mirror of
https://we.phorge.it/source/phorge.git
synced 2025-01-11 07:11:04 +01:00
Make document signatures visible to only document owners and signers
Summary: Ref T3116. Currently signatures are visible to anyone, but they should be more private than that. Instead, you can see a signature if: - It's a signature on a document you can edit; or - it's your signature. I'm going to lock down the signatures page a bit in general, but this makes sure that the root policy is correct. Test Plan: - Signed a document. - Viewed signatures of a document. Reviewers: chad Reviewed By: chad Subscribers: epriestley Maniphest Tasks: T3116 Differential Revision: https://secure.phabricator.com/D9764
This commit is contained in:
parent
0398559c8e
commit
45d61b7110
2 changed files with 48 additions and 10 deletions
|
@ -46,9 +46,32 @@ final class LegalpadDocumentSignatureQuery
|
||||||
$this->buildOrderClause($conn_r),
|
$this->buildOrderClause($conn_r),
|
||||||
$this->buildLimitClause($conn_r));
|
$this->buildLimitClause($conn_r));
|
||||||
|
|
||||||
$documents = $table->loadAllFromArray($data);
|
$signatures = $table->loadAllFromArray($data);
|
||||||
|
|
||||||
return $documents;
|
return $signatures;
|
||||||
|
}
|
||||||
|
|
||||||
|
protected function willFilterPage(array $signatures) {
|
||||||
|
$document_phids = mpull($signatures, 'getDocumentPHID');
|
||||||
|
|
||||||
|
$documents = id(new LegalpadDocumentQuery())
|
||||||
|
->setParentQuery($this)
|
||||||
|
->setViewer($this->getViewer())
|
||||||
|
->withPHIDs($document_phids)
|
||||||
|
->execute();
|
||||||
|
$documents = mpull($documents, null, 'getPHID');
|
||||||
|
|
||||||
|
foreach ($signatures as $key => $signature) {
|
||||||
|
$document_phid = $signature->getDocumentPHID();
|
||||||
|
$document = idx($documents, $document_phid);
|
||||||
|
if ($document) {
|
||||||
|
$signature->attachDocument($document);
|
||||||
|
} else {
|
||||||
|
unset($signatures[$key]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return $signatures;
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function buildWhereClause($conn_r) {
|
protected function buildWhereClause($conn_r) {
|
||||||
|
@ -56,35 +79,35 @@ final class LegalpadDocumentSignatureQuery
|
||||||
|
|
||||||
$where[] = $this->buildPagingClause($conn_r);
|
$where[] = $this->buildPagingClause($conn_r);
|
||||||
|
|
||||||
if ($this->ids) {
|
if ($this->ids !== null) {
|
||||||
$where[] = qsprintf(
|
$where[] = qsprintf(
|
||||||
$conn_r,
|
$conn_r,
|
||||||
'id IN (%Ld)',
|
'id IN (%Ld)',
|
||||||
$this->ids);
|
$this->ids);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($this->documentPHIDs) {
|
if ($this->documentPHIDs !== null) {
|
||||||
$where[] = qsprintf(
|
$where[] = qsprintf(
|
||||||
$conn_r,
|
$conn_r,
|
||||||
'documentPHID IN (%Ls)',
|
'documentPHID IN (%Ls)',
|
||||||
$this->documentPHIDs);
|
$this->documentPHIDs);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($this->signerPHIDs) {
|
if ($this->signerPHIDs !== null) {
|
||||||
$where[] = qsprintf(
|
$where[] = qsprintf(
|
||||||
$conn_r,
|
$conn_r,
|
||||||
'signerPHID IN (%Ls)',
|
'signerPHID IN (%Ls)',
|
||||||
$this->signerPHIDs);
|
$this->signerPHIDs);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($this->documentVersions) {
|
if ($this->documentVersions !== null) {
|
||||||
$where[] = qsprintf(
|
$where[] = qsprintf(
|
||||||
$conn_r,
|
$conn_r,
|
||||||
'documentVersion IN (%Ld)',
|
'documentVersion IN (%Ld)',
|
||||||
$this->documentVersions);
|
$this->documentVersions);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($this->secretKeys) {
|
if ($this->secretKeys !== null) {
|
||||||
$where[] = qsprintf(
|
$where[] = qsprintf(
|
||||||
$conn_r,
|
$conn_r,
|
||||||
'secretKey IN (%Ls)',
|
'secretKey IN (%Ls)',
|
||||||
|
|
|
@ -14,6 +14,8 @@ final class LegalpadDocumentSignature
|
||||||
protected $verified;
|
protected $verified;
|
||||||
protected $secretKey;
|
protected $secretKey;
|
||||||
|
|
||||||
|
private $document = self::ATTACHABLE;
|
||||||
|
|
||||||
public function getConfiguration() {
|
public function getConfiguration() {
|
||||||
return array(
|
return array(
|
||||||
self::CONFIG_SERIALIZATION => array(
|
self::CONFIG_SERIALIZATION => array(
|
||||||
|
@ -30,10 +32,22 @@ final class LegalpadDocumentSignature
|
||||||
}
|
}
|
||||||
|
|
||||||
public function isVerified() {
|
public function isVerified() {
|
||||||
return $this->getVerified() != self::UNVERIFIED;
|
return ($this->getVerified() != self::UNVERIFIED);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function getDocument() {
|
||||||
|
return $this->assertAttached($this->document);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function attachDocument(LegalpadDocument $document) {
|
||||||
|
$this->document = $document;
|
||||||
|
return $this;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/* -( PhabricatorPolicyInterface )----------------------------------------- */
|
/* -( PhabricatorPolicyInterface )----------------------------------------- */
|
||||||
|
|
||||||
|
|
||||||
public function getCapabilities() {
|
public function getCapabilities() {
|
||||||
return array(
|
return array(
|
||||||
PhabricatorPolicyCapability::CAN_VIEW,
|
PhabricatorPolicyCapability::CAN_VIEW,
|
||||||
|
@ -43,12 +57,13 @@ final class LegalpadDocumentSignature
|
||||||
public function getPolicy($capability) {
|
public function getPolicy($capability) {
|
||||||
switch ($capability) {
|
switch ($capability) {
|
||||||
case PhabricatorPolicyCapability::CAN_VIEW:
|
case PhabricatorPolicyCapability::CAN_VIEW:
|
||||||
return PhabricatorPolicies::POLICY_USER;
|
return $this->getDocument()->getPolicy(
|
||||||
|
PhabricatorPolicyCapability::CAN_EDIT);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public function hasAutomaticCapability($capability, PhabricatorUser $viewer) {
|
public function hasAutomaticCapability($capability, PhabricatorUser $viewer) {
|
||||||
return false;
|
return ($viewer->getPHID() == $this->getSignerPHID());
|
||||||
}
|
}
|
||||||
|
|
||||||
public function describeAutomaticCapability($capability) {
|
public function describeAutomaticCapability($capability) {
|
||||||
|
|
Loading…
Reference in a new issue