revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-18 19:40:55 +01:00
Code Issues Releases Wiki Activity

Calendar events should have edit/view policies

Browse source 
Summary: Closes T7940, Calendar events should have edit/view policies.

Test Plan: Create new event and save, event should be only visible and editable by creator. Editing policies should correctly set the permissions of editing/viewing the event.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Maniphest Tasks: T7940

Differential Revision: https://secure.phabricator.com/D12632
This commit is contained in:
lkassianik 2015-04-30 14:43:48 -07:00
parent f14e0bf2ef
commit 11e8e60245
3 changed files with 65 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
resources/sql/autopatches/20150430.calendar.1.policies.sql Normal file
View file

@ -0,0 +1,11 @@
ALTER TABLE {$NAMESPACE}_calendar.calendar_event
ADD viewPolicy varbinary(64) NOT NULL;
ALTER TABLE {$NAMESPACE}_calendar.calendar_event
ADD editPolicy varbinary(64) NOT NULL;
UPDATE {$NAMESPACE}_calendar.calendar_event
SET viewPolicy = 'users' WHERE viewPolicy = '';
UPDATE {$NAMESPACE}_calendar.calendar_event
SET editPolicy = userPHID;

27
src/applications/calendar/controller/PhabricatorCalendarEventEditController.php
View file

@ -138,6 +138,14 @@ final class PhabricatorCalendarEventEditController
PhabricatorCalendarEventTransaction::TYPE_DESCRIPTION) PhabricatorCalendarEventTransaction::TYPE_DESCRIPTION)
->setNewValue($description); ->setNewValue($description);
$xactions[] = id(new PhabricatorCalendarEventTransaction())
->setTransactionType(PhabricatorTransactions::TYPE_VIEW_POLICY)
->setNewValue($request->getStr('viewPolicy'));
$xactions[] = id(new PhabricatorCalendarEventTransaction())
->setTransactionType(PhabricatorTransactions::TYPE_EDIT_POLICY)
->setNewValue($request->getStr('editPolicy'));
$editor = id(new PhabricatorCalendarEventEditor()) $editor = id(new PhabricatorCalendarEventEditor())
->setActor($user) ->setActor($user)
->setContentSourceFromRequest($request) ->setContentSourceFromRequest($request)
@ -179,6 +187,23 @@ final class PhabricatorCalendarEventEditController
->setName('description') ->setName('description')
->setValue($event->getDescription()); ->setValue($event->getDescription());
$current_policies = id(new PhabricatorPolicyQuery())
->setViewer($user)
->setObject($event)
->execute();
$view_policies = id(new AphrontFormPolicyControl())
->setUser($user)
->setCapability(PhabricatorPolicyCapability::CAN_VIEW)
->setPolicyObject($event)
->setPolicies($current_policies)
->setName('viewPolicy');
$edit_policies = id(new AphrontFormPolicyControl())
->setUser($user)
->setCapability(PhabricatorPolicyCapability::CAN_EDIT)
->setPolicyObject($event)
->setPolicies($current_policies)
->setName('editPolicy');
$subscribers = id(new AphrontFormTokenizerControl()) $subscribers = id(new AphrontFormTokenizerControl())
->setLabel(pht('Subscribers')) ->setLabel(pht('Subscribers'))
->setName('subscribers') ->setName('subscribers')
@ -199,6 +224,8 @@ final class PhabricatorCalendarEventEditController
->appendChild($status_select) ->appendChild($status_select)
->appendChild($start_time) ->appendChild($start_time)
->appendChild($end_time) ->appendChild($end_time)
->appendControl($view_policies)
->appendControl($edit_policies)
->appendControl($subscribers) ->appendControl($subscribers)
->appendControl($invitees) ->appendControl($invitees)
->appendChild($description); ->appendChild($description);

30
src/applications/calendar/storage/PhabricatorCalendarEvent.php
View file

@ -18,6 +18,9 @@ final class PhabricatorCalendarEvent extends PhabricatorCalendarDAO
protected $description; protected $description;
protected $isCancelled; protected $isCancelled;
protected $viewPolicy;
protected $editPolicy;
private $invitees = self::ATTACHABLE; private $invitees = self::ATTACHABLE;
const STATUS_AWAY = 1; const STATUS_AWAY = 1;
@ -32,6 +35,8 @@ final class PhabricatorCalendarEvent extends PhabricatorCalendarDAO
return id(new PhabricatorCalendarEvent()) return id(new PhabricatorCalendarEvent())
->setUserPHID($actor->getPHID()) ->setUserPHID($actor->getPHID())
->setIsCancelled(0) ->setIsCancelled(0)
->setViewPolicy($actor->getPHID())
->setEditPolicy($actor->getPHID())
->attachInvitees(array()); ->attachInvitees(array());
} }
@ -224,18 +229,37 @@ final class PhabricatorCalendarEvent extends PhabricatorCalendarDAO
public function getPolicy($capability) { public function getPolicy($capability) {
switch ($capability) { switch ($capability) {
case PhabricatorPolicyCapability::CAN_VIEW: case PhabricatorPolicyCapability::CAN_VIEW:
return PhabricatorPolicies::getMostOpenPolicy(); return $this->getViewPolicy();
case PhabricatorPolicyCapability::CAN_EDIT: case PhabricatorPolicyCapability::CAN_EDIT:
return $this->getUserPHID(); return $this->getEditPolicy();
} }
} }
public function hasAutomaticCapability($capability, PhabricatorUser $viewer) { public function hasAutomaticCapability($capability, PhabricatorUser $viewer) {
// The owner of a task can always view and edit it.
$user_phid = $this->getUserPHID();
if ($user_phid) {
$viewer_phid = $viewer->getPHID();
if ($viewer_phid == $user_phid) {
return true;
}
}
if ($capability == PhabricatorPolicyCapability::CAN_VIEW) {
$status = $this->getUserInviteStatus($viewer->getPHID());
if ($status == PhabricatorCalendarEventInvitee::STATUS_INVITED ||
$status == PhabricatorCalendarEventInvitee::STATUS_ATTENDING ||
$status == PhabricatorCalendarEventInvitee::STATUS_DECLINED) {
return true;
}
}
return false; return false;
} }
public function describeAutomaticCapability($capability) { public function describeAutomaticCapability($capability) {
return null; return pht('The owner of an event can always view and edit it,
and invitees can always view it.');
} }
/* -( PhabricatorApplicationTransactionInterface )------------------------- */ /* -( PhabricatorApplicationTransactionInterface )------------------------- */