mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-24 06:20:56 +01:00
Have EditEngine API methods provide the correct application to Conduit
Summary: Fixes T9799. Currently, if you can't see an application like Paste, we fatal when trying to generate a result for `conduit.query`, because the new EditEngine-based `paste.edit` method doesn't "know" that it's a "Paste" method. Straighten this out, and use policies and queries a little more correctly/consistently. Test Plan: - Called `conduit.query` as a user who does not have permission to use Paste. - Before change: fatal. - After change: results, excluding "paste.*" methods. Reviewers: chad Reviewed By: chad Subscribers: cburroughs Maniphest Tasks: T9799 Differential Revision: https://secure.phabricator.com/D14492
This commit is contained in:
parent
5963c4c9e0
commit
12dd9ec3ff
6 changed files with 61 additions and 9 deletions
|
@ -19,20 +19,20 @@ final class ConduitQueryConduitAPIMethod extends ConduitAPIMethod {
|
|||
}
|
||||
|
||||
protected function execute(ConduitAPIRequest $request) {
|
||||
$classes = id(new PhutilClassMapQuery())
|
||||
->setAncestorClass('ConduitAPIMethod')
|
||||
$methods = id(new PhabricatorConduitMethodQuery())
|
||||
->setViewer($request->getUser())
|
||||
->execute();
|
||||
|
||||
$names_to_params = array();
|
||||
foreach ($classes as $class) {
|
||||
$names_to_params[$class->getAPIMethodName()] = array(
|
||||
'description' => $class->getMethodDescription(),
|
||||
'params' => $class->getParamTypes(),
|
||||
'return' => $class->getReturnType(),
|
||||
$map = array();
|
||||
foreach ($methods as $method) {
|
||||
$map[$method->getAPIMethodName()] = array(
|
||||
'description' => $method->getMethodDescription(),
|
||||
'params' => $method->getParamTypes(),
|
||||
'return' => $method->getReturnType(),
|
||||
);
|
||||
}
|
||||
|
||||
return $names_to_params;
|
||||
return $map;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -115,6 +115,43 @@ final class PhabricatorConduitMethodQuery
|
|||
return $methods;
|
||||
}
|
||||
|
||||
protected function willFilterPage(array $methods) {
|
||||
$application_phids = array();
|
||||
foreach ($methods as $method) {
|
||||
$application = $method->getApplication();
|
||||
if ($application === null) {
|
||||
continue;
|
||||
}
|
||||
$application_phids[] = $application->getPHID();
|
||||
}
|
||||
|
||||
if ($application_phids) {
|
||||
$applications = id(new PhabricatorApplicationQuery())
|
||||
->setParentQuery($this)
|
||||
->setViewer($this->getViewer())
|
||||
->withPHIDs($application_phids)
|
||||
->execute();
|
||||
$applications = mpull($applications, null, 'getPHID');
|
||||
} else {
|
||||
$applications = array();
|
||||
}
|
||||
|
||||
// Remove methods which belong to an application the viewer can not see.
|
||||
foreach ($methods as $key => $method) {
|
||||
$application = $method->getApplication();
|
||||
if ($application === null) {
|
||||
continue;
|
||||
}
|
||||
|
||||
if (empty($applications[$application->getPHID()])) {
|
||||
$this->didRejectResult($method);
|
||||
unset($methods[$key]);
|
||||
}
|
||||
}
|
||||
|
||||
return $methods;
|
||||
}
|
||||
|
||||
public function getQueryApplicationClass() {
|
||||
return 'PhabricatorConduitApplication';
|
||||
}
|
||||
|
|
|
@ -9,6 +9,10 @@ final class PhabricatorPasteEditEngine
|
|||
return pht('Pastes');
|
||||
}
|
||||
|
||||
public function getEngineApplicationClass() {
|
||||
return 'PhabricatorPasteApplication';
|
||||
}
|
||||
|
||||
protected function newEditableObject() {
|
||||
return PhabricatorPaste::initializeNewPaste($this->getViewer());
|
||||
}
|
||||
|
|
|
@ -50,6 +50,7 @@ abstract class PhabricatorEditEngine
|
|||
/* -( Managing Fields )---------------------------------------------------- */
|
||||
|
||||
|
||||
abstract public function getEngineApplicationClass();
|
||||
abstract protected function buildCustomEditFields($object);
|
||||
|
||||
final protected function buildEditFields($object) {
|
||||
|
|
|
@ -5,6 +5,12 @@ abstract class PhabricatorEditEngineAPIMethod
|
|||
|
||||
abstract public function newEditEngine();
|
||||
|
||||
public function getApplication() {
|
||||
$engine = $this->newEditEngine();
|
||||
$class = $engine->getEngineApplicationClass();
|
||||
return PhabricatorApplication::getByClass($class);
|
||||
}
|
||||
|
||||
public function getMethodStatus() {
|
||||
return self::METHOD_STATUS_UNSTABLE;
|
||||
}
|
||||
|
|
|
@ -20,6 +20,10 @@ final class PhabricatorEditEngineConfigurationEditEngine
|
|||
return pht('Edit Configurations');
|
||||
}
|
||||
|
||||
public function getEngineApplicationClass() {
|
||||
return 'PhabricatorTransactionsApplication';
|
||||
}
|
||||
|
||||
protected function newEditableObject() {
|
||||
return PhabricatorEditEngineConfiguration::initializeNewConfiguration(
|
||||
$this->getViewer(),
|
||||
|
|
Loading…
Reference in a new issue