mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-18 12:52:42 +01:00
Straighten out reorder permissions on form configurations
Summary: Fixes T10012. The permissions here are little weird: you need edit permission on the //configurations//, not the //engines//. I was checking edit permission on the engines only. I should possibly make this a bit more consistent, the engine edit permission is just very convenient to use to enforce object create permission right now. I'll likely clean this up after T9789. Test Plan: - Tried to reorder forms as a less-privileged user, got proper policy errors. - Reordered forms normally as a regular user. Reviewers: chad Reviewed By: chad Subscribers: Luke081515.2 Maniphest Tasks: T10012 Differential Revision: https://secure.phabricator.com/D14824
This commit is contained in:
parent
a1a8b9ba65
commit
3f8e5c9620
4 changed files with 22 additions and 8 deletions
|
@ -7,7 +7,7 @@
|
|||
*/
|
||||
return array(
|
||||
'names' => array(
|
||||
'core.pkg.css' => 'faa11cbc',
|
||||
'core.pkg.css' => '4cf32aa0',
|
||||
'core.pkg.js' => 'e0379ae5',
|
||||
'darkconsole.pkg.js' => 'e7393ebb',
|
||||
'differential.pkg.css' => '2de124c9',
|
||||
|
@ -138,7 +138,7 @@ return array(
|
|||
'rsrc/css/phui/phui-image-mask.css' => '5a8b09c8',
|
||||
'rsrc/css/phui/phui-info-panel.css' => '27ea50a1',
|
||||
'rsrc/css/phui/phui-info-view.css' => '6d7c3509',
|
||||
'rsrc/css/phui/phui-list.css' => 'a789942a',
|
||||
'rsrc/css/phui/phui-list.css' => '9da2aa00',
|
||||
'rsrc/css/phui/phui-object-box.css' => '407eaf5a',
|
||||
'rsrc/css/phui/phui-object-item-list-view.css' => '26c30d3f',
|
||||
'rsrc/css/phui/phui-pager.css' => 'bea33d23',
|
||||
|
@ -812,7 +812,7 @@ return array(
|
|||
'phui-info-panel-css' => '27ea50a1',
|
||||
'phui-info-view-css' => '6d7c3509',
|
||||
'phui-inline-comment-view-css' => '0fdb3667',
|
||||
'phui-list-view-css' => 'a789942a',
|
||||
'phui-list-view-css' => '9da2aa00',
|
||||
'phui-object-box-css' => '407eaf5a',
|
||||
'phui-object-item-list-view-css' => '26c30d3f',
|
||||
'phui-pager-css' => 'bea33d23',
|
||||
|
|
|
@ -13,7 +13,8 @@ final class PhabricatorEditEngineConfigurationListController
|
|||
$engine_key = $request->getURIData('engineKey');
|
||||
$this->setEngineKey($engine_key);
|
||||
|
||||
$engine = PhabricatorEditEngine::getByKey($viewer, $engine_key);
|
||||
$engine = PhabricatorEditEngine::getByKey($viewer, $engine_key)
|
||||
->setViewer($viewer);
|
||||
|
||||
$items = array();
|
||||
$items[] = id(new PHUIListItemView())
|
||||
|
@ -23,9 +24,12 @@ final class PhabricatorEditEngineConfigurationListController
|
|||
$sort_create_uri = "/transactions/editengine/{$engine_key}/sort/create/";
|
||||
$sort_edit_uri = "/transactions/editengine/{$engine_key}/sort/edit/";
|
||||
|
||||
$can_edit = PhabricatorPolicyFilter::hasCapability(
|
||||
$builtins = $engine->getBuiltinEngineConfigurations();
|
||||
$builtin = head($builtins);
|
||||
|
||||
$can_sort = PhabricatorPolicyFilter::hasCapability(
|
||||
$viewer,
|
||||
$engine,
|
||||
$builtin,
|
||||
PhabricatorPolicyCapability::CAN_EDIT);
|
||||
|
||||
$items[] = id(new PHUIListItemView())
|
||||
|
@ -33,14 +37,14 @@ final class PhabricatorEditEngineConfigurationListController
|
|||
->setName(pht('Reorder Create Forms'))
|
||||
->setHref($sort_create_uri)
|
||||
->setWorkflow(true)
|
||||
->setDisabled(!$can_edit);
|
||||
->setDisabled(!$can_sort);
|
||||
|
||||
$items[] = id(new PHUIListItemView())
|
||||
->setType(PHUIListItemView::TYPE_LINK)
|
||||
->setName(pht('Reorder Edit Forms'))
|
||||
->setHref($sort_edit_uri)
|
||||
->setWorkflow(true)
|
||||
->setDisabled(!$can_edit);
|
||||
->setDisabled(!$can_sort);
|
||||
|
||||
return id(new PhabricatorEditEngineConfigurationSearchEngine())
|
||||
->setController($this)
|
||||
|
|
|
@ -39,6 +39,15 @@ final class PhabricatorEditEngineConfigurationSortController
|
|||
|
||||
$configs = $query->execute();
|
||||
|
||||
// Do this check here (instead of in the Query above) to get a proper
|
||||
// policy exception if the user doesn't satisfy
|
||||
foreach ($configs as $config) {
|
||||
PhabricatorPolicyFilter::requireCapability(
|
||||
$viewer,
|
||||
$config,
|
||||
PhabricatorPolicyCapability::CAN_EDIT);
|
||||
}
|
||||
|
||||
if ($is_create) {
|
||||
$configs = msort($configs, 'getCreateSortKey');
|
||||
} else {
|
||||
|
|
|
@ -62,6 +62,7 @@
|
|||
line-height: 18px;
|
||||
}
|
||||
|
||||
.phabricator-side-menu .phui-list-item-disabled .phui-list-item-href,
|
||||
.phui-list-sidenav .phui-list-item-disabled .phui-list-item-href {
|
||||
color: {$lightgreytext};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue