Make projects policy-aware

Summary: We managed to move enough Owners stuff aside to make this reasonable; make projects implement the policy interface and projectquery use cursor-based paging. Test Plan: - Grepped for ProjectQuery callsites. - Created an audit comment. - Used `project.query` to query projects. - Loaded homepage. - Viewed Maniphest task list, grouped by project. - Viewed project list. - Created / edited project. - Browsed Owners. Reviewers: vrana, btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T603 Differential Revision: https://secure.phabricator.com/D3200
2024-11-10 08:52:39 +01:00 · 2012-08-08 17:10:10 -07:00 · 2012-08-08 17:10:10 -07:00 · 330b0a3d4b
commit 330b0a3d4b
parent fd3ba9841b
9 changed files with 41 additions and 6 deletions
--- a/src/__phutil_library_map__.php
+++ b/src/__phutil_library_map__.php
@ -1949,7 +1949,7 @@ phutil_register_library_map(array(
    'PhabricatorProjectProfile' => 'PhabricatorProjectDAO',
    'PhabricatorProjectProfileController' => 'PhabricatorProjectController',
    'PhabricatorProjectProfileEditController' => 'PhabricatorProjectController',
-    'PhabricatorProjectQuery' => 'PhabricatorOffsetPagedQuery',
+    'PhabricatorProjectQuery' => 'PhabricatorCursorPagedPolicyQuery',
    'PhabricatorProjectTransaction' => 'PhabricatorProjectDAO',
    'PhabricatorProjectTransactionType' => 'PhabricatorProjectConstants',
    'PhabricatorProjectUpdateController' => 'PhabricatorProjectController',
--- a/src/applications/audit/editor/PhabricatorAuditCommentEditor.php
+++ b/src/applications/audit/editor/PhabricatorAuditCommentEditor.php
@ -323,6 +323,10 @@ final class PhabricatorAuditCommentEditor {

    // The user can audit on behalf of all projects they are a member of.
    $query = new PhabricatorProjectQuery();
+
+    // TODO: As above.
+    $query->setViewer($user);
+
    $query->withMemberPHIDs(array($user->getPHID()));
    $projects = $query->execute();
    foreach ($projects as $project) {
--- a/src/applications/conduit/method/project/ConduitAPI_project_query_Method.php
+++ b/src/applications/conduit/method/project/ConduitAPI_project_query_Method.php
@ -58,6 +58,7 @@ final class ConduitAPI_project_query_Method extends ConduitAPI_project_Method {

  protected function execute(ConduitAPIRequest $request) {
    $query = new PhabricatorProjectQuery();
+    $query->setViewer($request->getUser());
    $query->needMembers(true);

    $ids = $request->getValue('ids');
--- a/src/applications/directory/controller/PhabricatorDirectoryMainController.php
+++ b/src/applications/directory/controller/PhabricatorDirectoryMainController.php
@ -40,6 +40,7 @@ final class PhabricatorDirectoryMainController
      case 'home':
      case 'feed':
        $project_query = new PhabricatorProjectQuery();
+        $project_query->setViewer($user);
        $project_query->withMemberPHIDs(array($user->getPHID()));
        $projects = $project_query->execute();
        break;
--- a/src/applications/maniphest/controller/ManiphestTaskListController.php
+++ b/src/applications/maniphest/controller/ManiphestTaskListController.php
@ -690,6 +690,7 @@ final class ManiphestTaskListController extends ManiphestController {

    if ($this->view == 'projecttriage' || $this->view == 'projectall') {
      $project_query = new PhabricatorProjectQuery();
+      $project_query->setViewer($user);
      $project_query->withMemberPHIDs($user_phids);
      $projects = $project_query->execute();
      $project_phids = mpull($projects, 'getPHID');
--- a/src/applications/owners/query/PhabricatorOwnersPackageQuery.php
+++ b/src/applications/owners/query/PhabricatorOwnersPackageQuery.php
@ -65,6 +65,7 @@ final class PhabricatorOwnersPackageQuery
      $base_phids = $this->ownerPHIDs;

      $query = new PhabricatorProjectQuery();
+      $query->setViewer($this->getViewer());
      $query->withMemberPHIDs($base_phids);
      $projects = $query->execute();
      $project_phids = mpull($projects, 'getPHID');
--- a/src/applications/project/controller/PhabricatorProjectListController.php
+++ b/src/applications/project/controller/PhabricatorProjectListController.php
@ -45,6 +45,7 @@ final class PhabricatorProjectListController
    $pager->setOffset($request->getInt('page'));

    $query = new PhabricatorProjectQuery();
+    $query->setViewer($request->getUser());
    $query->setOffset($pager->getOffset());
    $query->setLimit($pager->getPageSize() + 1);

--- a/src/applications/project/query/PhabricatorProjectQuery.php
+++ b/src/applications/project/query/PhabricatorProjectQuery.php
@ -16,7 +16,7 @@
 * limitations under the License.
 */

-final class PhabricatorProjectQuery extends PhabricatorOffsetPagedQuery {
+final class PhabricatorProjectQuery extends PhabricatorCursorPagedPolicyQuery {

  private $ids;
  private $phids;
@ -56,7 +56,15 @@ final class PhabricatorProjectQuery extends PhabricatorOffsetPagedQuery {
    return $this;
  }

-  public function execute() {
+  protected function getPagingColumn() {
+    return 'name';
+  }
+
+  protected function getPagingValue($result) {
+    return $result->getName();
+  }
+
+  public function loadPage() {
    $table = new PhabricatorProject();
    $conn_r = $table->establishConnection('r');

@ -73,13 +81,14 @@ final class PhabricatorProjectQuery extends PhabricatorOffsetPagedQuery {
    $projects = $table->loadAllFromArray($data);

    if ($projects && $this->needMembers) {
+      $etype = PhabricatorEdgeConfig::TYPE_PROJ_MEMBER;
      $members = id(new PhabricatorEdgeQuery())
        ->withSourcePHIDs(mpull($projects, 'getPHID'))
-        ->withTypes(array(PhabricatorEdgeConfig::TYPE_PROJ_MEMBER))
+        ->withEdgeTypes(array($etype))
        ->execute();
      foreach ($projects as $project) {
        $phid = $project->getPHID();
-        $project->attachMemberPHIDs(array_keys($members[$phid]));
+        $project->attachMemberPHIDs(array_keys($members[$phid][$etype]));
      }
    }

@ -135,6 +144,8 @@ final class PhabricatorProjectQuery extends PhabricatorOffsetPagedQuery {
        $this->memberPHIDs);
    }

+    $where[] = $this->buildPagingClause($conn_r);
+
    return $this->formatWhereClause($where);
  }

--- a/src/applications/project/storage/PhabricatorProject.php
+++ b/src/applications/project/storage/PhabricatorProject.php
@ -16,7 +16,8 @@
 * limitations under the License.
 */

-final class PhabricatorProject extends PhabricatorProjectDAO {
+final class PhabricatorProject extends PhabricatorProjectDAO
+  implements PhabricatorPolicyInterface {

  protected $name;
  protected $phid;
@ -28,6 +29,20 @@ final class PhabricatorProject extends PhabricatorProjectDAO {
  private $subprojectsNeedUpdate;
  private $memberPHIDs;

+  public function getCapabilities() {
+    return array(
+      PhabricatorPolicyCapability::CAN_VIEW,
+    );
+  }
+
+  public function getPolicy($capability) {
+    return PhabricatorPolicies::POLICY_USER;
+  }
+
+  public function hasAutomaticCapability($capability, PhabricatorUser $viewer) {
+    return false;
+  }
+
  public function getConfiguration() {
    return array(
      self::CONFIG_AUX_PHID => true,