revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-18 12:52:42 +01:00
Code Issues Releases Wiki Activity

Straighten out reorder permissions on form configurations

Browse source 
Summary:
Fixes T10012. The permissions here are little weird: you need edit permission on the //configurations//, not the //engines//. I was checking edit permission on the engines only.

I should possibly make this a bit more consistent, the engine edit permission is just very convenient to use to enforce object create permission right now. I'll likely clean this up after T9789.

Test Plan:
  - Tried to reorder forms as a less-privileged user, got proper policy errors.
  - Reordered forms normally as a regular user.

Reviewers: chad

Reviewed By: chad

Subscribers: Luke081515.2

Maniphest Tasks: T10012

Differential Revision: https://secure.phabricator.com/D14824
This commit is contained in:
epriestley 2015-12-19 06:29:48 -08:00
parent a1a8b9ba65
commit 3f8e5c9620
4 changed files with 22 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
resources/celerity/map.php
View file

@ -7,7 +7,7 @@
*/ */
return array( return array(
'names' => array( 'names' => array(
'core.pkg.css' => 'faa11cbc', 'core.pkg.css' => '4cf32aa0',
'core.pkg.js' => 'e0379ae5', 'core.pkg.js' => 'e0379ae5',
'darkconsole.pkg.js' => 'e7393ebb', 'darkconsole.pkg.js' => 'e7393ebb',
'differential.pkg.css' => '2de124c9', 'differential.pkg.css' => '2de124c9',
@ -138,7 +138,7 @@ return array(
'rsrc/css/phui/phui-image-mask.css' => '5a8b09c8', 'rsrc/css/phui/phui-image-mask.css' => '5a8b09c8',
'rsrc/css/phui/phui-info-panel.css' => '27ea50a1', 'rsrc/css/phui/phui-info-panel.css' => '27ea50a1',
'rsrc/css/phui/phui-info-view.css' => '6d7c3509', 'rsrc/css/phui/phui-info-view.css' => '6d7c3509',
'rsrc/css/phui/phui-list.css' => 'a789942a', 'rsrc/css/phui/phui-list.css' => '9da2aa00',
'rsrc/css/phui/phui-object-box.css' => '407eaf5a', 'rsrc/css/phui/phui-object-box.css' => '407eaf5a',
'rsrc/css/phui/phui-object-item-list-view.css' => '26c30d3f', 'rsrc/css/phui/phui-object-item-list-view.css' => '26c30d3f',
'rsrc/css/phui/phui-pager.css' => 'bea33d23', 'rsrc/css/phui/phui-pager.css' => 'bea33d23',
@ -812,7 +812,7 @@ return array(
'phui-info-panel-css' => '27ea50a1', 'phui-info-panel-css' => '27ea50a1',
'phui-info-view-css' => '6d7c3509', 'phui-info-view-css' => '6d7c3509',
'phui-inline-comment-view-css' => '0fdb3667', 'phui-inline-comment-view-css' => '0fdb3667',
'phui-list-view-css' => 'a789942a', 'phui-list-view-css' => '9da2aa00',
'phui-object-box-css' => '407eaf5a', 'phui-object-box-css' => '407eaf5a',
'phui-object-item-list-view-css' => '26c30d3f', 'phui-object-item-list-view-css' => '26c30d3f',
'phui-pager-css' => 'bea33d23', 'phui-pager-css' => 'bea33d23',

14
src/applications/transactions/controller/PhabricatorEditEngineConfigurationListController.php
View file

@ -13,7 +13,8 @@ final class PhabricatorEditEngineConfigurationListController
$engine_key = $request->getURIData('engineKey'); $engine_key = $request->getURIData('engineKey');
$this->setEngineKey($engine_key); $this->setEngineKey($engine_key);
$engine = PhabricatorEditEngine::getByKey($viewer, $engine_key); $engine = PhabricatorEditEngine::getByKey($viewer, $engine_key)
->setViewer($viewer);
$items = array(); $items = array();
$items[] = id(new PHUIListItemView()) $items[] = id(new PHUIListItemView())
@ -23,9 +24,12 @@ final class PhabricatorEditEngineConfigurationListController
$sort_create_uri = "/transactions/editengine/{$engine_key}/sort/create/"; $sort_create_uri = "/transactions/editengine/{$engine_key}/sort/create/";
$sort_edit_uri = "/transactions/editengine/{$engine_key}/sort/edit/"; $sort_edit_uri = "/transactions/editengine/{$engine_key}/sort/edit/";
$can_edit = PhabricatorPolicyFilter::hasCapability( $builtins = $engine->getBuiltinEngineConfigurations();
$builtin = head($builtins);
$can_sort = PhabricatorPolicyFilter::hasCapability(
$viewer, $viewer,
$engine, $builtin,
PhabricatorPolicyCapability::CAN_EDIT); PhabricatorPolicyCapability::CAN_EDIT);
$items[] = id(new PHUIListItemView()) $items[] = id(new PHUIListItemView())
@ -33,14 +37,14 @@ final class PhabricatorEditEngineConfigurationListController
->setName(pht('Reorder Create Forms')) ->setName(pht('Reorder Create Forms'))
->setHref($sort_create_uri) ->setHref($sort_create_uri)
->setWorkflow(true) ->setWorkflow(true)
->setDisabled(!$can_edit); ->setDisabled(!$can_sort);
$items[] = id(new PHUIListItemView()) $items[] = id(new PHUIListItemView())
->setType(PHUIListItemView::TYPE_LINK) ->setType(PHUIListItemView::TYPE_LINK)
->setName(pht('Reorder Edit Forms')) ->setName(pht('Reorder Edit Forms'))
->setHref($sort_edit_uri) ->setHref($sort_edit_uri)
->setWorkflow(true) ->setWorkflow(true)
->setDisabled(!$can_edit); ->setDisabled(!$can_sort);
return id(new PhabricatorEditEngineConfigurationSearchEngine()) return id(new PhabricatorEditEngineConfigurationSearchEngine())
->setController($this) ->setController($this)

9
src/applications/transactions/controller/PhabricatorEditEngineConfigurationSortController.php
View file

@ -39,6 +39,15 @@ final class PhabricatorEditEngineConfigurationSortController
$configs = $query->execute(); $configs = $query->execute();
// Do this check here (instead of in the Query above) to get a proper
// policy exception if the user doesn't satisfy
foreach ($configs as $config) {
PhabricatorPolicyFilter::requireCapability(
$viewer,
$config,
PhabricatorPolicyCapability::CAN_EDIT);
}
if ($is_create) { if ($is_create) {
$configs = msort($configs, 'getCreateSortKey'); $configs = msort($configs, 'getCreateSortKey');
} else { } else {

1
webroot/rsrc/css/phui/phui-list.css
View file

@ -62,6 +62,7 @@
line-height: 18px; line-height: 18px;
} }
.phabricator-side-menu .phui-list-item-disabled .phui-list-item-href,
.phui-list-sidenav .phui-list-item-disabled .phui-list-item-href { .phui-list-sidenav .phui-list-item-disabled .phui-list-item-href {
color: {$lightgreytext}; color: {$lightgreytext};
} }