1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2025-01-23 13:08:18 +01:00
phorge-phorge/src/applications/passphrase/view/PassphraseCredentialControl.php

161 lines
4 KiB
PHP
Raw Normal View History

<?php
final class PassphraseCredentialControl extends AphrontFormControl {
private $options = array();
private $credentialType;
private $defaultUsername;
private $allowNull;
public function setAllowNull($allow_null) {
$this->allowNull = $allow_null;
return $this;
}
public function setDefaultUsername($default_username) {
$this->defaultUsername = $default_username;
return $this;
}
public function setCredentialType($credential_type) {
$this->credentialType = $credential_type;
return $this;
}
public function getCredentialType() {
return $this->credentialType;
}
public function setOptions(array $options) {
assert_instances_of($options, 'PassphraseCredential');
$this->options = $options;
return $this;
}
protected function getCustomControlClass() {
return 'passphrase-credential-control';
}
protected function renderInput() {
$options_map = array();
foreach ($this->options as $option) {
$options_map[$option->getPHID()] = pht(
"%s %s",
'K'.$option->getID(),
$option->getName());
}
$disabled = $this->getDisabled();
if ($this->allowNull) {
$options_map = array('' => pht('(No Credentials)')) + $options_map;
} else {
if (!$options_map) {
$options_map[''] = pht('(No Existing Credentials)');
$disabled = true;
}
}
Javelin::initBehavior('passphrase-credential-control');
$options = AphrontFormSelectControl::renderSelectTag(
$this->getValue(),
$options_map,
array(
'id' => $this->getControlID(),
'name' => $this->getName(),
'disabled' => $disabled ? 'disabled' : null,
'sigil' => 'passphrase-credential-select',
));
if ($this->credentialType) {
$button = javelin_tag(
'a',
array(
'href' => '#',
'class' => 'button grey',
'sigil' => 'passphrase-credential-add',
'mustcapture' => true,
),
pht('Add Credential'));
} else {
$button = null;
}
return javelin_tag(
'div',
array(
'sigil' => 'passphrase-credential-control',
'meta' => array(
'type' => $this->getCredentialType(),
'username' => $this->defaultUsername,
'allowNull' => $this->allowNull,
),
),
array(
$options,
$button,
));
}
/**
* Verify that a given actor has permission to use all of the credentials
* in a list of credential transactions.
*
* In general, the rule here is:
*
* - If you're editing an object and it uses a credential you can't use,
* that's fine as long as you don't change the credential.
* - If you do change the credential, the new credential must be one you
* can use.
*
* @param PhabricatorUser The acting user.
* @param list<PhabricatorApplicationTransaction> List of credential altering
* transactions.
* @return bool True if the transactions are valid.
*/
public static function validateTransactions(
PhabricatorUser $actor,
array $xactions) {
$new_phids = array();
foreach ($xactions as $xaction) {
$new = $xaction->getNewValue();
if (!$new) {
// Removing a credential, so this is OK.
continue;
}
$old = $xaction->getOldValue();
if ($old == $new) {
// This is a no-op transaction, so this is also OK.
continue;
}
// Otherwise, we need to check this credential.
$new_phids[] = $new;
}
if (!$new_phids) {
// No new credentials being set, so this is fine.
return true;
}
$usable_credentials = id(new PassphraseCredentialQuery())
->setViewer($actor)
->withPHIDs($new_phids)
->execute();
$usable_credentials = mpull($usable_credentials, null, 'getPHID');
foreach ($new_phids as $phid) {
if (empty($usable_credentials[$phid])) {
return false;
}
}
return true;
}
}