revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-09-20 17:28:51 +02:00
Code Issues Releases Wiki Activity

Make document signatures visible to only document owners and signers

Browse source 
Summary:
Ref T3116. Currently signatures are visible to anyone, but they should be more private than that. Instead, you can see a signature if:

  - It's a signature on a document you can edit; or
  - it's your signature.

I'm going to lock down the signatures page a bit in general, but this makes sure that the root policy is correct.

Test Plan:
  - Signed a document.
  - Viewed signatures of a document.

Reviewers: chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T3116

Differential Revision: https://secure.phabricator.com/D9764
This commit is contained in:
epriestley 2014-06-28 16:36:15 -07:00
parent 0398559c8e
commit 45d61b7110
2 changed files with 48 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

37
src/applications/legalpad/query/LegalpadDocumentSignatureQuery.php
View file

@ -46,9 +46,32 @@ final class LegalpadDocumentSignatureQuery
$this->buildOrderClause($conn_r), $this->buildOrderClause($conn_r),
$this->buildLimitClause($conn_r)); $this->buildLimitClause($conn_r));
$documents = $table->loadAllFromArray($data); $signatures = $table->loadAllFromArray($data);
return $documents; return $signatures;
}
protected function willFilterPage(array $signatures) {
$document_phids = mpull($signatures, 'getDocumentPHID');
$documents = id(new LegalpadDocumentQuery())
->setParentQuery($this)
->setViewer($this->getViewer())
->withPHIDs($document_phids)
->execute();
$documents = mpull($documents, null, 'getPHID');
foreach ($signatures as $key => $signature) {
$document_phid = $signature->getDocumentPHID();
$document = idx($documents, $document_phid);
if ($document) {
$signature->attachDocument($document);
} else {
unset($signatures[$key]);
}
}
return $signatures;
} }
protected function buildWhereClause($conn_r) { protected function buildWhereClause($conn_r) {
@ -56,35 +79,35 @@ final class LegalpadDocumentSignatureQuery
$where[] = $this->buildPagingClause($conn_r); $where[] = $this->buildPagingClause($conn_r);
if ($this->ids) { if ($this->ids !== null) {
$where[] = qsprintf( $where[] = qsprintf(
$conn_r, $conn_r,
'id IN (%Ld)', 'id IN (%Ld)',
$this->ids); $this->ids);
} }
if ($this->documentPHIDs) { if ($this->documentPHIDs !== null) {
$where[] = qsprintf( $where[] = qsprintf(
$conn_r, $conn_r,
'documentPHID IN (%Ls)', 'documentPHID IN (%Ls)',
$this->documentPHIDs); $this->documentPHIDs);
} }
if ($this->signerPHIDs) { if ($this->signerPHIDs !== null) {
$where[] = qsprintf( $where[] = qsprintf(
$conn_r, $conn_r,
'signerPHID IN (%Ls)', 'signerPHID IN (%Ls)',
$this->signerPHIDs); $this->signerPHIDs);
} }
if ($this->documentVersions) { if ($this->documentVersions !== null) {
$where[] = qsprintf( $where[] = qsprintf(
$conn_r, $conn_r,
'documentVersion IN (%Ld)', 'documentVersion IN (%Ld)',
$this->documentVersions); $this->documentVersions);
} }
if ($this->secretKeys) { if ($this->secretKeys !== null) {
$where[] = qsprintf( $where[] = qsprintf(
$conn_r, $conn_r,
'secretKey IN (%Ls)', 'secretKey IN (%Ls)',

21
src/applications/legalpad/storage/LegalpadDocumentSignature.php
View file

@ -14,6 +14,8 @@ final class LegalpadDocumentSignature
protected $verified; protected $verified;
protected $secretKey; protected $secretKey;
private $document = self::ATTACHABLE;
public function getConfiguration() { public function getConfiguration() {
return array( return array(
self::CONFIG_SERIALIZATION => array( self::CONFIG_SERIALIZATION => array(
@ -30,10 +32,22 @@ final class LegalpadDocumentSignature
} }
public function isVerified() { public function isVerified() {
return $this->getVerified() != self::UNVERIFIED; return ($this->getVerified() != self::UNVERIFIED);
} }
public function getDocument() {
return $this->assertAttached($this->document);
}
public function attachDocument(LegalpadDocument $document) {
$this->document = $document;
return $this;
}
/* -( PhabricatorPolicyInterface )----------------------------------------- */ /* -( PhabricatorPolicyInterface )----------------------------------------- */
public function getCapabilities() { public function getCapabilities() {
return array( return array(
PhabricatorPolicyCapability::CAN_VIEW, PhabricatorPolicyCapability::CAN_VIEW,
@ -43,12 +57,13 @@ final class LegalpadDocumentSignature
public function getPolicy($capability) { public function getPolicy($capability) {
switch ($capability) { switch ($capability) {
case PhabricatorPolicyCapability::CAN_VIEW: case PhabricatorPolicyCapability::CAN_VIEW:
return PhabricatorPolicies::POLICY_USER; return $this->getDocument()->getPolicy(
PhabricatorPolicyCapability::CAN_EDIT);
} }
} }
public function hasAutomaticCapability($capability, PhabricatorUser $viewer) { public function hasAutomaticCapability($capability, PhabricatorUser $viewer) {
return false; return ($viewer->getPHID() == $this->getSignerPHID());
} }
public function describeAutomaticCapability($capability) { public function describeAutomaticCapability($capability) {