revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-15 19:32:40 +01:00
Code Issues Releases Wiki Activity
phorge-phorge/src/applications/files/controller/PhabricatorFileDeleteController.php

50 lines
1.3 KiB
PHP
Raw Normal View History

Allow files to be deleted Summary: A couple of people mentioned that they've had users accidentally upload sensitive files. Allow files to be deleted. (At some point it might be nice to keep the file handle around and log who deleted it, but this addresses the immediate problem without needing too much work.) Test Plan: Deleted some files. Reviewers: btrahan, jungejason Reviewed By: btrahan CC: aran Maniphest Tasks: T780 Differential Revision: https://secure.phabricator.com/D1423
2012-01-16 22:26:44 +01:00
<?php
Add "final" to all Phabricator "Controller" classes Summary: These are all unambiguously unextensible. Issues I hit: - Maniphest Change/Diff controllers, just consolidated them. - Some search controllers incorrectly extend from "Search" but should extend from "SearchBase". This has no runtime effects. - D1836 introduced a closure, which we don't handle correctly (somewhat on purpose; we target PHP 5.2). See T962. Test Plan: Ran "testEverythingImplemented" unit test to identify classes extending from `final` classes. Resolved issues. Reviewers: btrahan Reviewed By: btrahan CC: aran, epriestley Maniphest Tasks: T795 Differential Revision: https://secure.phabricator.com/D1843
2012-03-10 00:46:25 +01:00
final class PhabricatorFileDeleteController extends PhabricatorFileController {
Allow files to be deleted Summary: A couple of people mentioned that they've had users accidentally upload sensitive files. Allow files to be deleted. (At some point it might be nice to keep the file handle around and log who deleted it, but this addresses the immediate problem without needing too much work.) Test Plan: Deleted some files. Reviewers: btrahan, jungejason Reviewed By: btrahan CC: aran Maniphest Tasks: T780 Differential Revision: https://secure.phabricator.com/D1423
2012-01-16 22:26:44 +01:00
private $id;
public function willProcessRequest(array $data) {
$this->id = $data['id'];
}
public function processRequest() {
$request = $this->getRequest();
$user = $request->getUser();
Make most file reads policy-aware Summary: Ref T603. Swaps out most `PhabricatorFile` loads for `PhabricatorFileQuery`. Test Plan: - Viewed Differential changesets. - Used `file.info`. - Used `file.download`. - Viewed a file. - Deleted a file. - Used `/Fnnnn` to access a file. - Uploaded an image, verified a thumbnail generated. - Created and edited a macro. - Added a meme. - Did old-school attach-a-file-to-a-task. - Viewed a paste. - Viewed a mock. - Embedded a mock. - Profiled a page. - Parsed a commit with image files linked to a revision with image files. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T603 Differential Revision: https://secure.phabricator.com/D7178
2013-09-30 18:38:13 +02:00
$file = id(new PhabricatorFileQuery())
->setViewer($user)
->withIDs(array($this->id))
->requireCapabilities(
array(
PhabricatorPolicyCapability::CAN_VIEW,
PhabricatorPolicyCapability::CAN_EDIT,
))
->executeOne();
Allow files to be deleted Summary: A couple of people mentioned that they've had users accidentally upload sensitive files. Allow files to be deleted. (At some point it might be nice to keep the file handle around and log who deleted it, but this addresses the immediate problem without needing too much work.) Test Plan: Deleted some files. Reviewers: btrahan, jungejason Reviewed By: btrahan CC: aran Maniphest Tasks: T780 Differential Revision: https://secure.phabricator.com/D1423
2012-01-16 22:26:44 +01:00
if (!$file) {
return new Aphront404Response();
}
if (($user->getPHID() != $file->getAuthorPHID()) &&
(!$user->getIsAdmin())) {
return new Aphront403Response();
}
if ($request->isFormPost()) {
$file->delete();
return id(new AphrontRedirectResponse())->setURI('/file/');
}
$dialog = new AphrontDialogView();
$dialog->setUser($user);
$dialog->setTitle('Really delete file?');
Convert some phutil_escape_html() to hsprintf() Summary: Found by `sgrep_php -e '"...".phutil_escape_html(...)'`. Test Plan: / /D1 /uiexample/ /countdown/1/ /herald/transcript/1/all/ Reviewers: epriestley Reviewed By: epriestley CC: aran, Korvin Maniphest Tasks: T2432 Differential Revision: https://secure.phabricator.com/D4869
2013-02-08 21:07:44 +01:00
$dialog->appendChild(hsprintf(
"<p>Permanently delete '%s'? This action can not be undone.</p>",
$file->getName()));
Allow files to be deleted Summary: A couple of people mentioned that they've had users accidentally upload sensitive files. Allow files to be deleted. (At some point it might be nice to keep the file handle around and log who deleted it, but this addresses the immediate problem without needing too much work.) Test Plan: Deleted some files. Reviewers: btrahan, jungejason Reviewed By: btrahan CC: aran Maniphest Tasks: T780 Differential Revision: https://secure.phabricator.com/D1423
2012-01-16 22:26:44 +01:00
$dialog->addSubmitButton('Delete');
$dialog->addCancelButton($file->getInfoURI());
return id(new AphrontDialogResponse())->setDialog($dialog);
}
}
Copy permalink