mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-23 05:50:55 +01:00
Make document signatures visible to only document owners and signers
Summary: Ref T3116. Currently signatures are visible to anyone, but they should be more private than that. Instead, you can see a signature if: - It's a signature on a document you can edit; or - it's your signature. I'm going to lock down the signatures page a bit in general, but this makes sure that the root policy is correct. Test Plan: - Signed a document. - Viewed signatures of a document. Reviewers: chad Reviewed By: chad Subscribers: epriestley Maniphest Tasks: T3116 Differential Revision: https://secure.phabricator.com/D9764
This commit is contained in:
parent
0398559c8e
commit
45d61b7110
2 changed files with 48 additions and 10 deletions
|
@ -46,9 +46,32 @@ final class LegalpadDocumentSignatureQuery
|
|||
$this->buildOrderClause($conn_r),
|
||||
$this->buildLimitClause($conn_r));
|
||||
|
||||
$documents = $table->loadAllFromArray($data);
|
||||
$signatures = $table->loadAllFromArray($data);
|
||||
|
||||
return $documents;
|
||||
return $signatures;
|
||||
}
|
||||
|
||||
protected function willFilterPage(array $signatures) {
|
||||
$document_phids = mpull($signatures, 'getDocumentPHID');
|
||||
|
||||
$documents = id(new LegalpadDocumentQuery())
|
||||
->setParentQuery($this)
|
||||
->setViewer($this->getViewer())
|
||||
->withPHIDs($document_phids)
|
||||
->execute();
|
||||
$documents = mpull($documents, null, 'getPHID');
|
||||
|
||||
foreach ($signatures as $key => $signature) {
|
||||
$document_phid = $signature->getDocumentPHID();
|
||||
$document = idx($documents, $document_phid);
|
||||
if ($document) {
|
||||
$signature->attachDocument($document);
|
||||
} else {
|
||||
unset($signatures[$key]);
|
||||
}
|
||||
}
|
||||
|
||||
return $signatures;
|
||||
}
|
||||
|
||||
protected function buildWhereClause($conn_r) {
|
||||
|
@ -56,35 +79,35 @@ final class LegalpadDocumentSignatureQuery
|
|||
|
||||
$where[] = $this->buildPagingClause($conn_r);
|
||||
|
||||
if ($this->ids) {
|
||||
if ($this->ids !== null) {
|
||||
$where[] = qsprintf(
|
||||
$conn_r,
|
||||
'id IN (%Ld)',
|
||||
$this->ids);
|
||||
}
|
||||
|
||||
if ($this->documentPHIDs) {
|
||||
if ($this->documentPHIDs !== null) {
|
||||
$where[] = qsprintf(
|
||||
$conn_r,
|
||||
'documentPHID IN (%Ls)',
|
||||
$this->documentPHIDs);
|
||||
}
|
||||
|
||||
if ($this->signerPHIDs) {
|
||||
if ($this->signerPHIDs !== null) {
|
||||
$where[] = qsprintf(
|
||||
$conn_r,
|
||||
'signerPHID IN (%Ls)',
|
||||
$this->signerPHIDs);
|
||||
}
|
||||
|
||||
if ($this->documentVersions) {
|
||||
if ($this->documentVersions !== null) {
|
||||
$where[] = qsprintf(
|
||||
$conn_r,
|
||||
'documentVersion IN (%Ld)',
|
||||
$this->documentVersions);
|
||||
}
|
||||
|
||||
if ($this->secretKeys) {
|
||||
if ($this->secretKeys !== null) {
|
||||
$where[] = qsprintf(
|
||||
$conn_r,
|
||||
'secretKey IN (%Ls)',
|
||||
|
|
|
@ -14,6 +14,8 @@ final class LegalpadDocumentSignature
|
|||
protected $verified;
|
||||
protected $secretKey;
|
||||
|
||||
private $document = self::ATTACHABLE;
|
||||
|
||||
public function getConfiguration() {
|
||||
return array(
|
||||
self::CONFIG_SERIALIZATION => array(
|
||||
|
@ -30,10 +32,22 @@ final class LegalpadDocumentSignature
|
|||
}
|
||||
|
||||
public function isVerified() {
|
||||
return $this->getVerified() != self::UNVERIFIED;
|
||||
return ($this->getVerified() != self::UNVERIFIED);
|
||||
}
|
||||
|
||||
public function getDocument() {
|
||||
return $this->assertAttached($this->document);
|
||||
}
|
||||
|
||||
public function attachDocument(LegalpadDocument $document) {
|
||||
$this->document = $document;
|
||||
return $this;
|
||||
}
|
||||
|
||||
|
||||
/* -( PhabricatorPolicyInterface )----------------------------------------- */
|
||||
|
||||
|
||||
public function getCapabilities() {
|
||||
return array(
|
||||
PhabricatorPolicyCapability::CAN_VIEW,
|
||||
|
@ -43,12 +57,13 @@ final class LegalpadDocumentSignature
|
|||
public function getPolicy($capability) {
|
||||
switch ($capability) {
|
||||
case PhabricatorPolicyCapability::CAN_VIEW:
|
||||
return PhabricatorPolicies::POLICY_USER;
|
||||
return $this->getDocument()->getPolicy(
|
||||
PhabricatorPolicyCapability::CAN_EDIT);
|
||||
}
|
||||
}
|
||||
|
||||
public function hasAutomaticCapability($capability, PhabricatorUser $viewer) {
|
||||
return false;
|
||||
return ($viewer->getPHID() == $this->getSignerPHID());
|
||||
}
|
||||
|
||||
public function describeAutomaticCapability($capability) {
|
||||
|
|
Loading…
Reference in a new issue