mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-30 09:20:58 +01:00
Make most file reads policy-aware
Summary: Ref T603. Swaps out most `PhabricatorFile` loads for `PhabricatorFileQuery`. Test Plan: - Viewed Differential changesets. - Used `file.info`. - Used `file.download`. - Viewed a file. - Deleted a file. - Used `/Fnnnn` to access a file. - Uploaded an image, verified a thumbnail generated. - Created and edited a macro. - Added a meme. - Did old-school attach-a-file-to-a-task. - Viewed a paste. - Viewed a mock. - Embedded a mock. - Profiled a page. - Parsed a commit with image files linked to a revision with image files. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T603 Differential Revision: https://secure.phabricator.com/D7178
This commit is contained in:
parent
4b39cc321b
commit
13dae05193
28 changed files with 124 additions and 67 deletions
|
@ -296,6 +296,8 @@ final class DifferentialChangesetViewController extends DifferentialController {
|
|||
DifferentialChangeset $changeset,
|
||||
$is_new) {
|
||||
|
||||
$viewer = $this->getRequest()->getUser();
|
||||
|
||||
if ($is_new) {
|
||||
$key = 'raw:new:phid';
|
||||
} else {
|
||||
|
@ -307,9 +309,13 @@ final class DifferentialChangesetViewController extends DifferentialController {
|
|||
$file = null;
|
||||
$phid = idx($metadata, $key);
|
||||
if ($phid) {
|
||||
$file = id(new PhabricatorFile())->loadOneWhere(
|
||||
'phid = %s',
|
||||
$phid);
|
||||
$file = id(new PhabricatorFileQuery())
|
||||
->setViewer($viewer)
|
||||
->withPHIDs(array($phid))
|
||||
->execute();
|
||||
if ($file) {
|
||||
$file = head($file);
|
||||
}
|
||||
}
|
||||
|
||||
if (!$file) {
|
||||
|
|
|
@ -887,6 +887,7 @@ final class DifferentialRevisionViewController extends DifferentialController {
|
|||
* @return mixed (@{class:PhabricatorFile} if found, null if not)
|
||||
*/
|
||||
public function loadFileByPHID($phid) {
|
||||
// TODO: (T603) Factor this and the other one out.
|
||||
$file = id(new PhabricatorFile())->loadOneWhere(
|
||||
'phid = %s',
|
||||
$phid);
|
||||
|
|
|
@ -104,6 +104,7 @@ abstract class DifferentialReviewRequestMail extends DifferentialMail {
|
|||
}
|
||||
|
||||
public function loadFileByPHID($phid) {
|
||||
// TODO: (T603) Factor this and the other one out.
|
||||
$file = id(new PhabricatorFile())->loadOneWhere(
|
||||
'phid = %s',
|
||||
$phid);
|
||||
|
|
|
@ -851,6 +851,7 @@ final class DifferentialChangesetParser {
|
|||
$file_phids[] = $new_phid;
|
||||
}
|
||||
|
||||
// TODO: (T603) Probably fine to use omnipotent viewer here?
|
||||
$files = id(new PhabricatorFile())->loadAllWhere(
|
||||
'phid IN (%Ls)',
|
||||
$file_phids);
|
||||
|
|
|
@ -29,9 +29,10 @@ final class ConduitAPI_file_download_Method
|
|||
protected function execute(ConduitAPIRequest $request) {
|
||||
$phid = $request->getValue('phid');
|
||||
|
||||
$file = id(new PhabricatorFile())->loadOneWhere(
|
||||
'phid = %s',
|
||||
$phid);
|
||||
$file = id(new PhabricatorFileQuery())
|
||||
->setViewer($request->getUser())
|
||||
->withPHIDs(array($phid))
|
||||
->executeOne();
|
||||
if (!$file) {
|
||||
throw new ConduitException('ERR-BAD-PHID');
|
||||
}
|
||||
|
|
|
@ -30,14 +30,16 @@ final class ConduitAPI_file_info_Method extends ConduitAPI_file_Method {
|
|||
$phid = $request->getValue('phid');
|
||||
$id = $request->getValue('id');
|
||||
|
||||
$query = id(new PhabricatorFileQuery())
|
||||
->setViewer($request->getUser());
|
||||
if ($id) {
|
||||
$file = id(new PhabricatorFile())->load($id);
|
||||
$query->withIDs(array($id));
|
||||
} else {
|
||||
$file = id(new PhabricatorFile())->loadOneWhere(
|
||||
'phid = %s',
|
||||
$phid);
|
||||
$query->withPHIDs(array($phid));
|
||||
}
|
||||
|
||||
$file = $query->executeOne();
|
||||
|
||||
if (!$file) {
|
||||
throw new ConduitException('ERR-NOT-FOUND');
|
||||
}
|
||||
|
|
|
@ -25,9 +25,10 @@ final class PhabricatorFileDataController extends PhabricatorFileController {
|
|||
->setURI($uri->setPath($request->getPath()));
|
||||
}
|
||||
|
||||
$file = id(new PhabricatorFile())->loadOneWhere(
|
||||
'phid = %s',
|
||||
$this->phid);
|
||||
$file = id(new PhabricatorFileQuery())
|
||||
->setViewer($request->getUser())
|
||||
->withPHIDs(array($this->phid))
|
||||
->executeOne();
|
||||
if (!$file) {
|
||||
return new Aphront404Response();
|
||||
}
|
||||
|
|
|
@ -9,13 +9,18 @@ final class PhabricatorFileDeleteController extends PhabricatorFileController {
|
|||
}
|
||||
|
||||
public function processRequest() {
|
||||
|
||||
$request = $this->getRequest();
|
||||
$user = $request->getUser();
|
||||
|
||||
$file = id(new PhabricatorFile())->loadOneWhere(
|
||||
'id = %d',
|
||||
$this->id);
|
||||
$file = id(new PhabricatorFileQuery())
|
||||
->setViewer($user)
|
||||
->withIDs(array($this->id))
|
||||
->requireCapabilities(
|
||||
array(
|
||||
PhabricatorPolicyCapability::CAN_VIEW,
|
||||
PhabricatorPolicyCapability::CAN_EDIT,
|
||||
))
|
||||
->executeOne();
|
||||
if (!$file) {
|
||||
return new Aphront404Response();
|
||||
}
|
||||
|
|
|
@ -10,10 +10,14 @@ final class PhabricatorFileShortcutController
|
|||
}
|
||||
|
||||
public function processRequest() {
|
||||
$file = id(new PhabricatorFile())->load($this->id);
|
||||
$file = id(new PhabricatorFileQuery())
|
||||
->setViewer($this->getRequest()->getUser())
|
||||
->withIDs(array($this->id))
|
||||
->executeOne();
|
||||
if (!$file) {
|
||||
return new Aphront404Response();
|
||||
}
|
||||
|
||||
return id(new AphrontRedirectResponse())->setURI($file->getBestURI());
|
||||
}
|
||||
|
||||
|
|
|
@ -18,8 +18,12 @@ final class PhabricatorFileTransformController
|
|||
}
|
||||
|
||||
public function processRequest() {
|
||||
$viewer = $this->getRequest()->getUser();
|
||||
|
||||
$file = id(new PhabricatorFile())->loadOneWhere('phid = %s', $this->phid);
|
||||
$file = id(new PhabricatorFileQuery())
|
||||
->setViewer($viewer)
|
||||
->withPHIDs(array($this->phid))
|
||||
->executeOne();
|
||||
if (!$file) {
|
||||
return new Aphront404Response();
|
||||
}
|
||||
|
@ -125,20 +129,17 @@ final class PhabricatorFileTransformController
|
|||
private function buildTransformedFileResponse(
|
||||
PhabricatorTransformedFile $xform) {
|
||||
|
||||
$file = id(new PhabricatorFile())->loadOneWhere(
|
||||
'phid = %s',
|
||||
$xform->getTransformedPHID());
|
||||
if ($file) {
|
||||
$uri = $file->getBestURI();
|
||||
} else {
|
||||
$bad_phid = $xform->getTransformedPHID();
|
||||
throw new Exception(
|
||||
"Unable to load file with phid {$bad_phid}."
|
||||
);
|
||||
$file = id(new PhabricatorFileQuery())
|
||||
->setViewer($this->getRequest()->getUser())
|
||||
->withPHIDs(array($xform->getTransformedPHID()))
|
||||
->executeOne();
|
||||
if (!$file) {
|
||||
return new Aphront404Response();
|
||||
}
|
||||
|
||||
// TODO: We could just delegate to the file view controller instead,
|
||||
// which would save the client a roundtrip, but is slightly more complex.
|
||||
$uri = $file->getBestURI();
|
||||
return id(new AphrontRedirectResponse())->setURI($uri);
|
||||
}
|
||||
|
||||
|
|
|
@ -19,6 +19,8 @@ abstract class PhabricatorFilesManagementWorkflow
|
|||
if ($args->getArg('names')) {
|
||||
$iterator = array();
|
||||
|
||||
// TODO: (T603) Convert this to ObjectNameQuery.
|
||||
|
||||
foreach ($args->getArg('names') as $name) {
|
||||
$name = trim($name);
|
||||
|
||||
|
|
|
@ -21,6 +21,8 @@ final class PhabricatorRemarkupRuleEmbedFile
|
|||
$file = null;
|
||||
if ($matches[1]) {
|
||||
// TODO: This is pretty inefficient if there are a bunch of files.
|
||||
// TODO: (T603) This isn't policy-aware and should be extending
|
||||
// PhabricatorRemarkupRuleObject.
|
||||
$file = id(new PhabricatorFile())->load($matches[1]);
|
||||
}
|
||||
|
||||
|
|
|
@ -828,6 +828,7 @@ final class PhabricatorFile extends PhabricatorFileDAO
|
|||
public function getCapabilities() {
|
||||
return array(
|
||||
PhabricatorPolicyCapability::CAN_VIEW,
|
||||
PhabricatorPolicyCapability::CAN_EDIT,
|
||||
);
|
||||
}
|
||||
|
||||
|
|
|
@ -82,9 +82,10 @@ final class PhabricatorMacroEditController
|
|||
$errors[] = pht('Could not fetch URL: %s', $ex->getMessage());
|
||||
}
|
||||
} else if ($request->getStr('phid')) {
|
||||
$file = id(new PhabricatorFile())->loadOneWhere(
|
||||
'phid = %s',
|
||||
$request->getStr('phid'));
|
||||
$file = id(new PhabricatorFileQuery())
|
||||
->setViewer($user)
|
||||
->withPHIDs(array($request->getStr('phid')))
|
||||
->executeOne();
|
||||
}
|
||||
|
||||
if ($file) {
|
||||
|
|
|
@ -38,10 +38,15 @@ final class PhabricatorMacroMemeController
|
|||
$file->getPHID(), $hash);
|
||||
|
||||
if ($xform) {
|
||||
$memefile = id(new PhabricatorFile())->loadOneWhere(
|
||||
'phid = %s', $xform->getTransformedPHID());
|
||||
$memefile = id(new PhabricatorFileQuery())
|
||||
->setViewer($user)
|
||||
->withPHIDs(array($xform->getTransformedPHID()))
|
||||
->executeOne();
|
||||
if ($memefile) {
|
||||
return $memefile->getBestURI();
|
||||
}
|
||||
}
|
||||
|
||||
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
|
||||
$transformers = (new PhabricatorImageTransformer());
|
||||
$newfile = $transformers
|
||||
|
|
|
@ -611,9 +611,12 @@ final class ManiphestTaskDetailController extends ManiphestController {
|
|||
if ($file_infos) {
|
||||
$file_phids = array_keys($file_infos);
|
||||
|
||||
$files = id(new PhabricatorFile())->loadAllWhere(
|
||||
'phid IN (%Ls)',
|
||||
$file_phids);
|
||||
// TODO: These should probably be handles or something; clean this up
|
||||
// as we sort out file attachments.
|
||||
$files = id(new PhabricatorFileQuery())
|
||||
->setViewer($viewer)
|
||||
->withPHIDs($file_phids)
|
||||
->execute();
|
||||
|
||||
$file_view = new PhabricatorFileLinkListView();
|
||||
$file_view->setFiles($files);
|
||||
|
|
|
@ -72,9 +72,10 @@ final class ManiphestTaskEditController extends ManiphestController {
|
|||
}
|
||||
|
||||
if ($file_phids) {
|
||||
$files = id(new PhabricatorFile())->loadAllWhere(
|
||||
'phid IN (%Ls)',
|
||||
$file_phids);
|
||||
$files = id(new PhabricatorFileQuery())
|
||||
->setViewer($user)
|
||||
->withPHIDs($file_phids)
|
||||
->execute();
|
||||
}
|
||||
|
||||
$template_id = $request->getInt('template');
|
||||
|
|
|
@ -33,9 +33,10 @@ final class ManiphestTransactionSaveController extends ManiphestController {
|
|||
// Look for drag-and-drop uploads first.
|
||||
$file_phids = $request->getArr('files');
|
||||
if ($file_phids) {
|
||||
$files = id(new PhabricatorFile())->loadAllWhere(
|
||||
'phid in (%Ls)',
|
||||
$file_phids);
|
||||
$files = id(new PhabricatorFileQuery())
|
||||
->setViewer($user)
|
||||
->withPHIDs(array($file_phids))
|
||||
->execute();
|
||||
}
|
||||
|
||||
// This means "attach a file" even though we store other types of data
|
||||
|
|
|
@ -315,6 +315,7 @@ EOBODY;
|
|||
return $body;
|
||||
}
|
||||
|
||||
// TODO: (T603) What's the policy here?
|
||||
$files = id(new PhabricatorFile())
|
||||
->loadAllWhere('phid in (%Ls)', $attachments);
|
||||
|
||||
|
|
|
@ -44,9 +44,10 @@ final class PhabricatorPasteViewController extends PhabricatorPasteController {
|
|||
return new Aphront404Response();
|
||||
}
|
||||
|
||||
$file = id(new PhabricatorFile())->loadOneWhere(
|
||||
'phid = %s',
|
||||
$paste->getFilePHID());
|
||||
$file = id(new PhabricatorFileQuery())
|
||||
->setViewer($user)
|
||||
->withPHIDs(array($paste->getFilePHID()))
|
||||
->executeOne();
|
||||
if (!$file) {
|
||||
return new Aphront400Response();
|
||||
}
|
||||
|
|
|
@ -162,9 +162,10 @@ final class PhabricatorPasteQuery
|
|||
|
||||
private function loadRawContent(array $pastes) {
|
||||
$file_phids = mpull($pastes, 'getFilePHID');
|
||||
$files = id(new PhabricatorFile())->loadAllWhere(
|
||||
'phid IN (%Ls)',
|
||||
$file_phids);
|
||||
$files = id(new PhabricatorFileQuery())
|
||||
->setViewer($this->getViewer())
|
||||
->withPHIDs($file_phids)
|
||||
->execute();
|
||||
$files = mpull($files, null, 'getPHID');
|
||||
|
||||
foreach ($pastes as $key => $paste) {
|
||||
|
|
|
@ -746,6 +746,8 @@ EOBODY;
|
|||
$src_phid = $this->getProfileImagePHID();
|
||||
|
||||
if ($src_phid) {
|
||||
// TODO: (T603) Can we get rid of this entirely and move it to
|
||||
// PeopleQuery with attach/attachable?
|
||||
$file = id(new PhabricatorFile())->loadOneWhere('phid = %s', $src_phid);
|
||||
if ($file) {
|
||||
$this->profileImage = $file->getBestURI();
|
||||
|
|
|
@ -34,9 +34,14 @@ final class PholioInlineThumbController extends PholioController {
|
|||
return new Aphront404Response();
|
||||
}
|
||||
|
||||
$file = id(new PhabricatorFile())->loadOneWhere(
|
||||
'phid = %s',
|
||||
$image->getFilePHID());
|
||||
$file = id(new PhabricatorFileQuery())
|
||||
->setViewer($user)
|
||||
->witHPHIDs(array($image->getFilePHID()))
|
||||
->executeOne();
|
||||
|
||||
if (!$file) {
|
||||
return new Aphront404Response();
|
||||
}
|
||||
|
||||
return id(new AphrontRedirectResponse())->setURI($file->getThumb60x45URI());
|
||||
}
|
||||
|
|
|
@ -104,9 +104,12 @@ final class PholioImageQuery
|
|||
assert_instances_of($images, 'PholioImage');
|
||||
|
||||
$file_phids = mpull($images, 'getFilePHID');
|
||||
$all_files = mpull(id(new PhabricatorFile())->loadAllWhere(
|
||||
'phid IN (%Ls)',
|
||||
$file_phids), null, 'getPHID');
|
||||
|
||||
$all_files = id(new PhabricatorFileQuery())
|
||||
->setViewer($this->getViewer())
|
||||
->withPHIDs($file_phids)
|
||||
->execute();
|
||||
$all_files = mpull($all_files, null, 'getPHID');
|
||||
|
||||
if ($this->needInlineComments) {
|
||||
$all_inline_comments = id(new PholioTransactionComment())
|
||||
|
|
|
@ -132,9 +132,12 @@ final class PholioMockQuery
|
|||
private function loadCoverFiles(array $mocks) {
|
||||
assert_instances_of($mocks, 'PholioMock');
|
||||
$cover_file_phids = mpull($mocks, 'getCoverPHID');
|
||||
$cover_files = mpull(id(new PhabricatorFile())->loadAllWhere(
|
||||
'phid IN (%Ls)',
|
||||
$cover_file_phids), null, 'getPHID');
|
||||
$cover_files = id(new PhabricatorFileQuery())
|
||||
->setViewer($this->getViewer())
|
||||
->withPHIDs($cover_file_phids)
|
||||
->execute();
|
||||
|
||||
$cover_files = mpull($cover_files, null, 'getPHID');
|
||||
|
||||
foreach ($mocks as $mock) {
|
||||
$file = idx($cover_files, $mock->getCoverPHID());
|
||||
|
|
|
@ -9,6 +9,7 @@ final class PhabricatorProjectProfile extends PhabricatorProjectDAO {
|
|||
public function loadProfileImageURI() {
|
||||
$src_phid = $this->getProfileImagePHID();
|
||||
|
||||
// TODO: (T603) Can we get rid of this and move it to a Query?
|
||||
$file = id(new PhabricatorFile())->loadOneWhere('phid = %s', $src_phid);
|
||||
if ($file) {
|
||||
return $file->getBestURI();
|
||||
|
|
|
@ -329,9 +329,10 @@ abstract class PhabricatorRepositoryCommitMessageParserWorker
|
|||
|
||||
$files = array();
|
||||
if ($file_phids) {
|
||||
$files = id(new PhabricatorFile())->loadAllWhere(
|
||||
'phid IN (%Ls)',
|
||||
$file_phids);
|
||||
$files = id(new PhabricatorFileQuery())
|
||||
->setViewer(PhabricatorUser::getOmnipotentUser())
|
||||
->withPHIDs($file_phids)
|
||||
->execute();
|
||||
$files = mpull($files, null, 'getPHID');
|
||||
}
|
||||
|
||||
|
|
|
@ -10,11 +10,12 @@ final class PhabricatorXHProfProfileController
|
|||
}
|
||||
|
||||
public function processRequest() {
|
||||
$request = $this->getRequest();
|
||||
|
||||
$file = id(new PhabricatorFile())->loadOneWhere(
|
||||
'phid = %s',
|
||||
$this->phid);
|
||||
|
||||
$file = id(new PhabricatorFileQuery())
|
||||
->setViewer($request->getUser())
|
||||
->withPHIDs(array($this->phid))
|
||||
->executeOne();
|
||||
if (!$file) {
|
||||
return new Aphront404Response();
|
||||
}
|
||||
|
@ -25,7 +26,6 @@ final class PhabricatorXHProfProfileController
|
|||
throw new Exception("Failed to unserialize XHProf profile!");
|
||||
}
|
||||
|
||||
$request = $this->getRequest();
|
||||
$symbol = $request->getStr('symbol');
|
||||
|
||||
$is_framed = $request->getBool('frame');
|
||||
|
|
Loading…
Reference in a new issue