revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-28 17:52:43 +01:00
Code Issues Releases Wiki Activity
phorge-phorge/src/applications/phriction/query/PhrictionDocumentQuery.php

194 lines
4.6 KiB
PHP
Raw Normal View History

Implement PhrictionDocumentQuery Summary: Companion for D5284. Move all the query logic to a policy-aware query class. In particular: - Currently, anyone can view and edit a project's wiki documents. For callsites using this query class, you must be able to view or edit the project to view or edit its documents. - There's some very sketchy logic with the content/document joins. This cleans that up. - This cleans up loading projects by moving it inside the query. We need to do this anyway to perform policy checks. Test Plan: Viewed active/all/updated. Set page size to 2, verified pager works. Reviewers: AnhNhan, chad Reviewed By: AnhNhan CC: aran Differential Revision: https://secure.phabricator.com/D5285
2013-03-08 16:12:24 +01:00
<?php
/**
* @group phriction
*/
final class PhrictionDocumentQuery
extends PhabricatorCursorPagedPolicyAwareQuery {
private $ids;
private $phids;
Use application PHIDs in Phriction Summary: Ref T2715. Moves Phriction to application PHIDs. Test Plan: Used `phid.query`; browsed Phriction. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T2715 Differential Revision: https://secure.phabricator.com/D6553
2013-07-24 20:32:13 +02:00
private $slugs;
Implement PhrictionDocumentQuery Summary: Companion for D5284. Move all the query logic to a policy-aware query class. In particular: - Currently, anyone can view and edit a project's wiki documents. For callsites using this query class, you must be able to view or edit the project to view or edit its documents. - There's some very sketchy logic with the content/document joins. This cleans that up. - This cleans up loading projects by moving it inside the query. We need to do this anyway to perform policy checks. Test Plan: Viewed active/all/updated. Set page size to 2, verified pager works. Reviewers: AnhNhan, chad Reviewed By: AnhNhan CC: aran Differential Revision: https://secure.phabricator.com/D5285
2013-03-08 16:12:24 +01:00
private $status = 'status-any';
const STATUS_ANY = 'status-any';
const STATUS_OPEN = 'status-open';
const STATUS_NONSTUB = 'status-nonstub';
private $order = 'order-created';
const ORDER_CREATED = 'order-created';
const ORDER_UPDATED = 'order-updated';
public function withIDs(array $ids) {
$this->ids = $ids;
return $this;
}
public function withPHIDs(array $phids) {
$this->phids = $phids;
return $this;
}
Use application PHIDs in Phriction Summary: Ref T2715. Moves Phriction to application PHIDs. Test Plan: Used `phid.query`; browsed Phriction. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T2715 Differential Revision: https://secure.phabricator.com/D6553
2013-07-24 20:32:13 +02:00
public function withSlugs(array $slugs) {
$this->slugs = $slugs;
return $this;
}
Implement PhrictionDocumentQuery Summary: Companion for D5284. Move all the query logic to a policy-aware query class. In particular: - Currently, anyone can view and edit a project's wiki documents. For callsites using this query class, you must be able to view or edit the project to view or edit its documents. - There's some very sketchy logic with the content/document joins. This cleans that up. - This cleans up loading projects by moving it inside the query. We need to do this anyway to perform policy checks. Test Plan: Viewed active/all/updated. Set page size to 2, verified pager works. Reviewers: AnhNhan, chad Reviewed By: AnhNhan CC: aran Differential Revision: https://secure.phabricator.com/D5285
2013-03-08 16:12:24 +01:00
public function withStatus($status) {
$this->status = $status;
return $this;
}
public function setOrder($order) {
$this->order = $order;
return $this;
}
protected function loadPage() {
$document = new PhrictionDocument();
$conn_r = $document->establishConnection('r');
$rows = queryfx_all(
$conn_r,
'SELECT * FROM %T %Q %Q %Q',
$document->getTableName(),
$this->buildWhereClause($conn_r),
$this->buildOrderClause($conn_r),
$this->buildLimitClause($conn_r));
return $document->loadAllFromArray($rows);
}
protected function willFilterPage(array $documents) {
$contents = id(new PhrictionContent())->loadAllWhere(
'id IN (%Ld)',
mpull($documents, 'getContentID'));
foreach ($documents as $key => $document) {
$content_id = $document->getContentID();
if (empty($contents[$content_id])) {
unset($documents[$key]);
continue;
}
$document->attachContent($contents[$content_id]);
}
Use application PHIDs in Phriction Summary: Ref T2715. Moves Phriction to application PHIDs. Test Plan: Used `phid.query`; browsed Phriction. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T2715 Differential Revision: https://secure.phabricator.com/D6553
2013-07-24 20:32:13 +02:00
foreach ($documents as $document) {
$document->attachProject(null);
}
Implement PhrictionDocumentQuery Summary: Companion for D5284. Move all the query logic to a policy-aware query class. In particular: - Currently, anyone can view and edit a project's wiki documents. For callsites using this query class, you must be able to view or edit the project to view or edit its documents. - There's some very sketchy logic with the content/document joins. This cleans that up. - This cleans up loading projects by moving it inside the query. We need to do this anyway to perform policy checks. Test Plan: Viewed active/all/updated. Set page size to 2, verified pager works. Reviewers: AnhNhan, chad Reviewed By: AnhNhan CC: aran Differential Revision: https://secure.phabricator.com/D5285
2013-03-08 16:12:24 +01:00
$project_slugs = array();
foreach ($documents as $key => $document) {
$slug = $document->getSlug();
if (!PhrictionDocument::isProjectSlug($slug)) {
continue;
}
$project_slugs[$key] = PhrictionDocument::getProjectSlugIdentifier($slug);
}
if ($project_slugs) {
$projects = id(new PhabricatorProjectQuery())
->setViewer($this->getViewer())
Fix a name mismatch in PhrictionDocumentQuery Summary: Fix an oversight in {D5285} Test Plan: works smoothly again :D Reviewers: epriestley Reviewed By: epriestley CC: aran, Korvin Maniphest Tasks: T2686 Differential Revision: https://secure.phabricator.com/D5294
2013-03-08 16:50:25 +01:00
->withPhrictionSlugs($project_slugs)
Implement PhrictionDocumentQuery Summary: Companion for D5284. Move all the query logic to a policy-aware query class. In particular: - Currently, anyone can view and edit a project's wiki documents. For callsites using this query class, you must be able to view or edit the project to view or edit its documents. - There's some very sketchy logic with the content/document joins. This cleans that up. - This cleans up loading projects by moving it inside the query. We need to do this anyway to perform policy checks. Test Plan: Viewed active/all/updated. Set page size to 2, verified pager works. Reviewers: AnhNhan, chad Reviewed By: AnhNhan CC: aran Differential Revision: https://secure.phabricator.com/D5285
2013-03-08 16:12:24 +01:00
->execute();
$projects = mpull($projects, null, 'getPhrictionSlug');
foreach ($documents as $key => $document) {
$slug = idx($project_slugs, $key);
if ($slug) {
$project = idx($projects, $slug);
if (!$project) {
unset($documents[$key]);
continue;
}
$document->attachProject($project);
}
}
}
return $documents;
}
protected function buildWhereClause(AphrontDatabaseConnection $conn) {
$where = array();
if ($this->ids) {
$where[] = qsprintf(
$conn,
'id IN (%Ld)',
$this->ids);
}
if ($this->phids) {
$where[] = qsprintf(
$conn,
Use application PHIDs in Phriction Summary: Ref T2715. Moves Phriction to application PHIDs. Test Plan: Used `phid.query`; browsed Phriction. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T2715 Differential Revision: https://secure.phabricator.com/D6553
2013-07-24 20:32:13 +02:00
'phid IN (%Ls)',
Implement PhrictionDocumentQuery Summary: Companion for D5284. Move all the query logic to a policy-aware query class. In particular: - Currently, anyone can view and edit a project's wiki documents. For callsites using this query class, you must be able to view or edit the project to view or edit its documents. - There's some very sketchy logic with the content/document joins. This cleans that up. - This cleans up loading projects by moving it inside the query. We need to do this anyway to perform policy checks. Test Plan: Viewed active/all/updated. Set page size to 2, verified pager works. Reviewers: AnhNhan, chad Reviewed By: AnhNhan CC: aran Differential Revision: https://secure.phabricator.com/D5285
2013-03-08 16:12:24 +01:00
$this->phids);
}
Use application PHIDs in Phriction Summary: Ref T2715. Moves Phriction to application PHIDs. Test Plan: Used `phid.query`; browsed Phriction. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T2715 Differential Revision: https://secure.phabricator.com/D6553
2013-07-24 20:32:13 +02:00
if ($this->slugs) {
$where[] = qsprintf(
$conn,
'slug IN (%Ls)',
$this->slugs);
}
Implement PhrictionDocumentQuery Summary: Companion for D5284. Move all the query logic to a policy-aware query class. In particular: - Currently, anyone can view and edit a project's wiki documents. For callsites using this query class, you must be able to view or edit the project to view or edit its documents. - There's some very sketchy logic with the content/document joins. This cleans that up. - This cleans up loading projects by moving it inside the query. We need to do this anyway to perform policy checks. Test Plan: Viewed active/all/updated. Set page size to 2, verified pager works. Reviewers: AnhNhan, chad Reviewed By: AnhNhan CC: aran Differential Revision: https://secure.phabricator.com/D5285
2013-03-08 16:12:24 +01:00
switch ($this->status) {
case self::STATUS_OPEN:
$where[] = qsprintf(
$conn,
'status NOT IN (%Ld)',
array(
PhrictionDocumentStatus::STATUS_DELETED,
PhrictionDocumentStatus::STATUS_MOVED,
PhrictionDocumentStatus::STATUS_STUB,
));
break;
case self::STATUS_NONSTUB:
$where[] = qsprintf(
$conn,
'status NOT IN (%Ld)',
array(
Modernized Phriction Document Index Summary: Refs T2686 Migrated Document Index to `PhabricatorObjectItemView` //Updates// page currently depicts change type per object bar color. Icons are planned, though their implemention remains unclear. Also, @btrahan mentioned the use of getters over properties (for `$this->documents`, `$this->handles`) Test Plan: Looks good, doesn't it? Reviewers: epriestley, chad, btrahan CC: aran, Korvin Maniphest Tasks: T2686 Differential Revision: https://secure.phabricator.com/D5403
2013-03-22 18:28:13 +01:00
PhrictionDocumentStatus::STATUS_MOVED,
Implement PhrictionDocumentQuery Summary: Companion for D5284. Move all the query logic to a policy-aware query class. In particular: - Currently, anyone can view and edit a project's wiki documents. For callsites using this query class, you must be able to view or edit the project to view or edit its documents. - There's some very sketchy logic with the content/document joins. This cleans that up. - This cleans up loading projects by moving it inside the query. We need to do this anyway to perform policy checks. Test Plan: Viewed active/all/updated. Set page size to 2, verified pager works. Reviewers: AnhNhan, chad Reviewed By: AnhNhan CC: aran Differential Revision: https://secure.phabricator.com/D5285
2013-03-08 16:12:24 +01:00
PhrictionDocumentStatus::STATUS_STUB,
));
break;
case self::STATUS_ANY:
break;
default:
throw new Exception("Unknown status '{$this->status}'!");
}
$where[] = $this->buildPagingClause($conn);
return $this->formatWhereClause($where);
}
protected function getPagingColumn() {
switch ($this->order) {
case self::ORDER_CREATED:
return 'id';
case self::ORDER_UPDATED:
return 'contentID';
default:
throw new Exception("Unknown order '{$this->order}'!");
}
}
protected function getPagingValue($result) {
switch ($this->order) {
case self::ORDER_CREATED:
return $result->getID();
case self::ORDER_UPDATED:
return $result->getContentID();
default:
throw new Exception("Unknown order '{$this->order}'!");
}
}
Lock policy queries to their applications Summary: While we mostly have reasonable effective object accessibility when you lock a user out of an application, it's primarily enforced at the controller level. Users can still, e.g., load the handles of objects they can't actually see. Instead, lock the queries to the applications so that you can, e.g., never load a revision if you don't have access to Differential. This has several parts: - For PolicyAware queries, provide an application class name method. - If the query specifies a class name and the user doesn't have permission to use it, fail the entire query unconditionally. - For handles, simplify query construction and count all the PHIDs as "restricted" so we get a UI full of "restricted" instead of "unknown" handles. Test Plan: - Added a unit test to verify I got all the class names right. - Browsed around, logged in/out as a normal user with public policies on and off. - Browsed around, logged in/out as a restricted user with public policies on and off. With restrictions, saw all traces of restricted apps removed or restricted. Reviewers: btrahan Reviewed By: btrahan CC: aran Differential Revision: https://secure.phabricator.com/D7367
2013-10-22 02:20:27 +02:00
public function getQueryApplicationClass() {
return 'PhabricatorApplicationPhriction';
}
Implement PhrictionDocumentQuery Summary: Companion for D5284. Move all the query logic to a policy-aware query class. In particular: - Currently, anyone can view and edit a project's wiki documents. For callsites using this query class, you must be able to view or edit the project to view or edit its documents. - There's some very sketchy logic with the content/document joins. This cleans that up. - This cleans up loading projects by moving it inside the query. We need to do this anyway to perform policy checks. Test Plan: Viewed active/all/updated. Set page size to 2, verified pager works. Reviewers: AnhNhan, chad Reviewed By: AnhNhan CC: aran Differential Revision: https://secure.phabricator.com/D5285
2013-03-08 16:12:24 +01:00
}
Copy permalink