1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-23 05:50:55 +01:00

Make document signatures visible to only document owners and signers

Summary:
Ref T3116. Currently signatures are visible to anyone, but they should be more private than that. Instead, you can see a signature if:

  - It's a signature on a document you can edit; or
  - it's your signature.

I'm going to lock down the signatures page a bit in general, but this makes sure that the root policy is correct.

Test Plan:
  - Signed a document.
  - Viewed signatures of a document.

Reviewers: chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T3116

Differential Revision: https://secure.phabricator.com/D9764
This commit is contained in:
epriestley 2014-06-28 16:36:15 -07:00
parent 0398559c8e
commit 45d61b7110
2 changed files with 48 additions and 10 deletions

View file

@ -46,9 +46,32 @@ final class LegalpadDocumentSignatureQuery
$this->buildOrderClause($conn_r),
$this->buildLimitClause($conn_r));
$documents = $table->loadAllFromArray($data);
$signatures = $table->loadAllFromArray($data);
return $documents;
return $signatures;
}
protected function willFilterPage(array $signatures) {
$document_phids = mpull($signatures, 'getDocumentPHID');
$documents = id(new LegalpadDocumentQuery())
->setParentQuery($this)
->setViewer($this->getViewer())
->withPHIDs($document_phids)
->execute();
$documents = mpull($documents, null, 'getPHID');
foreach ($signatures as $key => $signature) {
$document_phid = $signature->getDocumentPHID();
$document = idx($documents, $document_phid);
if ($document) {
$signature->attachDocument($document);
} else {
unset($signatures[$key]);
}
}
return $signatures;
}
protected function buildWhereClause($conn_r) {
@ -56,35 +79,35 @@ final class LegalpadDocumentSignatureQuery
$where[] = $this->buildPagingClause($conn_r);
if ($this->ids) {
if ($this->ids !== null) {
$where[] = qsprintf(
$conn_r,
'id IN (%Ld)',
$this->ids);
}
if ($this->documentPHIDs) {
if ($this->documentPHIDs !== null) {
$where[] = qsprintf(
$conn_r,
'documentPHID IN (%Ls)',
$this->documentPHIDs);
}
if ($this->signerPHIDs) {
if ($this->signerPHIDs !== null) {
$where[] = qsprintf(
$conn_r,
'signerPHID IN (%Ls)',
$this->signerPHIDs);
}
if ($this->documentVersions) {
if ($this->documentVersions !== null) {
$where[] = qsprintf(
$conn_r,
'documentVersion IN (%Ld)',
$this->documentVersions);
}
if ($this->secretKeys) {
if ($this->secretKeys !== null) {
$where[] = qsprintf(
$conn_r,
'secretKey IN (%Ls)',

View file

@ -14,6 +14,8 @@ final class LegalpadDocumentSignature
protected $verified;
protected $secretKey;
private $document = self::ATTACHABLE;
public function getConfiguration() {
return array(
self::CONFIG_SERIALIZATION => array(
@ -30,10 +32,22 @@ final class LegalpadDocumentSignature
}
public function isVerified() {
return $this->getVerified() != self::UNVERIFIED;
return ($this->getVerified() != self::UNVERIFIED);
}
public function getDocument() {
return $this->assertAttached($this->document);
}
public function attachDocument(LegalpadDocument $document) {
$this->document = $document;
return $this;
}
/* -( PhabricatorPolicyInterface )----------------------------------------- */
public function getCapabilities() {
return array(
PhabricatorPolicyCapability::CAN_VIEW,
@ -43,12 +57,13 @@ final class LegalpadDocumentSignature
public function getPolicy($capability) {
switch ($capability) {
case PhabricatorPolicyCapability::CAN_VIEW:
return PhabricatorPolicies::POLICY_USER;
return $this->getDocument()->getPolicy(
PhabricatorPolicyCapability::CAN_EDIT);
}
}
public function hasAutomaticCapability($capability, PhabricatorUser $viewer) {
return false;
return ($viewer->getPHID() == $this->getSignerPHID());
}
public function describeAutomaticCapability($capability) {