revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2025-03-02 15:39:36 +01:00
Code Issues Releases Wiki Activity
phorge-phorge/src/applications/transactions/controller/PhabricatorApplicationTransactionCommentRemoveController.php

96 lines
2.8 KiB
PHP
Raw Normal View History

Allow users to remove their own comments, and administrators to remove any comment Summary: Fixes T4909. Adds a "remove" link next to the edit link, which permanently hides a comment. Addresses two use cases: - Allowing administrators to clean up spam. - Allowing users to try to put the genie back in the bottle if they post passwords or sensitive links, etc. The user who removed the comment is named in the removal text to enforce some level of administrative accountability. No data is deleted, but there's currently no method to restore these comments. We'll see if we need one. This is cheating a little bit by storing "removed" as "2" in the isDeleted field. This doesn't seem tooooo bad for now. Test Plan: - Removed some of my comments. - As an administrator, removed other users' comments. - Failed to view history of a removed comment. - Failed to edit a removed comment. - Failed to remove a removed comment. - Verified feed doesn't show the old comment after comment removal. Reviewers: btrahan Reviewed By: btrahan Subscribers: qgil, chad, epriestley Maniphest Tasks: T4909 Differential Revision: https://secure.phabricator.com/D8945
2014-05-05 10:55:32 -07:00
<?php
final class PhabricatorApplicationTransactionCommentRemoveController
extends PhabricatorApplicationTransactionController {
Update transactions for handleRequest Summary: Updates Transactions for handleRequest Test Plan: Leave Comment, View Raw, Delete, Quote, etc. Reviewers: epriestley Reviewed By: epriestley Subscribers: Korvin Maniphest Tasks: T8628 Differential Revision: https://secure.phabricator.com/D14629
2015-12-01 19:46:57 -08:00
public function handleRequest(AphrontRequest $request) {
$viewer = $this->getViewer();
$phid = $request->getURIData('phid');
Allow users to remove their own comments, and administrators to remove any comment Summary: Fixes T4909. Adds a "remove" link next to the edit link, which permanently hides a comment. Addresses two use cases: - Allowing administrators to clean up spam. - Allowing users to try to put the genie back in the bottle if they post passwords or sensitive links, etc. The user who removed the comment is named in the removal text to enforce some level of administrative accountability. No data is deleted, but there's currently no method to restore these comments. We'll see if we need one. This is cheating a little bit by storing "removed" as "2" in the isDeleted field. This doesn't seem tooooo bad for now. Test Plan: - Removed some of my comments. - As an administrator, removed other users' comments. - Failed to view history of a removed comment. - Failed to edit a removed comment. - Failed to remove a removed comment. - Verified feed doesn't show the old comment after comment removal. Reviewers: btrahan Reviewed By: btrahan Subscribers: qgil, chad, epriestley Maniphest Tasks: T4909 Differential Revision: https://secure.phabricator.com/D8945
2014-05-05 10:55:32 -07:00
$xaction = id(new PhabricatorObjectQuery())
Update transactions for handleRequest Summary: Updates Transactions for handleRequest Test Plan: Leave Comment, View Raw, Delete, Quote, etc. Reviewers: epriestley Reviewed By: epriestley Subscribers: Korvin Maniphest Tasks: T8628 Differential Revision: https://secure.phabricator.com/D14629
2015-12-01 19:46:57 -08:00
->withPHIDs(array($phid))
Allow users to remove their own comments, and administrators to remove any comment Summary: Fixes T4909. Adds a "remove" link next to the edit link, which permanently hides a comment. Addresses two use cases: - Allowing administrators to clean up spam. - Allowing users to try to put the genie back in the bottle if they post passwords or sensitive links, etc. The user who removed the comment is named in the removal text to enforce some level of administrative accountability. No data is deleted, but there's currently no method to restore these comments. We'll see if we need one. This is cheating a little bit by storing "removed" as "2" in the isDeleted field. This doesn't seem tooooo bad for now. Test Plan: - Removed some of my comments. - As an administrator, removed other users' comments. - Failed to view history of a removed comment. - Failed to edit a removed comment. - Failed to remove a removed comment. - Verified feed doesn't show the old comment after comment removal. Reviewers: btrahan Reviewed By: btrahan Subscribers: qgil, chad, epriestley Maniphest Tasks: T4909 Differential Revision: https://secure.phabricator.com/D8945
2014-05-05 10:55:32 -07:00
->setViewer($viewer)
->executeOne();
if (!$xaction) {
return new Aphront404Response();
}
if (!$xaction->getComment()) {
return new Aphront404Response();
}
if ($xaction->getComment()->getIsRemoved()) {
// You can't remove an already-removed comment.
return new Aphront400Response();
}
$obj_phid = $xaction->getObjectPHID();
$obj_handle = id(new PhabricatorHandleQuery())
->setViewer($viewer)
->withPHIDs(array($obj_phid))
->executeOne();
When a comment was signed with MFA, require MFA to edit it Summary: Ref PHI1173. Currently, you can edit an MFA'd comment without redoing MFA. This is inconsistent with the intent of the MFA badge, since it means an un-MFA'd comment may have an "MFA" badge on it. Instead, implement these rules: - If a comment was signed with MFA, you MUST MFA to edit it. - When removing a comment, add an extra MFA prompt if the user has MFA. This one isn't strictly required, this action is just very hard to undo and seems reasonable to MFA. Test Plan: - Made normal comments and MFA comments. - Edited normal comments and MFA comments (got prompted). - Removed normal comments and MFA comments (prompted in both cases). - Tried to edit an MFA comment without MFA on my account, got a hard "MFA absolutely required" failure. Reviewers: amckinley Reviewed By: amckinley Differential Revision: https://secure.phabricator.com/D20340
2019-03-28 15:32:23 -07:00
$done_uri = $obj_handle->getURI();
Prevent editing and deleting comments in locked conversations Summary: Ref T13289. This tightens up a couple of corner cases around locked threads. Locking is primarily motivated by two use cases: stopping nonproductive conversations on open source installs (similar to GitHub's feature); and freezing object state for audit/record-keeping purposes. Currently, you can edit or remove comments on a locked thread, but neither use case is well-served by allowing this. Require "CAN_INTERACT" to edit or remove a comment. Administrators can still remove comments from a locked thread to serve "lock a flamewar, then clean it up", since "Remove Comment" on a comment you don't own is fairly unambiguously an administrative action. Test Plan: - On a locked task, tried to edit and remove my comments as a non-administrator. Saw appropriate disabled UI state and error dialogs (actions were disallowed). - On a locked task, tried to remove another user's comments as an administrator. This works. - On a normal task, edited comments normally. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13289 Differential Revision: https://secure.phabricator.com/D20551
2019-05-23 10:55:55 -07:00
// We allow administrative removal of comments even if an object is locked,
// so you can lock a flamewar and then go clean it up. Locked threads may
// not otherwise be edited, and non-administrators can not remove comments
// from locked threads.
$object = $xaction->getObject();
Update one straggling "CAN_INTERACT" check in comment removal Summary: See rPaacc62463d61. D20551 added some `CAN_INTERACT` checks, but `CAN_INTERACT` needs to be checked with `canInteract()` to fall back to `CAN_VIEW` properly. D20558 cleaned up most of this but missed one callsite; fix that up too. Test Plan: Removed a comment on a commit. Reviewers: amckinley, 20after4 Reviewed By: amckinley Differential Revision: https://secure.phabricator.com/D20648
2019-07-11 15:47:53 -07:00
$can_interact = PhabricatorPolicyFilter::canInteract(
Prevent editing and deleting comments in locked conversations Summary: Ref T13289. This tightens up a couple of corner cases around locked threads. Locking is primarily motivated by two use cases: stopping nonproductive conversations on open source installs (similar to GitHub's feature); and freezing object state for audit/record-keeping purposes. Currently, you can edit or remove comments on a locked thread, but neither use case is well-served by allowing this. Require "CAN_INTERACT" to edit or remove a comment. Administrators can still remove comments from a locked thread to serve "lock a flamewar, then clean it up", since "Remove Comment" on a comment you don't own is fairly unambiguously an administrative action. Test Plan: - On a locked task, tried to edit and remove my comments as a non-administrator. Saw appropriate disabled UI state and error dialogs (actions were disallowed). - On a locked task, tried to remove another user's comments as an administrator. This works. - On a normal task, edited comments normally. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13289 Differential Revision: https://secure.phabricator.com/D20551
2019-05-23 10:55:55 -07:00
$viewer,
Update one straggling "CAN_INTERACT" check in comment removal Summary: See rPaacc62463d61. D20551 added some `CAN_INTERACT` checks, but `CAN_INTERACT` needs to be checked with `canInteract()` to fall back to `CAN_VIEW` properly. D20558 cleaned up most of this but missed one callsite; fix that up too. Test Plan: Removed a comment on a commit. Reviewers: amckinley, 20after4 Reviewed By: amckinley Differential Revision: https://secure.phabricator.com/D20648
2019-07-11 15:47:53 -07:00
$object);
Prevent editing and deleting comments in locked conversations Summary: Ref T13289. This tightens up a couple of corner cases around locked threads. Locking is primarily motivated by two use cases: stopping nonproductive conversations on open source installs (similar to GitHub's feature); and freezing object state for audit/record-keeping purposes. Currently, you can edit or remove comments on a locked thread, but neither use case is well-served by allowing this. Require "CAN_INTERACT" to edit or remove a comment. Administrators can still remove comments from a locked thread to serve "lock a flamewar, then clean it up", since "Remove Comment" on a comment you don't own is fairly unambiguously an administrative action. Test Plan: - On a locked task, tried to edit and remove my comments as a non-administrator. Saw appropriate disabled UI state and error dialogs (actions were disallowed). - On a locked task, tried to remove another user's comments as an administrator. This works. - On a normal task, edited comments normally. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13289 Differential Revision: https://secure.phabricator.com/D20551
2019-05-23 10:55:55 -07:00
if (!$can_interact && !$viewer->getIsAdmin()) {
return $this->newDialog()
->setTitle(pht('Conversation Locked'))
->appendParagraph(
pht(
'You can not remove this comment because the conversation is '.
'locked.'))
->addCancelButton($done_uri);
}
When a comment was signed with MFA, require MFA to edit it Summary: Ref PHI1173. Currently, you can edit an MFA'd comment without redoing MFA. This is inconsistent with the intent of the MFA badge, since it means an un-MFA'd comment may have an "MFA" badge on it. Instead, implement these rules: - If a comment was signed with MFA, you MUST MFA to edit it. - When removing a comment, add an extra MFA prompt if the user has MFA. This one isn't strictly required, this action is just very hard to undo and seems reasonable to MFA. Test Plan: - Made normal comments and MFA comments. - Edited normal comments and MFA comments (got prompted). - Removed normal comments and MFA comments (prompted in both cases). - Tried to edit an MFA comment without MFA on my account, got a hard "MFA absolutely required" failure. Reviewers: amckinley Reviewed By: amckinley Differential Revision: https://secure.phabricator.com/D20340
2019-03-28 15:32:23 -07:00
if ($request->isFormOrHisecPost()) {
Allow users to remove their own comments, and administrators to remove any comment Summary: Fixes T4909. Adds a "remove" link next to the edit link, which permanently hides a comment. Addresses two use cases: - Allowing administrators to clean up spam. - Allowing users to try to put the genie back in the bottle if they post passwords or sensitive links, etc. The user who removed the comment is named in the removal text to enforce some level of administrative accountability. No data is deleted, but there's currently no method to restore these comments. We'll see if we need one. This is cheating a little bit by storing "removed" as "2" in the isDeleted field. This doesn't seem tooooo bad for now. Test Plan: - Removed some of my comments. - As an administrator, removed other users' comments. - Failed to view history of a removed comment. - Failed to edit a removed comment. - Failed to remove a removed comment. - Verified feed doesn't show the old comment after comment removal. Reviewers: btrahan Reviewed By: btrahan Subscribers: qgil, chad, epriestley Maniphest Tasks: T4909 Differential Revision: https://secure.phabricator.com/D8945
2014-05-05 10:55:32 -07:00
$comment = $xaction->getApplicationTransactionCommentObject()
->setContent('')
->setIsRemoved(true);
$editor = id(new PhabricatorApplicationTransactionCommentEditor())
->setActor($viewer)
When a comment was signed with MFA, require MFA to edit it Summary: Ref PHI1173. Currently, you can edit an MFA'd comment without redoing MFA. This is inconsistent with the intent of the MFA badge, since it means an un-MFA'd comment may have an "MFA" badge on it. Instead, implement these rules: - If a comment was signed with MFA, you MUST MFA to edit it. - When removing a comment, add an extra MFA prompt if the user has MFA. This one isn't strictly required, this action is just very hard to undo and seems reasonable to MFA. Test Plan: - Made normal comments and MFA comments. - Edited normal comments and MFA comments (got prompted). - Removed normal comments and MFA comments (prompted in both cases). - Tried to edit an MFA comment without MFA on my account, got a hard "MFA absolutely required" failure. Reviewers: amckinley Reviewed By: amckinley Differential Revision: https://secure.phabricator.com/D20340
2019-03-28 15:32:23 -07:00
->setRequest($request)
->setCancelURI($done_uri)
Allow users to remove their own comments, and administrators to remove any comment Summary: Fixes T4909. Adds a "remove" link next to the edit link, which permanently hides a comment. Addresses two use cases: - Allowing administrators to clean up spam. - Allowing users to try to put the genie back in the bottle if they post passwords or sensitive links, etc. The user who removed the comment is named in the removal text to enforce some level of administrative accountability. No data is deleted, but there's currently no method to restore these comments. We'll see if we need one. This is cheating a little bit by storing "removed" as "2" in the isDeleted field. This doesn't seem tooooo bad for now. Test Plan: - Removed some of my comments. - As an administrator, removed other users' comments. - Failed to view history of a removed comment. - Failed to edit a removed comment. - Failed to remove a removed comment. - Verified feed doesn't show the old comment after comment removal. Reviewers: btrahan Reviewed By: btrahan Subscribers: qgil, chad, epriestley Maniphest Tasks: T4909 Differential Revision: https://secure.phabricator.com/D8945
2014-05-05 10:55:32 -07:00
->setContentSource(PhabricatorContentSource::newFromRequest($request))
->applyEdit($xaction, $comment);
if ($request->isAjax()) {
Move all comment management junk into a dropdown menu Summary: man I sure hate Javascript I removed the ajax-edit and ajax-remove interactions, becuase they were prohibitively complex to get working given that the entire menu has to change too. Instead, the page just reloads. This works perfectly fine in practice. If we want to restore these in the future, we should have the server re-render the entire transaction group or something. I think very little is lost here, though. Test Plan: - Took all the actions. - Used existing dropdown menus. {F150196} Reviewers: chad, btrahan Reviewed By: btrahan Subscribers: epriestley Differential Revision: https://secure.phabricator.com/D8966
2014-05-05 10:57:23 -07:00
return id(new AphrontAjaxResponse())->setContent(array());
Allow users to remove their own comments, and administrators to remove any comment Summary: Fixes T4909. Adds a "remove" link next to the edit link, which permanently hides a comment. Addresses two use cases: - Allowing administrators to clean up spam. - Allowing users to try to put the genie back in the bottle if they post passwords or sensitive links, etc. The user who removed the comment is named in the removal text to enforce some level of administrative accountability. No data is deleted, but there's currently no method to restore these comments. We'll see if we need one. This is cheating a little bit by storing "removed" as "2" in the isDeleted field. This doesn't seem tooooo bad for now. Test Plan: - Removed some of my comments. - As an administrator, removed other users' comments. - Failed to view history of a removed comment. - Failed to edit a removed comment. - Failed to remove a removed comment. - Verified feed doesn't show the old comment after comment removal. Reviewers: btrahan Reviewed By: btrahan Subscribers: qgil, chad, epriestley Maniphest Tasks: T4909 Differential Revision: https://secure.phabricator.com/D8945
2014-05-05 10:55:32 -07:00
} else {
When a comment was signed with MFA, require MFA to edit it Summary: Ref PHI1173. Currently, you can edit an MFA'd comment without redoing MFA. This is inconsistent with the intent of the MFA badge, since it means an un-MFA'd comment may have an "MFA" badge on it. Instead, implement these rules: - If a comment was signed with MFA, you MUST MFA to edit it. - When removing a comment, add an extra MFA prompt if the user has MFA. This one isn't strictly required, this action is just very hard to undo and seems reasonable to MFA. Test Plan: - Made normal comments and MFA comments. - Edited normal comments and MFA comments (got prompted). - Removed normal comments and MFA comments (prompted in both cases). - Tried to edit an MFA comment without MFA on my account, got a hard "MFA absolutely required" failure. Reviewers: amckinley Reviewed By: amckinley Differential Revision: https://secure.phabricator.com/D20340
2019-03-28 15:32:23 -07:00
return id(new AphrontReloadResponse())->setURI($done_uri);
Allow users to remove their own comments, and administrators to remove any comment Summary: Fixes T4909. Adds a "remove" link next to the edit link, which permanently hides a comment. Addresses two use cases: - Allowing administrators to clean up spam. - Allowing users to try to put the genie back in the bottle if they post passwords or sensitive links, etc. The user who removed the comment is named in the removal text to enforce some level of administrative accountability. No data is deleted, but there's currently no method to restore these comments. We'll see if we need one. This is cheating a little bit by storing "removed" as "2" in the isDeleted field. This doesn't seem tooooo bad for now. Test Plan: - Removed some of my comments. - As an administrator, removed other users' comments. - Failed to view history of a removed comment. - Failed to edit a removed comment. - Failed to remove a removed comment. - Verified feed doesn't show the old comment after comment removal. Reviewers: btrahan Reviewed By: btrahan Subscribers: qgil, chad, epriestley Maniphest Tasks: T4909 Differential Revision: https://secure.phabricator.com/D8945
2014-05-05 10:55:32 -07:00
}
}
$form = id(new AphrontFormView())
->setUser($viewer);
$dialog = $this->newDialog()
->setTitle(pht('Remove Comment'));
$dialog
->appendParagraph(
pht(
"Removing a comment prevents anyone (including you) from reading ".
"it. Removing a comment also hides the comment's edit history ".
"and prevents it from being edited."))
->appendParagraph(
pht('Really remove this comment?'));
$dialog
->addSubmitButton(pht('Remove Comment'))
When a comment was signed with MFA, require MFA to edit it Summary: Ref PHI1173. Currently, you can edit an MFA'd comment without redoing MFA. This is inconsistent with the intent of the MFA badge, since it means an un-MFA'd comment may have an "MFA" badge on it. Instead, implement these rules: - If a comment was signed with MFA, you MUST MFA to edit it. - When removing a comment, add an extra MFA prompt if the user has MFA. This one isn't strictly required, this action is just very hard to undo and seems reasonable to MFA. Test Plan: - Made normal comments and MFA comments. - Edited normal comments and MFA comments (got prompted). - Removed normal comments and MFA comments (prompted in both cases). - Tried to edit an MFA comment without MFA on my account, got a hard "MFA absolutely required" failure. Reviewers: amckinley Reviewed By: amckinley Differential Revision: https://secure.phabricator.com/D20340
2019-03-28 15:32:23 -07:00
->addCancelButton($done_uri);
Allow users to remove their own comments, and administrators to remove any comment Summary: Fixes T4909. Adds a "remove" link next to the edit link, which permanently hides a comment. Addresses two use cases: - Allowing administrators to clean up spam. - Allowing users to try to put the genie back in the bottle if they post passwords or sensitive links, etc. The user who removed the comment is named in the removal text to enforce some level of administrative accountability. No data is deleted, but there's currently no method to restore these comments. We'll see if we need one. This is cheating a little bit by storing "removed" as "2" in the isDeleted field. This doesn't seem tooooo bad for now. Test Plan: - Removed some of my comments. - As an administrator, removed other users' comments. - Failed to view history of a removed comment. - Failed to edit a removed comment. - Failed to remove a removed comment. - Verified feed doesn't show the old comment after comment removal. Reviewers: btrahan Reviewed By: btrahan Subscribers: qgil, chad, epriestley Maniphest Tasks: T4909 Differential Revision: https://secure.phabricator.com/D8945
2014-05-05 10:55:32 -07:00
return $dialog;
}
}
Copy permalink