Add application and object level policy controls to Countdown

Summary: Ref T603. Give countdowns proper UI-level policy controls, and an application-level default policy. Put policy information in the header. Test Plan: - Adjusted default policy. - Created new countdowns. - Edited countdowns. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T603 Differential Revision: https://secure.phabricator.com/D7322
2024-11-25 16:22:43 +01:00 · 2013-10-16 10:36:08 -07:00 · 2013-10-16 10:36:08 -07:00 · 3410cbd53e
commit 3410cbd53e
parent e381022bc7
9 changed files with 77 additions and 25 deletions
--- a/resources/sql/patches/20131015.cpolicy.sql
+++ b/resources/sql/patches/20131015.cpolicy.sql
@ -0,0 +1,5 @@
+ALTER TABLE {$NAMESPACE}_countdown.countdown
+  ADD viewPolicy VARCHAR(64) NOT NULL;
+
+UPDATE {$NAMESPACE}_countdown.countdown
+  SET viewPolicy = 'users' WHERE viewPolicy = '';
--- a/src/__phutil_library_map__.php
+++ b/src/__phutil_library_map__.php
@ -1068,6 +1068,7 @@ phutil_register_library_map(array(
    'PhabricatorController' => 'applications/base/controller/PhabricatorController.php',
    'PhabricatorCoreConfigOptions' => 'applications/config/option/PhabricatorCoreConfigOptions.php',
    'PhabricatorCountdown' => 'applications/countdown/storage/PhabricatorCountdown.php',
+    'PhabricatorCountdownCapabilityDefaultView' => 'applications/countdown/capability/PhabricatorCountdownCapabilityDefaultView.php',
    'PhabricatorCountdownController' => 'applications/countdown/controller/PhabricatorCountdownController.php',
    'PhabricatorCountdownDAO' => 'applications/countdown/storage/PhabricatorCountdownDAO.php',
    'PhabricatorCountdownDeleteController' => 'applications/countdown/controller/PhabricatorCountdownDeleteController.php',
@ -3244,6 +3245,7 @@ phutil_register_library_map(array(
      0 => 'PhabricatorCountdownDAO',
      1 => 'PhabricatorPolicyInterface',
    ),
+    'PhabricatorCountdownCapabilityDefaultView' => 'PhabricatorPolicyCapability',
    'PhabricatorCountdownController' => 'PhabricatorController',
    'PhabricatorCountdownDAO' => 'PhabricatorLiskDAO',
    'PhabricatorCountdownDeleteController' => 'PhabricatorCountdownController',
--- a/src/applications/countdown/application/PhabricatorApplicationCountdown.php
+++ b/src/applications/countdown/application/PhabricatorApplicationCountdown.php
@ -1,8 +1,5 @@
 <?php

-/**
- * @group countdown
- */
 final class PhabricatorApplicationCountdown extends PhabricatorApplication {

  public function getBaseURI() {
@ -50,4 +47,12 @@ final class PhabricatorApplicationCountdown extends PhabricatorApplication {
    );
  }

+  public function getCustomCapabilities() {
+    return array(
+      PhabricatorCountdownCapabilityDefaultView::CAPABILITY => array(
+        'caption' => pht('Default view policy for new countdowns.'),
+      ),
+    );
+  }
+
 }
--- a/src/applications/countdown/capability/PhabricatorCountdownCapabilityDefaultView.php
+++ b/src/applications/countdown/capability/PhabricatorCountdownCapabilityDefaultView.php
@ -0,0 +1,20 @@
+<?php
+
+final class PhabricatorCountdownCapabilityDefaultView
+  extends PhabricatorPolicyCapability {
+
+  const CAPABILITY = 'countdown.default.view';
+
+  public function getCapabilityKey() {
+    return self::CAPABILITY;
+  }
+
+  public function getCapabilityName() {
+    return pht('Default View Policy');
+  }
+
+  public function shouldAllowPublicPolicySetting() {
+    return true;
+  }
+
+}
--- a/src/applications/countdown/controller/PhabricatorCountdownDeleteController.php
+++ b/src/applications/countdown/controller/PhabricatorCountdownDeleteController.php
@ -31,11 +31,6 @@ final class PhabricatorCountdownDeleteController
      return new Aphront404Response();
    }

-    if (($countdown->getAuthorPHID() !== $user->getPHID())
-        && $user->getIsAdmin() === false) {
-      return new Aphront403Response();
-    }
-
    if ($request->isFormPost()) {
      $countdown->delete();
      return id(new AphrontRedirectResponse())
--- a/src/applications/countdown/controller/PhabricatorCountdownEditController.php
+++ b/src/applications/countdown/controller/PhabricatorCountdownEditController.php
@ -27,24 +27,23 @@ final class PhabricatorCountdownEditController
            PhabricatorPolicyCapability::CAN_EDIT,
          ))
        ->executeOne();
-
-      // If no countdown is found
      if (!$countdown) {
        return new Aphront404Response();
      }
    } else {
      $page_title = pht('Create Countdown');
-      $countdown = new PhabricatorCountdown();
-      $countdown->setEpoch(time());
+      $countdown = PhabricatorCountdown::initializeNewCountdown($user);
    }

    $error_view = null;
-    $e_text = null;
+    $e_text = true;
+    $e_epoch = null;

    if ($request->isFormPost()) {
      $errors = array();
      $title = $request->getStr('title');
      $epoch = $request->getStr('epoch');
+      $view_policy = $request->getStr('viewPolicy');

      $e_text = null;
      if (!strlen($title)) {
@ -68,7 +67,7 @@ final class PhabricatorCountdownEditController
      if (!count($errors)) {
        $countdown->setTitle($title);
        $countdown->setEpoch($timestamp);
-        $countdown->setAuthorPHID($user->getPHID());
+        $countdown->setViewPolicy($view_policy);
        $countdown->save();
        return id(new AphrontRedirectResponse())
          ->setURI('/countdown/'.$countdown->getID().'/');
@ -106,6 +105,10 @@ final class PhabricatorCountdownEditController
      $submit_label = pht('Create Countdown');
    }

+    $policies = id(new PhabricatorPolicyQuery())
+      ->setViewer($user)
+      ->setObject($countdown)
+      ->execute();

    $form = id(new AphrontFormView())
      ->setUser($user)
@ -114,15 +117,24 @@ final class PhabricatorCountdownEditController
        id(new AphrontFormTextControl())
          ->setLabel(pht('Title'))
          ->setValue($countdown->getTitle())
-          ->setName('title'))
+          ->setName('title')
+          ->setError($e_text))
      ->appendChild(
        id(new AphrontFormTextControl())
          ->setLabel(pht('End Date'))
          ->setValue($display_epoch)
          ->setName('epoch')
+          ->setError($e_epoch)
          ->setCaption(pht('Examples: '.
            '2011-12-25 or 3 hours or '.
            'June 8 2011, 5 PM.')))
+      ->appendChild(
+        id(new AphrontFormPolicyControl())
+          ->setUser($user)
+          ->setName('viewPolicy')
+          ->setPolicyObject($countdown)
+          ->setPolicies($policies)
+          ->setCapability(PhabricatorPolicyCapability::CAN_VIEW))
      ->appendChild(
        id(new AphrontFormSubmitControl())
          ->addCancelButton($cancel_uri)
--- a/src/applications/countdown/controller/PhabricatorCountdownViewController.php
+++ b/src/applications/countdown/controller/PhabricatorCountdownViewController.php
@ -22,7 +22,6 @@ final class PhabricatorCountdownViewController
      ->setViewer($user)
      ->withIDs(array($this->id))
      ->executeOne();
-
    if (!$countdown) {
      return new Aphront404Response();
    }
@ -42,7 +41,9 @@ final class PhabricatorCountdownViewController
          ->setName("C{$id}"));

    $header = id(new PHUIHeaderView())
-      ->setHeader($title);
+      ->setHeader($title)
+      ->setUser($user)
+      ->setPolicyObject($countdown);

    $actions = $this->buildActionListView($countdown);
    $properties = $this->buildPropertyListView($countdown, $actions);
--- a/src/applications/countdown/storage/PhabricatorCountdown.php
+++ b/src/applications/countdown/storage/PhabricatorCountdown.php
@ -1,8 +1,5 @@
 <?php

-/**
- * @group countdown
- */
 final class PhabricatorCountdown
  extends PhabricatorCountdownDAO
  implements PhabricatorPolicyInterface {
@ -10,7 +7,22 @@ final class PhabricatorCountdown
  protected $title;
  protected $authorPHID;
  protected $epoch;
-  // protected $viewPolicy; //commented out till we have it on countdown table
+  protected $viewPolicy;
+
+  public static function initializeNewCountdown(PhabricatorUser $actor) {
+    $app = id(new PhabricatorApplicationQuery())
+      ->setViewer($actor)
+      ->withClasses(array('PhabricatorApplicationCountdown'))
+      ->executeOne();
+
+    $view_policy = $app->getPolicy(
+      PhabricatorCountdownCapabilityDefaultView::CAPABILITY);
+
+    return id(new PhabricatorCountdown())
+      ->setAuthorPHID($actor->getPHID())
+      ->setViewPolicy($view_policy)
+      ->setEpoch(PhabricatorTime::getNow());
+  }

  public function getConfiguration() {
    return array(
@ -23,10 +35,6 @@ final class PhabricatorCountdown
      PhabricatorCountdownPHIDTypeCountdown::TYPECONST);
  }

-  public function getViewPolicy() {
-    return PhabricatorPolicies::POLICY_USER;
-  }
-

 /* -(  PhabricatorPolicyInterface  )----------------------------------------- */

--- a/src/infrastructure/storage/patch/PhabricatorBuiltinPatchList.php
+++ b/src/infrastructure/storage/patch/PhabricatorBuiltinPatchList.php
@ -1672,6 +1672,10 @@ final class PhabricatorBuiltinPatchList extends PhabricatorSQLPatchList {
        'type' => 'sql',
        'name' => $this->getPatchPath('20131010.pstorage.sql'),
      ),
+      '20131015.cpolicy.sql' => array(
+        'type' => 'sql',
+        'name' => $this->getPatchPath('20131015.cpolicy.sql'),
+      ),
    );
  }
 }