From 11e8e60245ed02d101afbc450a92a7acca5864ac Mon Sep 17 00:00:00 2001 From: lkassianik Date: Thu, 30 Apr 2015 14:43:48 -0700 Subject: [PATCH] Calendar events should have edit/view policies Summary: Closes T7940, Calendar events should have edit/view policies. Test Plan: Create new event and save, event should be only visible and editable by creator. Editing policies should correctly set the permissions of editing/viewing the event. Reviewers: epriestley, #blessed_reviewers Reviewed By: epriestley, #blessed_reviewers Subscribers: Korvin, epriestley Maniphest Tasks: T7940 Differential Revision: https://secure.phabricator.com/D12632 --- .../20150430.calendar.1.policies.sql | 11 +++++++ ...PhabricatorCalendarEventEditController.php | 27 +++++++++++++++++ .../storage/PhabricatorCalendarEvent.php | 30 +++++++++++++++++-- 3 files changed, 65 insertions(+), 3 deletions(-) create mode 100644 resources/sql/autopatches/20150430.calendar.1.policies.sql diff --git a/resources/sql/autopatches/20150430.calendar.1.policies.sql b/resources/sql/autopatches/20150430.calendar.1.policies.sql new file mode 100644 index 0000000000..aa0bdff261 --- /dev/null +++ b/resources/sql/autopatches/20150430.calendar.1.policies.sql @@ -0,0 +1,11 @@ +ALTER TABLE {$NAMESPACE}_calendar.calendar_event + ADD viewPolicy varbinary(64) NOT NULL; + +ALTER TABLE {$NAMESPACE}_calendar.calendar_event + ADD editPolicy varbinary(64) NOT NULL; + +UPDATE {$NAMESPACE}_calendar.calendar_event + SET viewPolicy = 'users' WHERE viewPolicy = ''; + +UPDATE {$NAMESPACE}_calendar.calendar_event + SET editPolicy = userPHID; diff --git a/src/applications/calendar/controller/PhabricatorCalendarEventEditController.php b/src/applications/calendar/controller/PhabricatorCalendarEventEditController.php index cd72d03fd7..238c96039e 100644 --- a/src/applications/calendar/controller/PhabricatorCalendarEventEditController.php +++ b/src/applications/calendar/controller/PhabricatorCalendarEventEditController.php @@ -138,6 +138,14 @@ final class PhabricatorCalendarEventEditController PhabricatorCalendarEventTransaction::TYPE_DESCRIPTION) ->setNewValue($description); + $xactions[] = id(new PhabricatorCalendarEventTransaction()) + ->setTransactionType(PhabricatorTransactions::TYPE_VIEW_POLICY) + ->setNewValue($request->getStr('viewPolicy')); + + $xactions[] = id(new PhabricatorCalendarEventTransaction()) + ->setTransactionType(PhabricatorTransactions::TYPE_EDIT_POLICY) + ->setNewValue($request->getStr('editPolicy')); + $editor = id(new PhabricatorCalendarEventEditor()) ->setActor($user) ->setContentSourceFromRequest($request) @@ -179,6 +187,23 @@ final class PhabricatorCalendarEventEditController ->setName('description') ->setValue($event->getDescription()); + $current_policies = id(new PhabricatorPolicyQuery()) + ->setViewer($user) + ->setObject($event) + ->execute(); + $view_policies = id(new AphrontFormPolicyControl()) + ->setUser($user) + ->setCapability(PhabricatorPolicyCapability::CAN_VIEW) + ->setPolicyObject($event) + ->setPolicies($current_policies) + ->setName('viewPolicy'); + $edit_policies = id(new AphrontFormPolicyControl()) + ->setUser($user) + ->setCapability(PhabricatorPolicyCapability::CAN_EDIT) + ->setPolicyObject($event) + ->setPolicies($current_policies) + ->setName('editPolicy'); + $subscribers = id(new AphrontFormTokenizerControl()) ->setLabel(pht('Subscribers')) ->setName('subscribers') @@ -199,6 +224,8 @@ final class PhabricatorCalendarEventEditController ->appendChild($status_select) ->appendChild($start_time) ->appendChild($end_time) + ->appendControl($view_policies) + ->appendControl($edit_policies) ->appendControl($subscribers) ->appendControl($invitees) ->appendChild($description); diff --git a/src/applications/calendar/storage/PhabricatorCalendarEvent.php b/src/applications/calendar/storage/PhabricatorCalendarEvent.php index ae5b14288f..84dff02e25 100644 --- a/src/applications/calendar/storage/PhabricatorCalendarEvent.php +++ b/src/applications/calendar/storage/PhabricatorCalendarEvent.php @@ -18,6 +18,9 @@ final class PhabricatorCalendarEvent extends PhabricatorCalendarDAO protected $description; protected $isCancelled; + protected $viewPolicy; + protected $editPolicy; + private $invitees = self::ATTACHABLE; const STATUS_AWAY = 1; @@ -32,6 +35,8 @@ final class PhabricatorCalendarEvent extends PhabricatorCalendarDAO return id(new PhabricatorCalendarEvent()) ->setUserPHID($actor->getPHID()) ->setIsCancelled(0) + ->setViewPolicy($actor->getPHID()) + ->setEditPolicy($actor->getPHID()) ->attachInvitees(array()); } @@ -224,18 +229,37 @@ final class PhabricatorCalendarEvent extends PhabricatorCalendarDAO public function getPolicy($capability) { switch ($capability) { case PhabricatorPolicyCapability::CAN_VIEW: - return PhabricatorPolicies::getMostOpenPolicy(); + return $this->getViewPolicy(); case PhabricatorPolicyCapability::CAN_EDIT: - return $this->getUserPHID(); + return $this->getEditPolicy(); } } public function hasAutomaticCapability($capability, PhabricatorUser $viewer) { + // The owner of a task can always view and edit it. + $user_phid = $this->getUserPHID(); + if ($user_phid) { + $viewer_phid = $viewer->getPHID(); + if ($viewer_phid == $user_phid) { + return true; + } + } + + if ($capability == PhabricatorPolicyCapability::CAN_VIEW) { + $status = $this->getUserInviteStatus($viewer->getPHID()); + if ($status == PhabricatorCalendarEventInvitee::STATUS_INVITED || + $status == PhabricatorCalendarEventInvitee::STATUS_ATTENDING || + $status == PhabricatorCalendarEventInvitee::STATUS_DECLINED) { + return true; + } + } + return false; } public function describeAutomaticCapability($capability) { - return null; + return pht('The owner of an event can always view and edit it, + and invitees can always view it.'); } /* -( PhabricatorApplicationTransactionInterface )------------------------- */