1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-21 04:50:55 +01:00

Add user omnipotence

Summary:
Daemons (and probably a few other things) need to make queries without having a real user. Introduce a formal omnipotent user who can bypass any policy restriction.

(I called this "ominpotent" rather than "omniscient" because it can bypass CAN_EDIT, CAN_JOIN, etc. "Omnicapable" might be a better word, but AFAIK is not a real word.)

Test Plan: Unit tests.

Reviewers: vrana, edward

Reviewed By: edward

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D5149
This commit is contained in:
epriestley 2013-02-28 11:01:40 -08:00
parent ea3472e87b
commit 57cce93e5a
3 changed files with 54 additions and 0 deletions

View file

@ -26,6 +26,7 @@ final class PhabricatorUser extends PhabricatorUserDAO implements PhutilPerson {
protected $isDisabled = 0;
private $preferences = null;
private $omnipotent = false;
protected function readField($field) {
switch ($field) {
@ -661,4 +662,35 @@ EOBODY;
$email->getUserPHID());
}
/* -( Omnipotence )-------------------------------------------------------- */
/**
* Returns true if this user is omnipotent. Omnipotent users bypass all policy
* checks.
*
* @return bool True if the user bypasses policy checks.
*/
public function isOmnipotent() {
return $this->omnipotent;
}
/**
* Get an omnipotent user object for use in contexts where there is no acting
* user, notably daemons.
*
* @return PhabricatorUser An omnipotent user.
*/
public static function getOmnipotentUser() {
static $user = null;
if (!$user) {
$user = new PhabricatorUser();
$user->omnipotent = true;
$user->makeEphemeral();
}
return $user;
}
}

View file

@ -154,6 +154,24 @@ final class PhabricatorPolicyTestCase extends PhabricatorTestCase {
}
/**
* Test that omnipotent users bypass policies.
*/
public function testOmnipotence() {
$results = array(
$this->buildObject(PhabricatorPolicies::POLICY_NOONE),
);
$query = new PhabricatorPolicyAwareTestQuery();
$query->setResults($results);
$query->setViewer(PhabricatorUser::getOmnipotentUser());
$this->assertEqual(
1,
count($query->execute()));
}
/**
* Test an object for visibility across multiple user specifications.
*/

View file

@ -173,6 +173,10 @@ final class PhabricatorPolicyFilter {
$viewer = $this->viewer;
if ($viewer->isOmnipotent()) {
return true;
}
if ($object->hasAutomaticCapability($capability, $viewer)) {
return true;
}