diff --git a/src/__phutil_library_map__.php b/src/__phutil_library_map__.php index 3b5bbde35f..901b0a529b 100644 --- a/src/__phutil_library_map__.php +++ b/src/__phutil_library_map__.php @@ -1265,6 +1265,7 @@ phutil_register_library_map(array( 'PhabricatorCalendarEvent' => 'applications/calendar/storage/PhabricatorCalendarEvent.php', 'PhabricatorCalendarEventInvalidEpochException' => 'applications/calendar/exception/PhabricatorCalendarEventInvalidEpochException.php', 'PhabricatorCalendarEventOverlapException' => 'applications/calendar/exception/PhabricatorCalendarEventOverlapException.php', + 'PhabricatorCalendarEventQuery' => 'applications/calendar/query/PhabricatorCalendarEventQuery.php', 'PhabricatorCalendarHoliday' => 'applications/calendar/storage/PhabricatorCalendarHoliday.php', 'PhabricatorCalendarHolidayTestCase' => 'applications/calendar/storage/__tests__/PhabricatorCalendarHolidayTestCase.php', 'PhabricatorCalendarViewStatusController' => 'applications/calendar/controller/PhabricatorCalendarViewStatusController.php', @@ -3900,9 +3901,14 @@ phutil_register_library_map(array( 'PhabricatorCalendarDAO' => 'PhabricatorLiskDAO', 'PhabricatorCalendarDeleteStatusController' => 'PhabricatorCalendarController', 'PhabricatorCalendarEditStatusController' => 'PhabricatorCalendarController', - 'PhabricatorCalendarEvent' => 'PhabricatorCalendarDAO', + 'PhabricatorCalendarEvent' => + array( + 0 => 'PhabricatorCalendarDAO', + 1 => 'PhabricatorPolicyInterface', + ), 'PhabricatorCalendarEventInvalidEpochException' => 'Exception', 'PhabricatorCalendarEventOverlapException' => 'Exception', + 'PhabricatorCalendarEventQuery' => 'PhabricatorCursorPagedPolicyAwareQuery', 'PhabricatorCalendarHoliday' => 'PhabricatorCalendarDAO', 'PhabricatorCalendarHolidayTestCase' => 'PhabricatorTestCase', 'PhabricatorCalendarViewStatusController' => 'PhabricatorCalendarController', diff --git a/src/applications/calendar/controller/PhabricatorCalendarBrowseController.php b/src/applications/calendar/controller/PhabricatorCalendarBrowseController.php index 6a5e7e1ddd..bd1b9ffd13 100644 --- a/src/applications/calendar/controller/PhabricatorCalendarBrowseController.php +++ b/src/applications/calendar/controller/PhabricatorCalendarBrowseController.php @@ -19,11 +19,12 @@ final class PhabricatorCalendarBrowseController "{$year}-{$month}-01", "{$year}-{$month}-31"); - $statuses = id(new PhabricatorCalendarEvent()) - ->loadAllWhere( - 'dateTo >= %d AND dateFrom <= %d', + $statuses = id(new PhabricatorCalendarEventQuery()) + ->setViewer($user) + ->withDateRange( strtotime("{$year}-{$month}-01"), - strtotime("{$year}-{$month}-01 next month")); + strtotime("{$year}-{$month}-01 next month")) + ->execute(); if ($month == $month_d && $year == $year_d) { $month_view = new AphrontCalendarMonthView($month, $year, $day); diff --git a/src/applications/calendar/controller/PhabricatorCalendarDeleteStatusController.php b/src/applications/calendar/controller/PhabricatorCalendarDeleteStatusController.php index d4e312beee..e110762daa 100644 --- a/src/applications/calendar/controller/PhabricatorCalendarDeleteStatusController.php +++ b/src/applications/calendar/controller/PhabricatorCalendarDeleteStatusController.php @@ -12,15 +12,20 @@ final class PhabricatorCalendarDeleteStatusController public function processRequest() { $request = $this->getRequest(); $user = $request->getUser(); - $status = id(new PhabricatorCalendarEvent()) - ->loadOneWhere('id = %d', $this->id); + + $status = id(new PhabricatorCalendarEventQuery()) + ->setViewer($user) + ->withIDs(array($this->id)) + ->requireCapabilities( + array( + PhabricatorPolicyCapability::CAN_VIEW, + PhabricatorPolicyCapability::CAN_EDIT, + )) + ->executeOne(); if (!$status) { return new Aphront404Response(); } - if ($status->getUserPHID() != $user->getPHID()) { - return new Aphront403Response(); - } if ($request->isFormPost()) { $status->delete(); @@ -36,10 +41,8 @@ final class PhabricatorCalendarDeleteStatusController $dialog = new AphrontDialogView(); $dialog->setUser($user); $dialog->setTitle(pht('Really delete status?')); - $dialog->appendChild(phutil_tag( - 'p', - array(), - pht('Permanently delete this status? This action can not be undone.'))); + $dialog->appendChild( + pht('Permanently delete this status? This action can not be undone.')); $dialog->addSubmitButton(pht('Delete')); $dialog->addCancelButton( $this->getApplicationURI('status/edit/'.$status->getID().'/')); diff --git a/src/applications/calendar/controller/PhabricatorCalendarEditStatusController.php b/src/applications/calendar/controller/PhabricatorCalendarEditStatusController.php index 64aff975d9..416eb784de 100644 --- a/src/applications/calendar/controller/PhabricatorCalendarEditStatusController.php +++ b/src/applications/calendar/controller/PhabricatorCalendarEditStatusController.php @@ -38,18 +38,22 @@ final class PhabricatorCalendarEditStatusController $page_title = pht('Create Status'); $redirect = 'created'; } else { - $status = id(new PhabricatorCalendarEvent()) - ->loadOneWhere('id = %d', $this->id); + $status = id(new PhabricatorCalendarEventQuery()) + ->setViewer($user) + ->withIDs(array($this->id)) + ->requireCapabilities( + array( + PhabricatorPolicyCapability::CAN_VIEW, + PhabricatorPolicyCapability::CAN_EDIT, + )) + ->executeOne(); + $end_time->setValue($status->getDateTo()); $start_time->setValue($status->getDateFrom()); $submit_label = pht('Update'); $filter = 'status/edit/'.$status->getID().'/'; $page_title = pht('Update Status'); $redirect = 'updated'; - - if ($status->getUserPHID() != $user->getPHID()) { - return new Aphront403Response(); - } } $errors = array(); diff --git a/src/applications/calendar/controller/PhabricatorCalendarViewStatusController.php b/src/applications/calendar/controller/PhabricatorCalendarViewStatusController.php index c58efb9f9e..b1158baa7b 100644 --- a/src/applications/calendar/controller/PhabricatorCalendarViewStatusController.php +++ b/src/applications/calendar/controller/PhabricatorCalendarViewStatusController.php @@ -12,13 +12,15 @@ final class PhabricatorCalendarViewStatusController } public function processRequest() { - $request = $this->getRequest(); $user = $request->getUser(); $handle = $this->getHandle($this->phid); - $statuses = id(new PhabricatorCalendarEvent()) - ->loadAllWhere('userPHID = %s AND dateTo > UNIX_TIMESTAMP()', - $this->phid); + + $statuses = id(new PhabricatorCalendarEventQuery()) + ->setViewer($user) + ->withInvitedPHIDs(array($this->phid)) + ->withDateRange(time(), strtotime('2037-01-01 12:00:00')) + ->execute(); $nav = $this->buildSideNavView(); $nav->selectFilter($this->getFilter()); diff --git a/src/applications/calendar/query/PhabricatorCalendarEventQuery.php b/src/applications/calendar/query/PhabricatorCalendarEventQuery.php new file mode 100644 index 0000000000..58d04847b1 --- /dev/null +++ b/src/applications/calendar/query/PhabricatorCalendarEventQuery.php @@ -0,0 +1,76 @@ +ids = $ids; + return $this; + } + + public function withDateRange($begin, $end) { + $this->rangeBegin = $begin; + $this->rangeEnd = $end; + return $this; + } + + public function withInvitedPHIDs(array $phids) { + $this->invitedPHIDs = $phids; + return $this; + } + + protected function loadPage() { + $table = new PhabricatorCalendarEvent(); + $conn_r = $table->establishConnection('r'); + + $data = queryfx_all( + $conn_r, + 'SELECT * FROM %T %Q %Q %Q', + $table->getTableName(), + $this->buildWhereClause($conn_r), + $this->buildOrderClause($conn_r), + $this->buildLimitClause($conn_r)); + + return $table->loadAllFromArray($data); + } + + protected function buildWhereClause($conn_r) { + $where = array(); + + if ($this->ids) { + $where[] = qsprintf( + $conn_r, + 'id IN (%Ld)', + $this->ids); + } + + if ($this->rangeBegin || $this->rangeEnd) { + $where[] = qsprintf( + $conn_r, + 'dateTo >= %d AND dateFrom <= %d', + $this->rangeBegin, + $this->rangeEnd); + } + + if ($this->invitedPHIDs) { + $where[] = qsprintf( + $conn_r, + 'userPHID IN (%Ls)', + $this->invitedPHIDs); + } + + $where[] = $this->buildPagingClause($conn_r); + + return $this->formatWhereClause($where); + } + + public function getQueryApplicationClass() { + return 'PhabricatorApplicationCalendar'; + } + +} diff --git a/src/applications/calendar/storage/PhabricatorCalendarEvent.php b/src/applications/calendar/storage/PhabricatorCalendarEvent.php index 44c823285f..e925a3a89a 100644 --- a/src/applications/calendar/storage/PhabricatorCalendarEvent.php +++ b/src/applications/calendar/storage/PhabricatorCalendarEvent.php @@ -1,6 +1,8 @@ saveTransaction(); } + +/* -( PhabricatorPolicyInterface )----------------------------------------- */ + + + public function getCapabilities() { + return array( + PhabricatorPolicyCapability::CAN_VIEW, + PhabricatorPolicyCapability::CAN_EDIT, + ); + } + + public function getPolicy($capability) { + switch ($capability) { + case PhabricatorPolicyCapability::CAN_VIEW: + return PhabricatorPolicies::getMostOpenPolicy(); + case PhabricatorPolicyCapability::CAN_EDIT: + return $this->getUserPHID(); + } + } + + public function hasAutomaticCapability($capability, PhabricatorUser $viewer) { + return false; + } + + public function describeAutomaticCapability($capability) { + return null; + } + } diff --git a/src/applications/conpherence/query/ConpherenceThreadQuery.php b/src/applications/conpherence/query/ConpherenceThreadQuery.php index 474f6718d5..0c3e721d6e 100644 --- a/src/applications/conpherence/query/ConpherenceThreadQuery.php +++ b/src/applications/conpherence/query/ConpherenceThreadQuery.php @@ -221,12 +221,12 @@ final class ConpherenceThreadQuery $this->getViewer()); $start_epoch = $epochs['start_epoch']; $end_epoch = $epochs['end_epoch']; - $statuses = id(new PhabricatorCalendarEvent()) - ->loadAllWhere( - 'userPHID in (%Ls) AND dateTo >= %d AND dateFrom <= %d', - $participant_phids, - $start_epoch, - $end_epoch); + $statuses = id(new PhabricatorCalendarEventQuery()) + ->setViewer($this->getViewer()) + ->withInvitedPHIDs($participant_phids) + ->withDateRange($start_epoch, $end_epoch) + ->execute(); + $statuses = mgroup($statuses, 'getUserPHID'); // attached files