mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-29 10:12:41 +01:00
Add storage for custom policies
Summary: Ref T603. Allows custom policies to be saved. No integration with policy controls yet. Test Plan: mysql> select * from policy where id = 3\G *************************** 1. row *************************** id: 3 phid: PHID-PLCY-e4v2fnbyuibi4supl5tn rules: [{"action":"allow","rule":"PhabricatorPolicyRuleAdministrators","value":null},{"action":"allow","rule":"PhabricatorPolicyRuleProjects","value":["PHID-PROJ-cwovm5gn2ilubjehcdgd"]},{"action":"allow","rule":"PhabricatorPolicyRuleLunarPhase","value":"new"}] defaultAction: deny dateCreated: 1381437466 dateModified: 1381437466 1 row in set (0.00 sec) Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T603 Differential Revision: https://secure.phabricator.com/D7282
This commit is contained in:
parent
db71bf6128
commit
5899ae08b3
8 changed files with 138 additions and 25 deletions
9
resources/sql/patches/20131010.pstorage.sql
Normal file
9
resources/sql/patches/20131010.pstorage.sql
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
CREATE TABLE {$NAMESPACE}_policy.policy (
|
||||||
|
id INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY,
|
||||||
|
phid VARCHAR(64) NOT NULL COLLATE utf8_bin,
|
||||||
|
rules LONGTEXT NOT NULL COLLATE utf8_bin,
|
||||||
|
defaultAction VARCHAR(32) NOT NULL COLLATE utf8_bin,
|
||||||
|
dateCreated INT UNSIGNED NOT NULL,
|
||||||
|
dateModified INT UNSIGNED NOT NULL,
|
||||||
|
UNIQUE KEY (phid)
|
||||||
|
) ENGINE=InnoDB, COLLATE utf8_general_ci;
|
|
@ -1472,7 +1472,7 @@ phutil_register_library_map(array(
|
||||||
'PhabricatorPhrequentConfigOptions' => 'applications/phrequent/config/PhabricatorPhrequentConfigOptions.php',
|
'PhabricatorPhrequentConfigOptions' => 'applications/phrequent/config/PhabricatorPhrequentConfigOptions.php',
|
||||||
'PhabricatorPhrictionConfigOptions' => 'applications/phriction/config/PhabricatorPhrictionConfigOptions.php',
|
'PhabricatorPhrictionConfigOptions' => 'applications/phriction/config/PhabricatorPhrictionConfigOptions.php',
|
||||||
'PhabricatorPolicies' => 'applications/policy/constants/PhabricatorPolicies.php',
|
'PhabricatorPolicies' => 'applications/policy/constants/PhabricatorPolicies.php',
|
||||||
'PhabricatorPolicy' => 'applications/policy/filter/PhabricatorPolicy.php',
|
'PhabricatorPolicy' => 'applications/policy/storage/PhabricatorPolicy.php',
|
||||||
'PhabricatorPolicyAwareQuery' => 'infrastructure/query/policy/PhabricatorPolicyAwareQuery.php',
|
'PhabricatorPolicyAwareQuery' => 'infrastructure/query/policy/PhabricatorPolicyAwareQuery.php',
|
||||||
'PhabricatorPolicyAwareTestQuery' => 'applications/policy/__tests__/PhabricatorPolicyAwareTestQuery.php',
|
'PhabricatorPolicyAwareTestQuery' => 'applications/policy/__tests__/PhabricatorPolicyAwareTestQuery.php',
|
||||||
'PhabricatorPolicyCapability' => 'applications/policy/capability/PhabricatorPolicyCapability.php',
|
'PhabricatorPolicyCapability' => 'applications/policy/capability/PhabricatorPolicyCapability.php',
|
||||||
|
@ -1482,6 +1482,7 @@ phutil_register_library_map(array(
|
||||||
'PhabricatorPolicyConfigOptions' => 'applications/policy/config/PhabricatorPolicyConfigOptions.php',
|
'PhabricatorPolicyConfigOptions' => 'applications/policy/config/PhabricatorPolicyConfigOptions.php',
|
||||||
'PhabricatorPolicyConstants' => 'applications/policy/constants/PhabricatorPolicyConstants.php',
|
'PhabricatorPolicyConstants' => 'applications/policy/constants/PhabricatorPolicyConstants.php',
|
||||||
'PhabricatorPolicyController' => 'applications/policy/controller/PhabricatorPolicyController.php',
|
'PhabricatorPolicyController' => 'applications/policy/controller/PhabricatorPolicyController.php',
|
||||||
|
'PhabricatorPolicyDAO' => 'applications/policy/storage/PhabricatorPolicyDAO.php',
|
||||||
'PhabricatorPolicyDataTestCase' => 'applications/policy/__tests__/PhabricatorPolicyDataTestCase.php',
|
'PhabricatorPolicyDataTestCase' => 'applications/policy/__tests__/PhabricatorPolicyDataTestCase.php',
|
||||||
'PhabricatorPolicyEditController' => 'applications/policy/controller/PhabricatorPolicyEditController.php',
|
'PhabricatorPolicyEditController' => 'applications/policy/controller/PhabricatorPolicyEditController.php',
|
||||||
'PhabricatorPolicyException' => 'applications/policy/exception/PhabricatorPolicyException.php',
|
'PhabricatorPolicyException' => 'applications/policy/exception/PhabricatorPolicyException.php',
|
||||||
|
@ -1491,6 +1492,7 @@ phutil_register_library_map(array(
|
||||||
'PhabricatorPolicyManagementShowWorkflow' => 'applications/policy/management/PhabricatorPolicyManagementShowWorkflow.php',
|
'PhabricatorPolicyManagementShowWorkflow' => 'applications/policy/management/PhabricatorPolicyManagementShowWorkflow.php',
|
||||||
'PhabricatorPolicyManagementUnlockWorkflow' => 'applications/policy/management/PhabricatorPolicyManagementUnlockWorkflow.php',
|
'PhabricatorPolicyManagementUnlockWorkflow' => 'applications/policy/management/PhabricatorPolicyManagementUnlockWorkflow.php',
|
||||||
'PhabricatorPolicyManagementWorkflow' => 'applications/policy/management/PhabricatorPolicyManagementWorkflow.php',
|
'PhabricatorPolicyManagementWorkflow' => 'applications/policy/management/PhabricatorPolicyManagementWorkflow.php',
|
||||||
|
'PhabricatorPolicyPHIDTypePolicy' => 'applications/policy/phid/PhabricatorPolicyPHIDTypePolicy.php',
|
||||||
'PhabricatorPolicyQuery' => 'applications/policy/query/PhabricatorPolicyQuery.php',
|
'PhabricatorPolicyQuery' => 'applications/policy/query/PhabricatorPolicyQuery.php',
|
||||||
'PhabricatorPolicyRule' => 'applications/policy/rule/PhabricatorPolicyRule.php',
|
'PhabricatorPolicyRule' => 'applications/policy/rule/PhabricatorPolicyRule.php',
|
||||||
'PhabricatorPolicyRuleAdministrators' => 'applications/policy/rule/PhabricatorPolicyRuleAdministrators.php',
|
'PhabricatorPolicyRuleAdministrators' => 'applications/policy/rule/PhabricatorPolicyRuleAdministrators.php',
|
||||||
|
@ -3670,6 +3672,7 @@ phutil_register_library_map(array(
|
||||||
'PhabricatorPhrequentConfigOptions' => 'PhabricatorApplicationConfigOptions',
|
'PhabricatorPhrequentConfigOptions' => 'PhabricatorApplicationConfigOptions',
|
||||||
'PhabricatorPhrictionConfigOptions' => 'PhabricatorApplicationConfigOptions',
|
'PhabricatorPhrictionConfigOptions' => 'PhabricatorApplicationConfigOptions',
|
||||||
'PhabricatorPolicies' => 'PhabricatorPolicyConstants',
|
'PhabricatorPolicies' => 'PhabricatorPolicyConstants',
|
||||||
|
'PhabricatorPolicy' => 'PhabricatorPolicyDAO',
|
||||||
'PhabricatorPolicyAwareQuery' => 'PhabricatorOffsetPagedQuery',
|
'PhabricatorPolicyAwareQuery' => 'PhabricatorOffsetPagedQuery',
|
||||||
'PhabricatorPolicyAwareTestQuery' => 'PhabricatorPolicyAwareQuery',
|
'PhabricatorPolicyAwareTestQuery' => 'PhabricatorPolicyAwareQuery',
|
||||||
'PhabricatorPolicyCapability' => 'Phobject',
|
'PhabricatorPolicyCapability' => 'Phobject',
|
||||||
|
@ -3678,6 +3681,7 @@ phutil_register_library_map(array(
|
||||||
'PhabricatorPolicyCapabilityCanView' => 'PhabricatorPolicyCapability',
|
'PhabricatorPolicyCapabilityCanView' => 'PhabricatorPolicyCapability',
|
||||||
'PhabricatorPolicyConfigOptions' => 'PhabricatorApplicationConfigOptions',
|
'PhabricatorPolicyConfigOptions' => 'PhabricatorApplicationConfigOptions',
|
||||||
'PhabricatorPolicyController' => 'PhabricatorController',
|
'PhabricatorPolicyController' => 'PhabricatorController',
|
||||||
|
'PhabricatorPolicyDAO' => 'PhabricatorLiskDAO',
|
||||||
'PhabricatorPolicyDataTestCase' => 'PhabricatorTestCase',
|
'PhabricatorPolicyDataTestCase' => 'PhabricatorTestCase',
|
||||||
'PhabricatorPolicyEditController' => 'PhabricatorPolicyController',
|
'PhabricatorPolicyEditController' => 'PhabricatorPolicyController',
|
||||||
'PhabricatorPolicyException' => 'Exception',
|
'PhabricatorPolicyException' => 'Exception',
|
||||||
|
@ -3685,6 +3689,7 @@ phutil_register_library_map(array(
|
||||||
'PhabricatorPolicyManagementShowWorkflow' => 'PhabricatorPolicyManagementWorkflow',
|
'PhabricatorPolicyManagementShowWorkflow' => 'PhabricatorPolicyManagementWorkflow',
|
||||||
'PhabricatorPolicyManagementUnlockWorkflow' => 'PhabricatorPolicyManagementWorkflow',
|
'PhabricatorPolicyManagementUnlockWorkflow' => 'PhabricatorPolicyManagementWorkflow',
|
||||||
'PhabricatorPolicyManagementWorkflow' => 'PhutilArgumentWorkflow',
|
'PhabricatorPolicyManagementWorkflow' => 'PhutilArgumentWorkflow',
|
||||||
|
'PhabricatorPolicyPHIDTypePolicy' => 'PhabricatorPHIDType',
|
||||||
'PhabricatorPolicyQuery' => 'PhabricatorQuery',
|
'PhabricatorPolicyQuery' => 'PhabricatorQuery',
|
||||||
'PhabricatorPolicyRuleAdministrators' => 'PhabricatorPolicyRule',
|
'PhabricatorPolicyRuleAdministrators' => 'PhabricatorPolicyRule',
|
||||||
'PhabricatorPolicyRuleLunarPhase' => 'PhabricatorPolicyRule',
|
'PhabricatorPolicyRuleLunarPhase' => 'PhabricatorPolicyRule',
|
||||||
|
|
|
@ -7,6 +7,8 @@ final class PhabricatorPolicyEditController
|
||||||
$request = $this->getRequest();
|
$request = $this->getRequest();
|
||||||
$viewer = $request->getUser();
|
$viewer = $request->getUser();
|
||||||
|
|
||||||
|
$policy = new PhabricatorPolicy();
|
||||||
|
|
||||||
$root_id = celerity_generate_unique_node_id();
|
$root_id = celerity_generate_unique_node_id();
|
||||||
|
|
||||||
$action_options = array(
|
$action_options = array(
|
||||||
|
@ -53,7 +55,6 @@ final class PhabricatorPolicyEditController
|
||||||
$rule_obj = $rules[$rule_class];
|
$rule_obj = $rules[$rule_class];
|
||||||
|
|
||||||
$value = $rule_obj->getValueForStorage(idx($rule, 'value'));
|
$value = $rule_obj->getValueForStorage(idx($rule, 'value'));
|
||||||
$value = $rule_obj->getValueForDisplay($viewer, $value);
|
|
||||||
|
|
||||||
$rule_data[] = array(
|
$rule_data[] = array(
|
||||||
'action' => $action,
|
'action' => $action,
|
||||||
|
@ -62,7 +63,13 @@ final class PhabricatorPolicyEditController
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
$default_value = $request->getStr('default');
|
$policy->setRules($rule_data);
|
||||||
|
$policy->setDefaultAction($request->getStr('default'));
|
||||||
|
$policy->save();
|
||||||
|
|
||||||
|
// TODO: Integrate with policy editors.
|
||||||
|
$id = $policy->getID();
|
||||||
|
throw new Exception("OK, saved policy {$id}!");
|
||||||
} else {
|
} else {
|
||||||
$rule_data = array(
|
$rule_data = array(
|
||||||
$default_rule,
|
$default_rule,
|
||||||
|
@ -76,7 +83,6 @@ final class PhabricatorPolicyEditController
|
||||||
'name' => 'default',
|
'name' => 'default',
|
||||||
));
|
));
|
||||||
|
|
||||||
|
|
||||||
$form = id(new PHUIFormLayoutView())
|
$form = id(new PHUIFormLayoutView())
|
||||||
->appendChild(
|
->appendChild(
|
||||||
javelin_tag(
|
javelin_tag(
|
||||||
|
|
|
@ -0,0 +1,48 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
final class PhabricatorPolicyPHIDTypePolicy
|
||||||
|
extends PhabricatorPHIDType {
|
||||||
|
|
||||||
|
const TYPECONST = 'PLCY';
|
||||||
|
|
||||||
|
public function getTypeConstant() {
|
||||||
|
return self::TYPECONST;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function getTypeName() {
|
||||||
|
return pht('Policy');
|
||||||
|
}
|
||||||
|
|
||||||
|
public function newObject() {
|
||||||
|
return new PhabricatorPolicy();
|
||||||
|
}
|
||||||
|
|
||||||
|
public function loadObjects(
|
||||||
|
PhabricatorObjectQuery $query,
|
||||||
|
array $phids) {
|
||||||
|
|
||||||
|
return id(new PhabricatorPolicyQuery())
|
||||||
|
->setViewer($query->getViewer())
|
||||||
|
->setParentQuery($query)
|
||||||
|
->withPHIDs($phids)
|
||||||
|
->execute();
|
||||||
|
}
|
||||||
|
|
||||||
|
public function loadHandles(
|
||||||
|
PhabricatorHandleQuery $query,
|
||||||
|
array $handles,
|
||||||
|
array $objects) {
|
||||||
|
|
||||||
|
foreach ($handles as $phid => $handle) {
|
||||||
|
$policy = $objects[$phid];
|
||||||
|
|
||||||
|
$handle->setName($policy->getName());
|
||||||
|
$handle->setURI($policy->getHref());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public function canLoadNamedObject($name) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -4,6 +4,7 @@ final class PhabricatorPolicyQuery extends PhabricatorQuery {
|
||||||
|
|
||||||
private $viewer;
|
private $viewer;
|
||||||
private $object;
|
private $object;
|
||||||
|
private $phids;
|
||||||
|
|
||||||
public function setViewer(PhabricatorUser $viewer) {
|
public function setViewer(PhabricatorUser $viewer) {
|
||||||
$this->viewer = $viewer;
|
$this->viewer = $viewer;
|
||||||
|
@ -15,6 +16,11 @@ final class PhabricatorPolicyQuery extends PhabricatorQuery {
|
||||||
return $this;
|
return $this;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function withPHIDs(array $phids) {
|
||||||
|
$this->phids = $phids;
|
||||||
|
return $this;
|
||||||
|
}
|
||||||
|
|
||||||
public static function loadPolicies(
|
public static function loadPolicies(
|
||||||
PhabricatorUser $viewer,
|
PhabricatorUser $viewer,
|
||||||
PhabricatorPolicyInterface $object) {
|
PhabricatorPolicyInterface $object) {
|
||||||
|
@ -68,9 +74,6 @@ final class PhabricatorPolicyQuery extends PhabricatorQuery {
|
||||||
if (!$this->viewer) {
|
if (!$this->viewer) {
|
||||||
throw new Exception('Call setViewer() before execute()!');
|
throw new Exception('Call setViewer() before execute()!');
|
||||||
}
|
}
|
||||||
if (!$this->object) {
|
|
||||||
throw new Exception('Call setObject() before execute()!');
|
|
||||||
}
|
|
||||||
|
|
||||||
$results = $this->getGlobalPolicies();
|
$results = $this->getGlobalPolicies();
|
||||||
|
|
||||||
|
@ -93,13 +96,15 @@ final class PhabricatorPolicyQuery extends PhabricatorQuery {
|
||||||
$results = mpull($results, null, 'getPHID');
|
$results = mpull($results, null, 'getPHID');
|
||||||
|
|
||||||
$other_policies = array();
|
$other_policies = array();
|
||||||
$capabilities = $this->object->getCapabilities();
|
if ($this->object) {
|
||||||
foreach ($capabilities as $capability) {
|
$capabilities = $this->object->getCapabilities();
|
||||||
$policy = $this->object->getPolicy($capability);
|
foreach ($capabilities as $capability) {
|
||||||
if (!$policy) {
|
$policy = $this->object->getPolicy($capability);
|
||||||
continue;
|
if (!$policy) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
$other_policies[$policy] = $policy;
|
||||||
}
|
}
|
||||||
$other_policies[$policy] = $policy;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// If this install doesn't have "Public" enabled, remove it as an option
|
// If this install doesn't have "Public" enabled, remove it as an option
|
||||||
|
@ -127,6 +132,15 @@ final class PhabricatorPolicyQuery extends PhabricatorQuery {
|
||||||
|
|
||||||
$results = msort($results, 'getSortKey');
|
$results = msort($results, 'getSortKey');
|
||||||
|
|
||||||
|
if ($this->phids) {
|
||||||
|
$phids = array_fuse($this->phids);
|
||||||
|
foreach ($results as $key => $result) {
|
||||||
|
if (empty($phids[$result->getPHID()])) {
|
||||||
|
unset($results[$key]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return $results;
|
return $results;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -160,7 +174,8 @@ final class PhabricatorPolicyQuery extends PhabricatorQuery {
|
||||||
$results[$constant] = id(new PhabricatorPolicy())
|
$results[$constant] = id(new PhabricatorPolicy())
|
||||||
->setType(PhabricatorPolicyType::TYPE_GLOBAL)
|
->setType(PhabricatorPolicyType::TYPE_GLOBAL)
|
||||||
->setPHID($constant)
|
->setPHID($constant)
|
||||||
->setName(self::getGlobalPolicyName($constant));
|
->setName(self::getGlobalPolicyName($constant))
|
||||||
|
->makeEphemeral();
|
||||||
}
|
}
|
||||||
|
|
||||||
return $results;
|
return $results;
|
||||||
|
|
|
@ -1,13 +1,33 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
final class PhabricatorPolicy {
|
final class PhabricatorPolicy
|
||||||
|
extends PhabricatorPolicyDAO {
|
||||||
|
|
||||||
|
const ACTION_ACCEPT = 'accept';
|
||||||
|
const ACTION_DENY = 'deny';
|
||||||
|
|
||||||
private $phid;
|
|
||||||
private $name;
|
private $name;
|
||||||
private $type;
|
private $type;
|
||||||
private $href;
|
private $href;
|
||||||
private $icon;
|
private $icon;
|
||||||
|
|
||||||
|
protected $rules = array();
|
||||||
|
protected $defaultAction = self::ACTION_DENY;
|
||||||
|
|
||||||
|
public function getConfiguration() {
|
||||||
|
return array(
|
||||||
|
self::CONFIG_AUX_PHID => true,
|
||||||
|
self::CONFIG_SERIALIZATION => array(
|
||||||
|
'rules' => self::SERIALIZATION_JSON,
|
||||||
|
),
|
||||||
|
) + parent::getConfiguration();
|
||||||
|
}
|
||||||
|
|
||||||
|
public function generatePHID() {
|
||||||
|
return PhabricatorPHID::generateNewPHID(
|
||||||
|
PhabricatorPolicyPHIDTypePolicy::TYPECONST);
|
||||||
|
}
|
||||||
|
|
||||||
public static function newFromPolicyAndHandle(
|
public static function newFromPolicyAndHandle(
|
||||||
$policy_identifier,
|
$policy_identifier,
|
||||||
PhabricatorObjectHandle $handle = null) {
|
PhabricatorObjectHandle $handle = null) {
|
||||||
|
@ -48,6 +68,8 @@ final class PhabricatorPolicy {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$policy->makeEphemeral();
|
||||||
|
|
||||||
return $policy;
|
return $policy;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -69,15 +91,6 @@ final class PhabricatorPolicy {
|
||||||
return $this->name;
|
return $this->name;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function setPHID($phid) {
|
|
||||||
$this->phid = $phid;
|
|
||||||
return $this;
|
|
||||||
}
|
|
||||||
|
|
||||||
public function getPHID() {
|
|
||||||
return $this->phid;
|
|
||||||
}
|
|
||||||
|
|
||||||
public function setHref($href) {
|
public function setHref($href) {
|
||||||
$this->href = $href;
|
$this->href = $href;
|
||||||
return $this;
|
return $this;
|
9
src/applications/policy/storage/PhabricatorPolicyDAO.php
Normal file
9
src/applications/policy/storage/PhabricatorPolicyDAO.php
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
abstract class PhabricatorPolicyDAO extends PhabricatorLiskDAO {
|
||||||
|
|
||||||
|
public function getApplicationName() {
|
||||||
|
return 'policy';
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -204,6 +204,10 @@ final class PhabricatorBuiltinPatchList extends PhabricatorSQLPatchList {
|
||||||
'type' => 'db',
|
'type' => 'db',
|
||||||
'name' => 'legalpad',
|
'name' => 'legalpad',
|
||||||
),
|
),
|
||||||
|
'db.policy' => array(
|
||||||
|
'type' => 'db',
|
||||||
|
'name' => 'policy',
|
||||||
|
),
|
||||||
'0000.legacy.sql' => array(
|
'0000.legacy.sql' => array(
|
||||||
'type' => 'sql',
|
'type' => 'sql',
|
||||||
'name' => $this->getPatchPath('0000.legacy.sql'),
|
'name' => $this->getPatchPath('0000.legacy.sql'),
|
||||||
|
@ -1664,6 +1668,10 @@ final class PhabricatorBuiltinPatchList extends PhabricatorSQLPatchList {
|
||||||
'type' => 'sql',
|
'type' => 'sql',
|
||||||
'name' => $this->getPatchPath('20131006.hdisable.sql'),
|
'name' => $this->getPatchPath('20131006.hdisable.sql'),
|
||||||
),
|
),
|
||||||
|
'20131010.pstorage.sql' => array(
|
||||||
|
'type' => 'sql',
|
||||||
|
'name' => $this->getPatchPath('20131010.pstorage.sql'),
|
||||||
|
),
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue