1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-24 06:20:56 +01:00

Have EditEngine API methods provide the correct application to Conduit

Summary:
Fixes T9799. Currently, if you can't see an application like Paste, we fatal when trying to generate a result for `conduit.query`, because the new EditEngine-based `paste.edit` method doesn't "know" that it's a "Paste" method.

Straighten this out, and use policies and queries a little more correctly/consistently.

Test Plan:
  - Called `conduit.query` as a user who does not have permission to use Paste.
  - Before change: fatal.
  - After change: results, excluding "paste.*" methods.

Reviewers: chad

Reviewed By: chad

Subscribers: cburroughs

Maniphest Tasks: T9799

Differential Revision: https://secure.phabricator.com/D14492
This commit is contained in:
epriestley 2015-11-16 09:24:50 -08:00
parent 5963c4c9e0
commit 12dd9ec3ff
6 changed files with 61 additions and 9 deletions

View file

@ -19,20 +19,20 @@ final class ConduitQueryConduitAPIMethod extends ConduitAPIMethod {
}
protected function execute(ConduitAPIRequest $request) {
$classes = id(new PhutilClassMapQuery())
->setAncestorClass('ConduitAPIMethod')
$methods = id(new PhabricatorConduitMethodQuery())
->setViewer($request->getUser())
->execute();
$names_to_params = array();
foreach ($classes as $class) {
$names_to_params[$class->getAPIMethodName()] = array(
'description' => $class->getMethodDescription(),
'params' => $class->getParamTypes(),
'return' => $class->getReturnType(),
$map = array();
foreach ($methods as $method) {
$map[$method->getAPIMethodName()] = array(
'description' => $method->getMethodDescription(),
'params' => $method->getParamTypes(),
'return' => $method->getReturnType(),
);
}
return $names_to_params;
return $map;
}
}

View file

@ -115,6 +115,43 @@ final class PhabricatorConduitMethodQuery
return $methods;
}
protected function willFilterPage(array $methods) {
$application_phids = array();
foreach ($methods as $method) {
$application = $method->getApplication();
if ($application === null) {
continue;
}
$application_phids[] = $application->getPHID();
}
if ($application_phids) {
$applications = id(new PhabricatorApplicationQuery())
->setParentQuery($this)
->setViewer($this->getViewer())
->withPHIDs($application_phids)
->execute();
$applications = mpull($applications, null, 'getPHID');
} else {
$applications = array();
}
// Remove methods which belong to an application the viewer can not see.
foreach ($methods as $key => $method) {
$application = $method->getApplication();
if ($application === null) {
continue;
}
if (empty($applications[$application->getPHID()])) {
$this->didRejectResult($method);
unset($methods[$key]);
}
}
return $methods;
}
public function getQueryApplicationClass() {
return 'PhabricatorConduitApplication';
}

View file

@ -9,6 +9,10 @@ final class PhabricatorPasteEditEngine
return pht('Pastes');
}
public function getEngineApplicationClass() {
return 'PhabricatorPasteApplication';
}
protected function newEditableObject() {
return PhabricatorPaste::initializeNewPaste($this->getViewer());
}

View file

@ -50,6 +50,7 @@ abstract class PhabricatorEditEngine
/* -( Managing Fields )---------------------------------------------------- */
abstract public function getEngineApplicationClass();
abstract protected function buildCustomEditFields($object);
final protected function buildEditFields($object) {

View file

@ -5,6 +5,12 @@ abstract class PhabricatorEditEngineAPIMethod
abstract public function newEditEngine();
public function getApplication() {
$engine = $this->newEditEngine();
$class = $engine->getEngineApplicationClass();
return PhabricatorApplication::getByClass($class);
}
public function getMethodStatus() {
return self::METHOD_STATUS_UNSTABLE;
}

View file

@ -20,6 +20,10 @@ final class PhabricatorEditEngineConfigurationEditEngine
return pht('Edit Configurations');
}
public function getEngineApplicationClass() {
return 'PhabricatorTransactionsApplication';
}
protected function newEditableObject() {
return PhabricatorEditEngineConfiguration::initializeNewConfiguration(
$this->getViewer(),