maniphest Change/Diff controllers, just consolidated them. - Some search controllers incorrectly extend from "Search" but should extend from "SearchBase". This has no runtime effects. - D1836 introduced a closure, which we don't handle correctly (somewhat on purpose; we target PHP 5.2). See T962. Test Plan: Ran "testEverythingImplemented" unit test to identify classes extending from `final` classes. Resolved issues. Reviewers: btrahan Reviewed By: btrahan CC: aran, epriestley Maniphest Tasks: T795 Differential Revision: https://secure.phabricator.com/D1843 2012-03-10 00:46:25 +01:00			`final class HeraldDeleteController extends HeraldController {`
Herald CSS, plus edit/save/delete. 2011-03-24 19:07:36 +01:00
			`private $id;`

Herald - Kill Tabs Summary: makes a nice side filter for most UI elements. only place this getds a little funky is on the test console; a second, inner filter list appears for the "affected" filters. Test Plan: viewed each side filter and verified ui. for each filter, interacted with the ui and made sure things looked right and there were no errors Reviewers: epriestley Reviewed By: epriestley CC: aran, epriestley Maniphest Tasks: T631 Differential Revision: https://secure.phabricator.com/D1289 2011-12-16 22:29:32 +01:00			`public function getFilter() {`
			`// note this controller is only used from a dialog-context at the moment`
			`// and there is actually no "delete" filter`
			`return 'delete';`
			`}`

Herald CSS, plus edit/save/delete. 2011-03-24 19:07:36 +01:00			`public function willProcessRequest(array $data) {`
			`$this->id = $data['id'];`
			`}`

			`public function processRequest() {`

			`$rule = id(new HeraldRule())->load($this->id);`
			`if (!$rule) {`
			`return new Aphront404Response();`
			`}`

			`$request = $this->getRequest();`
			`$user = $request->getUser();`

General Herald refactoring pass Summary: Who can delete global rules?: I discussed this with @jungejason. The current behavior is that the rule author or any administrator can delete a global rule, but this isn't consistent with who can edit a rule (anyone) and doesn't really make much sense (it's an artifact of the global/personal split). I proposed that anyone can delete a rule but we don't actually delete them, and log the deletion. However, when it came time to actually write the code for this I backed off a bit and continued actually deleting the rules -- I think this does a reasonable job of balancing accountability with complexity. So the new impelmentation is: - Personal rules can be deleted only by their owners. - Global rules can be deleted by any user. - All deletes are logged. - Logs are more detailed. - All logged actions can be viewed in aggregate. Minor Cleanup - Merged `HomeController` and `AllController`. - Moved most queries to Query classes. - Use AphrontFormSelectControl::renderSelectTag() where appropriate (this is a fairly recent addition). - Use an AphrontErrorView to render the dry run notice (this didn't exist when I ported). - Reenable some transaction code (this works again now). - Removed the ability for admins to change rule authors (this was a little buggy, messy, and doesn't make tons of sense after the personal/global rule split). - Rules which depend on other rules now display the right options (all global rules, all your personal rules for personal rules). - Fix a bug in AphrontTableView where the "no data" cell would be rendered too wide if some columns are not visible. - Allow selectFilter() in AphrontNavFilterView to be called without a 'default' argument. Test Plan: - Browsed, created, edited, deleted personal and gules. - Verified generated logs. - Did some dry runs. - Verified transcript list and transcript details. - Created/edited all/any rules; created/edited once/every time rules. - Filtered admin views by users. Reviewers: jungejason, btrahan Reviewed By: btrahan CC: aran, epriestley Differential Revision: https://secure.phabricator.com/D2040 2012-03-30 19:49:55 +02:00			`// Anyone can delete a global rule, but only the rule owner can delete a`
			`// personal one.`
			`if ($rule->getRuleType() == HeraldRuleTypeConfig::RULE_TYPE_PERSONAL) {`
			`if ($user->getPHID() != $rule->getAuthorPHID()) {`
			`return new Aphront400Response();`
			`}`
Herald CSS, plus edit/save/delete. 2011-03-24 19:07:36 +01:00			`}`

			`if ($request->isFormPost()) {`
Minor, jumped the gun on review feedback in D2040. Auditors: btrahan 2012-03-30 19:50:38 +02:00			`$rule->openTransaction();`
			`$rule->logEdit($user->getPHID(), 'delete');`
			`$rule->delete();`
			`$rule->saveTransaction();`
General Herald refactoring pass Summary: Who can delete global rules?: I discussed this with @jungejason. The current behavior is that the rule author or any administrator can delete a global rule, but this isn't consistent with who can edit a rule (anyone) and doesn't really make much sense (it's an artifact of the global/personal split). I proposed that anyone can delete a rule but we don't actually delete them, and log the deletion. However, when it came time to actually write the code for this I backed off a bit and continued actually deleting the rules -- I think this does a reasonable job of balancing accountability with complexity. So the new impelmentation is: - Personal rules can be deleted only by their owners. - Global rules can be deleted by any user. - All deletes are logged. - Logs are more detailed. - All logged actions can be viewed in aggregate. Minor Cleanup - Merged `HomeController` and `AllController`. - Moved most queries to Query classes. - Use AphrontFormSelectControl::renderSelectTag() where appropriate (this is a fairly recent addition). - Use an AphrontErrorView to render the dry run notice (this didn't exist when I ported). - Reenable some transaction code (this works again now). - Removed the ability for admins to change rule authors (this was a little buggy, messy, and doesn't make tons of sense after the personal/global rule split). - Rules which depend on other rules now display the right options (all global rules, all your personal rules for personal rules). - Fix a bug in AphrontTableView where the "no data" cell would be rendered too wide if some columns are not visible. - Allow selectFilter() in AphrontNavFilterView to be called without a 'default' argument. Test Plan: - Browsed, created, edited, deleted personal and gules. - Verified generated logs. - Did some dry runs. - Verified transcript list and transcript details. - Created/edited all/any rules; created/edited once/every time rules. - Filtered admin views by users. Reviewers: jungejason, btrahan Reviewed By: btrahan CC: aran, epriestley Differential Revision: https://secure.phabricator.com/D2040 2012-03-30 19:49:55 +02:00			`return id(new AphrontReloadResponse())->setURI('/herald/');`
Herald CSS, plus edit/save/delete. 2011-03-24 19:07:36 +01:00			`}`

			`$dialog = new AphrontDialogView();`
			`$dialog->setUser($request->getUser());`
			`$dialog->setTitle('Really delete this rule?');`
Convert some phutil_escape_html() to hsprintf() Summary: Found by `sgrep_php -e '"...".phutil_escape_html(...)'`. Test Plan: / /D1 /uiexample/ /countdown/1/ /herald/transcript/1/all/ Reviewers: epriestley Reviewed By: epriestley CC: aran, Korvin Maniphest Tasks: T2432 Differential Revision: https://secure.phabricator.com/D4869 2013-02-08 21:07:44 +01:00			`$dialog->appendChild(hsprintf(`
			`"Are you sure you want to delete the rule '<strong>%s</strong>'?",`
			`$rule->getName()));`
Herald CSS, plus edit/save/delete. 2011-03-24 19:07:36 +01:00			`$dialog->addSubmitButton('Delete');`
			`$dialog->addCancelButton('/herald/');`
			`$dialog->setSubmitURI($request->getPath());`

			`return id(new AphrontDialogResponse())->setDialog($dialog);`

			`}`

			`}`