revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-22 05:20:56 +01:00
Code Issues Releases Wiki Activity

Make most file reads policy-aware

Browse source 
Summary: Ref T603. Swaps out most `PhabricatorFile` loads for `PhabricatorFileQuery`.

Test Plan:
  - Viewed Differential changesets.
  - Used `file.info`.
  - Used `file.download`.
  - Viewed a file.
  - Deleted a file.
  - Used `/Fnnnn` to access a file.
  - Uploaded an image, verified a thumbnail generated.
  - Created and edited a macro.
  - Added a meme.
  - Did old-school attach-a-file-to-a-task.
  - Viewed a paste.
  - Viewed a mock.
  - Embedded a mock.
  - Profiled a page.
  - Parsed a commit with image files linked to a revision with image files.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D7178
This commit is contained in:
epriestley 2013-09-30 09:38:13 -07:00
parent 4b39cc321b
commit 13dae05193
28 changed files with 124 additions and 67 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
src/applications/differential/controller/DifferentialChangesetViewController.php
View file

@ -296,6 +296,8 @@ final class DifferentialChangesetViewController extends DifferentialController {
DifferentialChangeset $changeset, DifferentialChangeset $changeset,
$is_new) { $is_new) {
$viewer = $this->getRequest()->getUser();
if ($is_new) { if ($is_new) {
$key = 'raw:new:phid'; $key = 'raw:new:phid';
} else { } else {
@ -307,9 +309,13 @@ final class DifferentialChangesetViewController extends DifferentialController {
$file = null; $file = null;
$phid = idx($metadata, $key); $phid = idx($metadata, $key);
if ($phid) { if ($phid) {
$file = id(new PhabricatorFile())->loadOneWhere( $file = id(new PhabricatorFileQuery())
'phid = %s', ->setViewer($viewer)
$phid); ->withPHIDs(array($phid))
->execute();
if ($file) {
$file = head($file);
}
} }
if (!$file) { if (!$file) {

1
src/applications/differential/controller/DifferentialRevisionViewController.php
View file

@ -887,6 +887,7 @@ final class DifferentialRevisionViewController extends DifferentialController {
* @return mixed (@{class:PhabricatorFile} if found, null if not) * @return mixed (@{class:PhabricatorFile} if found, null if not)
*/ */
public function loadFileByPHID($phid) { public function loadFileByPHID($phid) {
// TODO: (T603) Factor this and the other one out.
$file = id(new PhabricatorFile())->loadOneWhere( $file = id(new PhabricatorFile())->loadOneWhere(
'phid = %s', 'phid = %s',
$phid); $phid);

1
src/applications/differential/mail/DifferentialReviewRequestMail.php
View file

@ -104,6 +104,7 @@ abstract class DifferentialReviewRequestMail extends DifferentialMail {
} }
public function loadFileByPHID($phid) { public function loadFileByPHID($phid) {
// TODO: (T603) Factor this and the other one out.
$file = id(new PhabricatorFile())->loadOneWhere( $file = id(new PhabricatorFile())->loadOneWhere(
'phid = %s', 'phid = %s',
$phid); $phid);

1
src/applications/differential/parser/DifferentialChangesetParser.php
View file

@ -851,6 +851,7 @@ final class DifferentialChangesetParser {
$file_phids[] = $new_phid; $file_phids[] = $new_phid;
} }
// TODO: (T603) Probably fine to use omnipotent viewer here?
$files = id(new PhabricatorFile())->loadAllWhere( $files = id(new PhabricatorFile())->loadAllWhere(
'phid IN (%Ls)', 'phid IN (%Ls)',
$file_phids); $file_phids);

7
src/applications/files/conduit/ConduitAPI_file_download_Method.php
View file

@ -29,9 +29,10 @@ final class ConduitAPI_file_download_Method
protected function execute(ConduitAPIRequest $request) { protected function execute(ConduitAPIRequest $request) {
$phid = $request->getValue('phid'); $phid = $request->getValue('phid');
$file = id(new PhabricatorFile())->loadOneWhere( $file = id(new PhabricatorFileQuery())
'phid = %s', ->setViewer($request->getUser())
$phid); ->withPHIDs(array($phid))
->executeOne();
if (!$file) { if (!$file) {
throw new ConduitException('ERR-BAD-PHID'); throw new ConduitException('ERR-BAD-PHID');
} }

10
src/applications/files/conduit/ConduitAPI_file_info_Method.php
View file

@ -30,14 +30,16 @@ final class ConduitAPI_file_info_Method extends ConduitAPI_file_Method {
$phid = $request->getValue('phid'); $phid = $request->getValue('phid');
$id = $request->getValue('id'); $id = $request->getValue('id');
$query = id(new PhabricatorFileQuery())
->setViewer($request->getUser());
if ($id) { if ($id) {
$file = id(new PhabricatorFile())->load($id); $query->withIDs(array($id));
} else { } else {
$file = id(new PhabricatorFile())->loadOneWhere( $query->withPHIDs(array($phid));
'phid = %s',
$phid);
} }
$file = $query->executeOne();
if (!$file) { if (!$file) {
throw new ConduitException('ERR-NOT-FOUND'); throw new ConduitException('ERR-NOT-FOUND');
} }

7
src/applications/files/controller/PhabricatorFileDataController.php
View file

@ -25,9 +25,10 @@ final class PhabricatorFileDataController extends PhabricatorFileController {
->setURI($uri->setPath($request->getPath())); ->setURI($uri->setPath($request->getPath()));
} }
$file = id(new PhabricatorFile())->loadOneWhere( $file = id(new PhabricatorFileQuery())
'phid = %s', ->setViewer($request->getUser())
$this->phid); ->withPHIDs(array($this->phid))
->executeOne();
if (!$file) { if (!$file) {
return new Aphront404Response(); return new Aphront404Response();
} }

13
src/applications/files/controller/PhabricatorFileDeleteController.php
View file

@ -9,13 +9,18 @@ final class PhabricatorFileDeleteController extends PhabricatorFileController {
} }
public function processRequest() { public function processRequest() {
$request = $this->getRequest(); $request = $this->getRequest();
$user = $request->getUser(); $user = $request->getUser();
$file = id(new PhabricatorFile())->loadOneWhere( $file = id(new PhabricatorFileQuery())
'id = %d', ->setViewer($user)
$this->id); ->withIDs(array($this->id))
->requireCapabilities(
array(
PhabricatorPolicyCapability::CAN_VIEW,
PhabricatorPolicyCapability::CAN_EDIT,
))
->executeOne();
if (!$file) { if (!$file) {
return new Aphront404Response(); return new Aphront404Response();
} }

6
src/applications/files/controller/PhabricatorFileShortcutController.php
View file

@ -10,10 +10,14 @@ final class PhabricatorFileShortcutController
} }
public function processRequest() { public function processRequest() {
$file = id(new PhabricatorFile())->load($this->id); $file = id(new PhabricatorFileQuery())
->setViewer($this->getRequest()->getUser())
->withIDs(array($this->id))
->executeOne();
if (!$file) { if (!$file) {
return new Aphront404Response(); return new Aphront404Response();
} }
return id(new AphrontRedirectResponse())->setURI($file->getBestURI()); return id(new AphrontRedirectResponse())->setURI($file->getBestURI());
} }

23
src/applications/files/controller/PhabricatorFileTransformController.php
View file

@ -18,8 +18,12 @@ final class PhabricatorFileTransformController
} }
public function processRequest() { public function processRequest() {
$viewer = $this->getRequest()->getUser();
$file = id(new PhabricatorFile())->loadOneWhere('phid = %s', $this->phid); $file = id(new PhabricatorFileQuery())
->setViewer($viewer)
->withPHIDs(array($this->phid))
->executeOne();
if (!$file) { if (!$file) {
return new Aphront404Response(); return new Aphront404Response();
} }
@ -125,20 +129,17 @@ final class PhabricatorFileTransformController
private function buildTransformedFileResponse( private function buildTransformedFileResponse(
PhabricatorTransformedFile $xform) { PhabricatorTransformedFile $xform) {
$file = id(new PhabricatorFile())->loadOneWhere( $file = id(new PhabricatorFileQuery())
'phid = %s', ->setViewer($this->getRequest()->getUser())
$xform->getTransformedPHID()); ->withPHIDs(array($xform->getTransformedPHID()))
if ($file) { ->executeOne();
$uri = $file->getBestURI(); if (!$file) {
} else { return new Aphront404Response();
$bad_phid = $xform->getTransformedPHID();
throw new Exception(
"Unable to load file with phid {$bad_phid}."
);
} }
// TODO: We could just delegate to the file view controller instead, // TODO: We could just delegate to the file view controller instead,
// which would save the client a roundtrip, but is slightly more complex. // which would save the client a roundtrip, but is slightly more complex.
$uri = $file->getBestURI();
return id(new AphrontRedirectResponse())->setURI($uri); return id(new AphrontRedirectResponse())->setURI($uri);
} }

2
src/applications/files/management/PhabricatorFilesManagementWorkflow.php
View file

@ -19,6 +19,8 @@ abstract class PhabricatorFilesManagementWorkflow
if ($args->getArg('names')) { if ($args->getArg('names')) {
$iterator = array(); $iterator = array();
// TODO: (T603) Convert this to ObjectNameQuery.
foreach ($args->getArg('names') as $name) { foreach ($args->getArg('names') as $name) {
$name = trim($name); $name = trim($name);

2
src/applications/files/remarkup/PhabricatorRemarkupRuleEmbedFile.php
View file

@ -21,6 +21,8 @@ final class PhabricatorRemarkupRuleEmbedFile
$file = null; $file = null;
if ($matches[1]) { if ($matches[1]) {
// TODO: This is pretty inefficient if there are a bunch of files. // TODO: This is pretty inefficient if there are a bunch of files.
// TODO: (T603) This isn't policy-aware and should be extending
// PhabricatorRemarkupRuleObject.
$file = id(new PhabricatorFile())->load($matches[1]); $file = id(new PhabricatorFile())->load($matches[1]);
} }

1
src/applications/files/storage/PhabricatorFile.php
View file

@ -828,6 +828,7 @@ final class PhabricatorFile extends PhabricatorFileDAO
public function getCapabilities() { public function getCapabilities() {
return array( return array(
PhabricatorPolicyCapability::CAN_VIEW, PhabricatorPolicyCapability::CAN_VIEW,
PhabricatorPolicyCapability::CAN_EDIT,
); );
} }

7
src/applications/macro/controller/PhabricatorMacroEditController.php
View file

@ -82,9 +82,10 @@ final class PhabricatorMacroEditController
$errors[] = pht('Could not fetch URL: %s', $ex->getMessage()); $errors[] = pht('Could not fetch URL: %s', $ex->getMessage());
} }
} else if ($request->getStr('phid')) { } else if ($request->getStr('phid')) {
$file = id(new PhabricatorFile())->loadOneWhere( $file = id(new PhabricatorFileQuery())
'phid = %s', ->setViewer($user)
$request->getStr('phid')); ->withPHIDs(array($request->getStr('phid')))
->executeOne();
} }
if ($file) { if ($file) {

9
src/applications/macro/controller/PhabricatorMacroMemeController.php
View file

@ -38,10 +38,15 @@ final class PhabricatorMacroMemeController
$file->getPHID(), $hash); $file->getPHID(), $hash);
if ($xform) { if ($xform) {
$memefile = id(new PhabricatorFile())->loadOneWhere( $memefile = id(new PhabricatorFileQuery())
'phid = %s', $xform->getTransformedPHID()); ->setViewer($user)
->withPHIDs(array($xform->getTransformedPHID()))
->executeOne();
if ($memefile) {
return $memefile->getBestURI(); return $memefile->getBestURI();
} }
}
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
$transformers = (new PhabricatorImageTransformer()); $transformers = (new PhabricatorImageTransformer());
$newfile = $transformers $newfile = $transformers

9
src/applications/maniphest/controller/ManiphestTaskDetailController.php
View file

@ -611,9 +611,12 @@ final class ManiphestTaskDetailController extends ManiphestController {
if ($file_infos) { if ($file_infos) {
$file_phids = array_keys($file_infos); $file_phids = array_keys($file_infos);
$files = id(new PhabricatorFile())->loadAllWhere( // TODO: These should probably be handles or something; clean this up
'phid IN (%Ls)', // as we sort out file attachments.
$file_phids); $files = id(new PhabricatorFileQuery())
->setViewer($viewer)
->withPHIDs($file_phids)
->execute();
$file_view = new PhabricatorFileLinkListView(); $file_view = new PhabricatorFileLinkListView();
$file_view->setFiles($files); $file_view->setFiles($files);

7
src/applications/maniphest/controller/ManiphestTaskEditController.php
View file

@ -72,9 +72,10 @@ final class ManiphestTaskEditController extends ManiphestController {
} }
if ($file_phids) { if ($file_phids) {
$files = id(new PhabricatorFile())->loadAllWhere( $files = id(new PhabricatorFileQuery())
'phid IN (%Ls)', ->setViewer($user)
$file_phids); ->withPHIDs($file_phids)
->execute();
} }
$template_id = $request->getInt('template'); $template_id = $request->getInt('template');

7
src/applications/maniphest/controller/ManiphestTransactionSaveController.php
View file

@ -33,9 +33,10 @@ final class ManiphestTransactionSaveController extends ManiphestController {
// Look for drag-and-drop uploads first. // Look for drag-and-drop uploads first.
$file_phids = $request->getArr('files'); $file_phids = $request->getArr('files');
if ($file_phids) { if ($file_phids) {
$files = id(new PhabricatorFile())->loadAllWhere( $files = id(new PhabricatorFileQuery())
'phid in (%Ls)', ->setViewer($user)
$file_phids); ->withPHIDs(array($file_phids))
->execute();
} }
// This means "attach a file" even though we store other types of data // This means "attach a file" even though we store other types of data

1
src/applications/metamta/replyhandler/PhabricatorMailReplyHandler.php
View file

@ -315,6 +315,7 @@ EOBODY;
return $body; return $body;
} }
// TODO: (T603) What's the policy here?
$files = id(new PhabricatorFile()) $files = id(new PhabricatorFile())
->loadAllWhere('phid in (%Ls)', $attachments); ->loadAllWhere('phid in (%Ls)', $attachments);

7
src/applications/paste/controller/PhabricatorPasteViewController.php
View file

@ -44,9 +44,10 @@ final class PhabricatorPasteViewController extends PhabricatorPasteController {
return new Aphront404Response(); return new Aphront404Response();
} }
$file = id(new PhabricatorFile())->loadOneWhere( $file = id(new PhabricatorFileQuery())
'phid = %s', ->setViewer($user)
$paste->getFilePHID()); ->withPHIDs(array($paste->getFilePHID()))
->executeOne();
if (!$file) { if (!$file) {
return new Aphront400Response(); return new Aphront400Response();
} }

7
src/applications/paste/query/PhabricatorPasteQuery.php
View file

@ -162,9 +162,10 @@ final class PhabricatorPasteQuery
private function loadRawContent(array $pastes) { private function loadRawContent(array $pastes) {
$file_phids = mpull($pastes, 'getFilePHID'); $file_phids = mpull($pastes, 'getFilePHID');
$files = id(new PhabricatorFile())->loadAllWhere( $files = id(new PhabricatorFileQuery())
'phid IN (%Ls)', ->setViewer($this->getViewer())
$file_phids); ->withPHIDs($file_phids)
->execute();
$files = mpull($files, null, 'getPHID'); $files = mpull($files, null, 'getPHID');
foreach ($pastes as $key => $paste) { foreach ($pastes as $key => $paste) {

2
src/applications/people/storage/PhabricatorUser.php
View file

@ -746,6 +746,8 @@ EOBODY;
$src_phid = $this->getProfileImagePHID(); $src_phid = $this->getProfileImagePHID();
if ($src_phid) { if ($src_phid) {
// TODO: (T603) Can we get rid of this entirely and move it to
// PeopleQuery with attach/attachable?
$file = id(new PhabricatorFile())->loadOneWhere('phid = %s', $src_phid); $file = id(new PhabricatorFile())->loadOneWhere('phid = %s', $src_phid);
if ($file) { if ($file) {
$this->profileImage = $file->getBestURI(); $this->profileImage = $file->getBestURI();

11
src/applications/pholio/controller/PholioInlineThumbController.php
View file

@ -34,9 +34,14 @@ final class PholioInlineThumbController extends PholioController {
return new Aphront404Response(); return new Aphront404Response();
} }
$file = id(new PhabricatorFile())->loadOneWhere( $file = id(new PhabricatorFileQuery())
'phid = %s', ->setViewer($user)
$image->getFilePHID()); ->witHPHIDs(array($image->getFilePHID()))
->executeOne();
if (!$file) {
return new Aphront404Response();
}
return id(new AphrontRedirectResponse())->setURI($file->getThumb60x45URI()); return id(new AphrontRedirectResponse())->setURI($file->getThumb60x45URI());
} }

9
src/applications/pholio/query/PholioImageQuery.php
View file

@ -104,9 +104,12 @@ final class PholioImageQuery
assert_instances_of($images, 'PholioImage'); assert_instances_of($images, 'PholioImage');
$file_phids = mpull($images, 'getFilePHID'); $file_phids = mpull($images, 'getFilePHID');
$all_files = mpull(id(new PhabricatorFile())->loadAllWhere(
'phid IN (%Ls)', $all_files = id(new PhabricatorFileQuery())
$file_phids), null, 'getPHID'); ->setViewer($this->getViewer())
->withPHIDs($file_phids)
->execute();
$all_files = mpull($all_files, null, 'getPHID');
if ($this->needInlineComments) { if ($this->needInlineComments) {
$all_inline_comments = id(new PholioTransactionComment()) $all_inline_comments = id(new PholioTransactionComment())

9
src/applications/pholio/query/PholioMockQuery.php
View file

@ -132,9 +132,12 @@ final class PholioMockQuery
private function loadCoverFiles(array $mocks) { private function loadCoverFiles(array $mocks) {
assert_instances_of($mocks, 'PholioMock'); assert_instances_of($mocks, 'PholioMock');
$cover_file_phids = mpull($mocks, 'getCoverPHID'); $cover_file_phids = mpull($mocks, 'getCoverPHID');
$cover_files = mpull(id(new PhabricatorFile())->loadAllWhere( $cover_files = id(new PhabricatorFileQuery())
'phid IN (%Ls)', ->setViewer($this->getViewer())
$cover_file_phids), null, 'getPHID'); ->withPHIDs($cover_file_phids)
->execute();
$cover_files = mpull($cover_files, null, 'getPHID');
foreach ($mocks as $mock) { foreach ($mocks as $mock) {
$file = idx($cover_files, $mock->getCoverPHID()); $file = idx($cover_files, $mock->getCoverPHID());

1
src/applications/project/storage/PhabricatorProjectProfile.php
View file

@ -9,6 +9,7 @@ final class PhabricatorProjectProfile extends PhabricatorProjectDAO {
public function loadProfileImageURI() { public function loadProfileImageURI() {
$src_phid = $this->getProfileImagePHID(); $src_phid = $this->getProfileImagePHID();
// TODO: (T603) Can we get rid of this and move it to a Query?
$file = id(new PhabricatorFile())->loadOneWhere('phid = %s', $src_phid); $file = id(new PhabricatorFile())->loadOneWhere('phid = %s', $src_phid);
if ($file) { if ($file) {
return $file->getBestURI(); return $file->getBestURI();

7
src/applications/repository/worker/commitmessageparser/PhabricatorRepositoryCommitMessageParserWorker.php
View file

@ -329,9 +329,10 @@ abstract class PhabricatorRepositoryCommitMessageParserWorker
$files = array(); $files = array();
if ($file_phids) { if ($file_phids) {
$files = id(new PhabricatorFile())->loadAllWhere( $files = id(new PhabricatorFileQuery())
'phid IN (%Ls)', ->setViewer(PhabricatorUser::getOmnipotentUser())
$file_phids); ->withPHIDs($file_phids)
->execute();
$files = mpull($files, null, 'getPHID'); $files = mpull($files, null, 'getPHID');
} }

10
src/applications/xhprof/controller/PhabricatorXHProfProfileController.php
View file

@ -10,11 +10,12 @@ final class PhabricatorXHProfProfileController
} }
public function processRequest() { public function processRequest() {
$request = $this->getRequest();
$file = id(new PhabricatorFile())->loadOneWhere( $file = id(new PhabricatorFileQuery())
'phid = %s', ->setViewer($request->getUser())
$this->phid); ->withPHIDs(array($this->phid))
->executeOne();
if (!$file) { if (!$file) {
return new Aphront404Response(); return new Aphront404Response();
} }
@ -25,7 +26,6 @@ final class PhabricatorXHProfProfileController
throw new Exception("Failed to unserialize XHProf profile!"); throw new Exception("Failed to unserialize XHProf profile!");
} }
$request = $this->getRequest();
$symbol = $request->getStr('symbol'); $symbol = $request->getStr('symbol');
$is_framed = $request->getBool('frame'); $is_framed = $request->getBool('frame');