2013-07-03 11:15:45 -07:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
final class LegalpadDocumentQuery
|
|
|
|
|
extends PhabricatorCursorPagedPolicyAwareQuery {
|
|
|
|
|
|
|
|
|
|
private $ids;
|
|
|
|
|
private $phids;
|
|
|
|
|
private $creatorPHIDs;
|
2013-07-08 13:37:36 -07:00
|
|
|
private $contributorPHIDs;
|
2014-01-15 16:48:44 -08:00
|
|
|
private $signerPHIDs;
|
2013-07-03 11:15:45 -07:00
|
|
|
private $dateCreatedAfter;
|
|
|
|
|
private $dateCreatedBefore;
|
2015-02-12 15:22:56 -08:00
|
|
|
private $signatureRequired;
|
2013-07-03 11:15:45 -07:00
|
|
|
|
|
|
|
|
private $needDocumentBodies;
|
|
|
|
|
private $needContributors;
|
2014-01-16 14:36:57 -08:00
|
|
|
private $needSignatures;
|
2014-06-28 16:37:04 -07:00
|
|
|
private $needViewerSignatures;
|
2013-07-03 11:15:45 -07:00
|
|
|
|
|
|
|
|
public function withIDs(array $ids) {
|
|
|
|
|
$this->ids = $ids;
|
|
|
|
|
return $this;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function withPHIDs(array $phids) {
|
|
|
|
|
$this->phids = $phids;
|
|
|
|
|
return $this;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function withCreatorPHIDs(array $phids) {
|
|
|
|
|
$this->creatorPHIDs = $phids;
|
|
|
|
|
return $this;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function withContributorPHIDs(array $phids) {
|
|
|
|
|
$this->contributorPHIDs = $phids;
|
|
|
|
|
return $this;
|
|
|
|
|
}
|
|
|
|
|
|
2014-01-15 16:48:44 -08:00
|
|
|
public function withSignerPHIDs(array $phids) {
|
|
|
|
|
$this->signerPHIDs = $phids;
|
|
|
|
|
return $this;
|
|
|
|
|
}
|
|
|
|
|
|
2015-02-12 15:22:56 -08:00
|
|
|
public function withSignatureRequired($bool) {
|
|
|
|
|
$this->signatureRequired = $bool;
|
|
|
|
|
return $this;
|
|
|
|
|
}
|
|
|
|
|
|
2013-07-03 11:15:45 -07:00
|
|
|
public function needDocumentBodies($need_bodies) {
|
|
|
|
|
$this->needDocumentBodies = $need_bodies;
|
|
|
|
|
return $this;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function needContributors($need_contributors) {
|
|
|
|
|
$this->needContributors = $need_contributors;
|
|
|
|
|
return $this;
|
|
|
|
|
}
|
|
|
|
|
|
2014-01-16 14:36:57 -08:00
|
|
|
public function needSignatures($need_signatures) {
|
|
|
|
|
$this->needSignatures = $need_signatures;
|
|
|
|
|
return $this;
|
|
|
|
|
}
|
|
|
|
|
|
2013-07-03 11:15:45 -07:00
|
|
|
public function withDateCreatedBefore($date_created_before) {
|
|
|
|
|
$this->dateCreatedBefore = $date_created_before;
|
|
|
|
|
return $this;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function withDateCreatedAfter($date_created_after) {
|
|
|
|
|
$this->dateCreatedAfter = $date_created_after;
|
|
|
|
|
return $this;
|
|
|
|
|
}
|
|
|
|
|
|
2014-06-28 16:37:04 -07:00
|
|
|
public function needViewerSignatures($need) {
|
|
|
|
|
$this->needViewerSignatures = $need;
|
|
|
|
|
return $this;
|
|
|
|
|
}
|
|
|
|
|
|
2013-07-03 11:15:45 -07:00
|
|
|
protected function loadPage() {
|
|
|
|
|
$table = new LegalpadDocument();
|
|
|
|
|
$conn_r = $table->establishConnection('r');
|
|
|
|
|
|
|
|
|
|
$data = queryfx_all(
|
|
|
|
|
$conn_r,
|
2014-06-28 16:37:15 -07:00
|
|
|
'SELECT d.* FROM %T d %Q %Q %Q %Q %Q',
|
2013-07-03 11:15:45 -07:00
|
|
|
$table->getTableName(),
|
2013-07-08 13:37:36 -07:00
|
|
|
$this->buildJoinClause($conn_r),
|
2013-07-03 11:15:45 -07:00
|
|
|
$this->buildWhereClause($conn_r),
|
2014-06-28 16:37:15 -07:00
|
|
|
$this->buildGroupClause($conn_r),
|
2013-07-03 11:15:45 -07:00
|
|
|
$this->buildOrderClause($conn_r),
|
|
|
|
|
$this->buildLimitClause($conn_r));
|
|
|
|
|
|
|
|
|
|
$documents = $table->loadAllFromArray($data);
|
|
|
|
|
|
|
|
|
|
return $documents;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
protected function willFilterPage(array $documents) {
|
|
|
|
|
if ($this->needDocumentBodies) {
|
|
|
|
|
$documents = $this->loadDocumentBodies($documents);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($this->needContributors) {
|
|
|
|
|
$documents = $this->loadContributors($documents);
|
|
|
|
|
}
|
|
|
|
|
|
2014-01-16 14:36:57 -08:00
|
|
|
if ($this->needSignatures) {
|
|
|
|
|
$documents = $this->loadSignatures($documents);
|
|
|
|
|
}
|
|
|
|
|
|
2014-06-28 16:37:04 -07:00
|
|
|
if ($this->needViewerSignatures) {
|
|
|
|
|
if ($documents) {
|
|
|
|
|
if ($this->getViewer()->getPHID()) {
|
|
|
|
|
$signatures = id(new LegalpadDocumentSignatureQuery())
|
|
|
|
|
->setViewer($this->getViewer())
|
|
|
|
|
->withSignerPHIDs(array($this->getViewer()->getPHID()))
|
|
|
|
|
->withDocumentPHIDs(mpull($documents, 'getPHID'))
|
|
|
|
|
->execute();
|
|
|
|
|
$signatures = mpull($signatures, null, 'getDocumentPHID');
|
|
|
|
|
} else {
|
|
|
|
|
$signatures = array();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
foreach ($documents as $document) {
|
|
|
|
|
$signature = idx($signatures, $document->getPHID());
|
|
|
|
|
$document->attachUserSignature(
|
|
|
|
|
$this->getViewer()->getPHID(),
|
|
|
|
|
$signature);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2013-07-03 11:15:45 -07:00
|
|
|
return $documents;
|
|
|
|
|
}
|
|
|
|
|
|
2015-04-18 07:42:23 -07:00
|
|
|
protected function buildJoinClause(AphrontDatabaseConnection $conn_r) {
|
2013-07-08 13:37:36 -07:00
|
|
|
$joins = array();
|
|
|
|
|
|
2014-06-28 16:37:15 -07:00
|
|
|
if ($this->contributorPHIDs !== null) {
|
|
|
|
|
$joins[] = qsprintf(
|
|
|
|
|
$conn_r,
|
|
|
|
|
'JOIN edge contributor ON contributor.src = d.phid
|
|
|
|
|
AND contributor.type = %d',
|
2015-01-03 10:33:25 +11:00
|
|
|
PhabricatorObjectHasContributorEdgeType::EDGECONST);
|
2014-06-28 16:37:15 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($this->signerPHIDs !== null) {
|
2013-07-08 13:37:36 -07:00
|
|
|
$joins[] = qsprintf(
|
|
|
|
|
$conn_r,
|
2014-06-28 16:37:15 -07:00
|
|
|
'JOIN %T signer ON signer.documentPHID = d.phid
|
|
|
|
|
AND signer.signerPHID IN (%Ls)',
|
|
|
|
|
id(new LegalpadDocumentSignature())->getTableName(),
|
|
|
|
|
$this->signerPHIDs);
|
2013-07-08 13:37:36 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return implode(' ', $joins);
|
|
|
|
|
}
|
|
|
|
|
|
2015-04-18 07:53:43 -07:00
|
|
|
protected function buildGroupClause(AphrontDatabaseConnection $conn_r) {
|
2014-06-28 16:37:15 -07:00
|
|
|
if ($this->contributorPHIDs || $this->signerPHIDs) {
|
|
|
|
|
return 'GROUP BY d.id';
|
|
|
|
|
} else {
|
|
|
|
|
return '';
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
Make buildWhereClause() a method of AphrontCursorPagedPolicyAwareQuery
Summary:
Ref T4100. Ref T5595.
To support a unified "Projects:" query across all applications, a future diff is going to add a set of "Edge Logic" capabilities to `PolicyAwareQuery` which write the required SELECT, JOIN, WHERE, HAVING and GROUP clauses for you.
With the addition of "Edge Logic", we'll have three systems which may need to build components of query claues: ordering/paging, customfields/applicationsearch, and edge logic.
For most clauses, queries don't currently call into the parent explicitly to get default components. I want to move more query construction logic up the class tree so it can be shared.
For most methods, this isn't a problem, but many subclasses define a `buildWhereClause()`. Make all such definitions protected and consistent.
This causes no behavioral changes.
Test Plan: Ran `arc unit --everything`, which does a pretty through job of verifying this statically.
Reviewers: btrahan
Reviewed By: btrahan
Subscribers: yelirekim, hach-que, epriestley
Maniphest Tasks: T4100, T5595
Differential Revision: https://secure.phabricator.com/D12453
2015-04-18 07:08:30 -07:00
|
|
|
protected function buildWhereClause(AphrontDatabaseConnection $conn_r) {
|
2013-07-03 11:15:45 -07:00
|
|
|
$where = array();
|
|
|
|
|
|
2014-06-28 16:37:15 -07:00
|
|
|
if ($this->ids !== null) {
|
2013-07-03 11:15:45 -07:00
|
|
|
$where[] = qsprintf(
|
|
|
|
|
$conn_r,
|
2013-07-08 13:37:36 -07:00
|
|
|
'd.id IN (%Ld)',
|
2013-07-03 11:15:45 -07:00
|
|
|
$this->ids);
|
|
|
|
|
}
|
|
|
|
|
|
2014-06-28 16:37:15 -07:00
|
|
|
if ($this->phids !== null) {
|
2013-07-03 11:15:45 -07:00
|
|
|
$where[] = qsprintf(
|
|
|
|
|
$conn_r,
|
2013-07-08 13:37:36 -07:00
|
|
|
'd.phid IN (%Ls)',
|
2013-07-03 11:15:45 -07:00
|
|
|
$this->phids);
|
|
|
|
|
}
|
|
|
|
|
|
2014-06-28 16:37:15 -07:00
|
|
|
if ($this->creatorPHIDs !== null) {
|
2013-07-03 11:15:45 -07:00
|
|
|
$where[] = qsprintf(
|
|
|
|
|
$conn_r,
|
2013-07-08 13:37:36 -07:00
|
|
|
'd.creatorPHID IN (%Ls)',
|
2013-07-03 11:15:45 -07:00
|
|
|
$this->creatorPHIDs);
|
|
|
|
|
}
|
|
|
|
|
|
2014-06-28 16:37:15 -07:00
|
|
|
if ($this->dateCreatedAfter !== null) {
|
2013-07-03 11:15:45 -07:00
|
|
|
$where[] = qsprintf(
|
|
|
|
|
$conn_r,
|
2013-07-08 13:37:36 -07:00
|
|
|
'd.dateCreated >= %d',
|
2013-07-03 11:15:45 -07:00
|
|
|
$this->dateCreatedAfter);
|
|
|
|
|
}
|
|
|
|
|
|
2014-06-28 16:37:15 -07:00
|
|
|
if ($this->dateCreatedBefore !== null) {
|
2013-07-03 11:15:45 -07:00
|
|
|
$where[] = qsprintf(
|
|
|
|
|
$conn_r,
|
2013-07-08 13:37:36 -07:00
|
|
|
'd.dateCreated <= %d',
|
2013-07-03 11:15:45 -07:00
|
|
|
$this->dateCreatedBefore);
|
|
|
|
|
}
|
|
|
|
|
|
2014-06-28 16:37:15 -07:00
|
|
|
if ($this->contributorPHIDs !== null) {
|
2013-07-08 13:37:36 -07:00
|
|
|
$where[] = qsprintf(
|
|
|
|
|
$conn_r,
|
2014-06-28 16:37:15 -07:00
|
|
|
'contributor.dst IN (%Ls)',
|
2013-07-08 13:37:36 -07:00
|
|
|
$this->contributorPHIDs);
|
|
|
|
|
}
|
|
|
|
|
|
2015-02-12 15:22:56 -08:00
|
|
|
if ($this->signatureRequired !== null) {
|
|
|
|
|
$where[] = qsprintf(
|
|
|
|
|
$conn_r,
|
|
|
|
|
'd.requireSignature = %d',
|
|
|
|
|
$this->signatureRequired);
|
|
|
|
|
}
|
|
|
|
|
|
2014-06-28 16:37:15 -07:00
|
|
|
$where[] = $this->buildPagingClause($conn_r);
|
|
|
|
|
|
2013-07-03 11:15:45 -07:00
|
|
|
return $this->formatWhereClause($where);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private function loadDocumentBodies(array $documents) {
|
|
|
|
|
$body_phids = mpull($documents, 'getDocumentBodyPHID');
|
|
|
|
|
$bodies = id(new LegalpadDocumentBody())->loadAllWhere(
|
|
|
|
|
'phid IN (%Ls)',
|
|
|
|
|
$body_phids);
|
|
|
|
|
$bodies = mpull($bodies, null, 'getPHID');
|
|
|
|
|
|
|
|
|
|
foreach ($documents as $document) {
|
|
|
|
|
$body = idx($bodies, $document->getDocumentBodyPHID());
|
|
|
|
|
$document->attachDocumentBody($body);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $documents;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private function loadContributors(array $documents) {
|
|
|
|
|
$document_map = mpull($documents, null, 'getPHID');
|
2015-01-03 10:33:25 +11:00
|
|
|
$edge_type = PhabricatorObjectHasContributorEdgeType::EDGECONST;
|
2013-07-03 11:15:45 -07:00
|
|
|
$contributor_data = id(new PhabricatorEdgeQuery())
|
|
|
|
|
->withSourcePHIDs(array_keys($document_map))
|
|
|
|
|
->withEdgeTypes(array($edge_type))
|
|
|
|
|
->execute();
|
|
|
|
|
|
|
|
|
|
foreach ($document_map as $document_phid => $document) {
|
|
|
|
|
$data = $contributor_data[$document_phid];
|
|
|
|
|
$contributors = array_keys(idx($data, $edge_type, array()));
|
|
|
|
|
$document->attachContributors($contributors);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $documents;
|
|
|
|
|
}
|
|
|
|
|
|
2014-01-16 14:36:57 -08:00
|
|
|
private function loadSignatures(array $documents) {
|
|
|
|
|
$document_map = mpull($documents, null, 'getPHID');
|
|
|
|
|
|
2014-01-17 11:40:26 -08:00
|
|
|
$signatures = id(new LegalpadDocumentSignatureQuery())
|
|
|
|
|
->setViewer($this->getViewer())
|
|
|
|
|
->withDocumentPHIDs(array_keys($document_map))
|
|
|
|
|
->execute();
|
2014-01-16 14:36:57 -08:00
|
|
|
$signatures = mgroup($signatures, 'getDocumentPHID');
|
|
|
|
|
|
|
|
|
|
foreach ($documents as $document) {
|
2014-01-17 14:05:18 -08:00
|
|
|
$sigs = idx($signatures, $document->getPHID(), array());
|
2014-01-16 14:36:57 -08:00
|
|
|
$document->attachSignatures($sigs);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $documents;
|
|
|
|
|
}
|
|
|
|
|
|
Lock policy queries to their applications
Summary:
While we mostly have reasonable effective object accessibility when you lock a user out of an application, it's primarily enforced at the controller level. Users can still, e.g., load the handles of objects they can't actually see. Instead, lock the queries to the applications so that you can, e.g., never load a revision if you don't have access to Differential.
This has several parts:
- For PolicyAware queries, provide an application class name method.
- If the query specifies a class name and the user doesn't have permission to use it, fail the entire query unconditionally.
- For handles, simplify query construction and count all the PHIDs as "restricted" so we get a UI full of "restricted" instead of "unknown" handles.
Test Plan:
- Added a unit test to verify I got all the class names right.
- Browsed around, logged in/out as a normal user with public policies on and off.
- Browsed around, logged in/out as a restricted user with public policies on and off. With restrictions, saw all traces of restricted apps removed or restricted.
Reviewers: btrahan
Reviewed By: btrahan
CC: aran
Differential Revision: https://secure.phabricator.com/D7367
2013-10-21 17:20:27 -07:00
|
|
|
public function getQueryApplicationClass() {
|
2014-07-23 10:03:09 +10:00
|
|
|
return 'PhabricatorLegalpadApplication';
|
Lock policy queries to their applications
Summary:
While we mostly have reasonable effective object accessibility when you lock a user out of an application, it's primarily enforced at the controller level. Users can still, e.g., load the handles of objects they can't actually see. Instead, lock the queries to the applications so that you can, e.g., never load a revision if you don't have access to Differential.
This has several parts:
- For PolicyAware queries, provide an application class name method.
- If the query specifies a class name and the user doesn't have permission to use it, fail the entire query unconditionally.
- For handles, simplify query construction and count all the PHIDs as "restricted" so we get a UI full of "restricted" instead of "unknown" handles.
Test Plan:
- Added a unit test to verify I got all the class names right.
- Browsed around, logged in/out as a normal user with public policies on and off.
- Browsed around, logged in/out as a restricted user with public policies on and off. With restrictions, saw all traces of restricted apps removed or restricted.
Reviewers: btrahan
Reviewed By: btrahan
CC: aran
Differential Revision: https://secure.phabricator.com/D7367
2013-10-21 17:20:27 -07:00
|
|
|
}
|
2013-07-03 11:15:45 -07:00
|
|
|
|
|
|
|
|
}
|
