1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-29 10:12:41 +01:00

Add storage for custom policies

Summary: Ref T603. Allows custom policies to be saved. No integration with policy controls yet.

Test Plan:
  mysql> select * from policy where id = 3\G
  *************************** 1. row ***************************
             id: 3
           phid: PHID-PLCY-e4v2fnbyuibi4supl5tn
          rules: [{"action":"allow","rule":"PhabricatorPolicyRuleAdministrators","value":null},{"action":"allow","rule":"PhabricatorPolicyRuleProjects","value":["PHID-PROJ-cwovm5gn2ilubjehcdgd"]},{"action":"allow","rule":"PhabricatorPolicyRuleLunarPhase","value":"new"}]
  defaultAction: deny
    dateCreated: 1381437466
   dateModified: 1381437466
  1 row in set (0.00 sec)

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D7282
This commit is contained in:
epriestley 2013-10-10 16:09:51 -07:00
parent db71bf6128
commit 5899ae08b3
8 changed files with 138 additions and 25 deletions

View file

@ -0,0 +1,9 @@
CREATE TABLE {$NAMESPACE}_policy.policy (
id INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY,
phid VARCHAR(64) NOT NULL COLLATE utf8_bin,
rules LONGTEXT NOT NULL COLLATE utf8_bin,
defaultAction VARCHAR(32) NOT NULL COLLATE utf8_bin,
dateCreated INT UNSIGNED NOT NULL,
dateModified INT UNSIGNED NOT NULL,
UNIQUE KEY (phid)
) ENGINE=InnoDB, COLLATE utf8_general_ci;

View file

@ -1472,7 +1472,7 @@ phutil_register_library_map(array(
'PhabricatorPhrequentConfigOptions' => 'applications/phrequent/config/PhabricatorPhrequentConfigOptions.php', 'PhabricatorPhrequentConfigOptions' => 'applications/phrequent/config/PhabricatorPhrequentConfigOptions.php',
'PhabricatorPhrictionConfigOptions' => 'applications/phriction/config/PhabricatorPhrictionConfigOptions.php', 'PhabricatorPhrictionConfigOptions' => 'applications/phriction/config/PhabricatorPhrictionConfigOptions.php',
'PhabricatorPolicies' => 'applications/policy/constants/PhabricatorPolicies.php', 'PhabricatorPolicies' => 'applications/policy/constants/PhabricatorPolicies.php',
'PhabricatorPolicy' => 'applications/policy/filter/PhabricatorPolicy.php', 'PhabricatorPolicy' => 'applications/policy/storage/PhabricatorPolicy.php',
'PhabricatorPolicyAwareQuery' => 'infrastructure/query/policy/PhabricatorPolicyAwareQuery.php', 'PhabricatorPolicyAwareQuery' => 'infrastructure/query/policy/PhabricatorPolicyAwareQuery.php',
'PhabricatorPolicyAwareTestQuery' => 'applications/policy/__tests__/PhabricatorPolicyAwareTestQuery.php', 'PhabricatorPolicyAwareTestQuery' => 'applications/policy/__tests__/PhabricatorPolicyAwareTestQuery.php',
'PhabricatorPolicyCapability' => 'applications/policy/capability/PhabricatorPolicyCapability.php', 'PhabricatorPolicyCapability' => 'applications/policy/capability/PhabricatorPolicyCapability.php',
@ -1482,6 +1482,7 @@ phutil_register_library_map(array(
'PhabricatorPolicyConfigOptions' => 'applications/policy/config/PhabricatorPolicyConfigOptions.php', 'PhabricatorPolicyConfigOptions' => 'applications/policy/config/PhabricatorPolicyConfigOptions.php',
'PhabricatorPolicyConstants' => 'applications/policy/constants/PhabricatorPolicyConstants.php', 'PhabricatorPolicyConstants' => 'applications/policy/constants/PhabricatorPolicyConstants.php',
'PhabricatorPolicyController' => 'applications/policy/controller/PhabricatorPolicyController.php', 'PhabricatorPolicyController' => 'applications/policy/controller/PhabricatorPolicyController.php',
'PhabricatorPolicyDAO' => 'applications/policy/storage/PhabricatorPolicyDAO.php',
'PhabricatorPolicyDataTestCase' => 'applications/policy/__tests__/PhabricatorPolicyDataTestCase.php', 'PhabricatorPolicyDataTestCase' => 'applications/policy/__tests__/PhabricatorPolicyDataTestCase.php',
'PhabricatorPolicyEditController' => 'applications/policy/controller/PhabricatorPolicyEditController.php', 'PhabricatorPolicyEditController' => 'applications/policy/controller/PhabricatorPolicyEditController.php',
'PhabricatorPolicyException' => 'applications/policy/exception/PhabricatorPolicyException.php', 'PhabricatorPolicyException' => 'applications/policy/exception/PhabricatorPolicyException.php',
@ -1491,6 +1492,7 @@ phutil_register_library_map(array(
'PhabricatorPolicyManagementShowWorkflow' => 'applications/policy/management/PhabricatorPolicyManagementShowWorkflow.php', 'PhabricatorPolicyManagementShowWorkflow' => 'applications/policy/management/PhabricatorPolicyManagementShowWorkflow.php',
'PhabricatorPolicyManagementUnlockWorkflow' => 'applications/policy/management/PhabricatorPolicyManagementUnlockWorkflow.php', 'PhabricatorPolicyManagementUnlockWorkflow' => 'applications/policy/management/PhabricatorPolicyManagementUnlockWorkflow.php',
'PhabricatorPolicyManagementWorkflow' => 'applications/policy/management/PhabricatorPolicyManagementWorkflow.php', 'PhabricatorPolicyManagementWorkflow' => 'applications/policy/management/PhabricatorPolicyManagementWorkflow.php',
'PhabricatorPolicyPHIDTypePolicy' => 'applications/policy/phid/PhabricatorPolicyPHIDTypePolicy.php',
'PhabricatorPolicyQuery' => 'applications/policy/query/PhabricatorPolicyQuery.php', 'PhabricatorPolicyQuery' => 'applications/policy/query/PhabricatorPolicyQuery.php',
'PhabricatorPolicyRule' => 'applications/policy/rule/PhabricatorPolicyRule.php', 'PhabricatorPolicyRule' => 'applications/policy/rule/PhabricatorPolicyRule.php',
'PhabricatorPolicyRuleAdministrators' => 'applications/policy/rule/PhabricatorPolicyRuleAdministrators.php', 'PhabricatorPolicyRuleAdministrators' => 'applications/policy/rule/PhabricatorPolicyRuleAdministrators.php',
@ -3670,6 +3672,7 @@ phutil_register_library_map(array(
'PhabricatorPhrequentConfigOptions' => 'PhabricatorApplicationConfigOptions', 'PhabricatorPhrequentConfigOptions' => 'PhabricatorApplicationConfigOptions',
'PhabricatorPhrictionConfigOptions' => 'PhabricatorApplicationConfigOptions', 'PhabricatorPhrictionConfigOptions' => 'PhabricatorApplicationConfigOptions',
'PhabricatorPolicies' => 'PhabricatorPolicyConstants', 'PhabricatorPolicies' => 'PhabricatorPolicyConstants',
'PhabricatorPolicy' => 'PhabricatorPolicyDAO',
'PhabricatorPolicyAwareQuery' => 'PhabricatorOffsetPagedQuery', 'PhabricatorPolicyAwareQuery' => 'PhabricatorOffsetPagedQuery',
'PhabricatorPolicyAwareTestQuery' => 'PhabricatorPolicyAwareQuery', 'PhabricatorPolicyAwareTestQuery' => 'PhabricatorPolicyAwareQuery',
'PhabricatorPolicyCapability' => 'Phobject', 'PhabricatorPolicyCapability' => 'Phobject',
@ -3678,6 +3681,7 @@ phutil_register_library_map(array(
'PhabricatorPolicyCapabilityCanView' => 'PhabricatorPolicyCapability', 'PhabricatorPolicyCapabilityCanView' => 'PhabricatorPolicyCapability',
'PhabricatorPolicyConfigOptions' => 'PhabricatorApplicationConfigOptions', 'PhabricatorPolicyConfigOptions' => 'PhabricatorApplicationConfigOptions',
'PhabricatorPolicyController' => 'PhabricatorController', 'PhabricatorPolicyController' => 'PhabricatorController',
'PhabricatorPolicyDAO' => 'PhabricatorLiskDAO',
'PhabricatorPolicyDataTestCase' => 'PhabricatorTestCase', 'PhabricatorPolicyDataTestCase' => 'PhabricatorTestCase',
'PhabricatorPolicyEditController' => 'PhabricatorPolicyController', 'PhabricatorPolicyEditController' => 'PhabricatorPolicyController',
'PhabricatorPolicyException' => 'Exception', 'PhabricatorPolicyException' => 'Exception',
@ -3685,6 +3689,7 @@ phutil_register_library_map(array(
'PhabricatorPolicyManagementShowWorkflow' => 'PhabricatorPolicyManagementWorkflow', 'PhabricatorPolicyManagementShowWorkflow' => 'PhabricatorPolicyManagementWorkflow',
'PhabricatorPolicyManagementUnlockWorkflow' => 'PhabricatorPolicyManagementWorkflow', 'PhabricatorPolicyManagementUnlockWorkflow' => 'PhabricatorPolicyManagementWorkflow',
'PhabricatorPolicyManagementWorkflow' => 'PhutilArgumentWorkflow', 'PhabricatorPolicyManagementWorkflow' => 'PhutilArgumentWorkflow',
'PhabricatorPolicyPHIDTypePolicy' => 'PhabricatorPHIDType',
'PhabricatorPolicyQuery' => 'PhabricatorQuery', 'PhabricatorPolicyQuery' => 'PhabricatorQuery',
'PhabricatorPolicyRuleAdministrators' => 'PhabricatorPolicyRule', 'PhabricatorPolicyRuleAdministrators' => 'PhabricatorPolicyRule',
'PhabricatorPolicyRuleLunarPhase' => 'PhabricatorPolicyRule', 'PhabricatorPolicyRuleLunarPhase' => 'PhabricatorPolicyRule',

View file

@ -7,6 +7,8 @@ final class PhabricatorPolicyEditController
$request = $this->getRequest(); $request = $this->getRequest();
$viewer = $request->getUser(); $viewer = $request->getUser();
$policy = new PhabricatorPolicy();
$root_id = celerity_generate_unique_node_id(); $root_id = celerity_generate_unique_node_id();
$action_options = array( $action_options = array(
@ -53,7 +55,6 @@ final class PhabricatorPolicyEditController
$rule_obj = $rules[$rule_class]; $rule_obj = $rules[$rule_class];
$value = $rule_obj->getValueForStorage(idx($rule, 'value')); $value = $rule_obj->getValueForStorage(idx($rule, 'value'));
$value = $rule_obj->getValueForDisplay($viewer, $value);
$rule_data[] = array( $rule_data[] = array(
'action' => $action, 'action' => $action,
@ -62,7 +63,13 @@ final class PhabricatorPolicyEditController
); );
} }
$default_value = $request->getStr('default'); $policy->setRules($rule_data);
$policy->setDefaultAction($request->getStr('default'));
$policy->save();
// TODO: Integrate with policy editors.
$id = $policy->getID();
throw new Exception("OK, saved policy {$id}!");
} else { } else {
$rule_data = array( $rule_data = array(
$default_rule, $default_rule,
@ -76,7 +83,6 @@ final class PhabricatorPolicyEditController
'name' => 'default', 'name' => 'default',
)); ));
$form = id(new PHUIFormLayoutView()) $form = id(new PHUIFormLayoutView())
->appendChild( ->appendChild(
javelin_tag( javelin_tag(

View file

@ -0,0 +1,48 @@
<?php
final class PhabricatorPolicyPHIDTypePolicy
extends PhabricatorPHIDType {
const TYPECONST = 'PLCY';
public function getTypeConstant() {
return self::TYPECONST;
}
public function getTypeName() {
return pht('Policy');
}
public function newObject() {
return new PhabricatorPolicy();
}
public function loadObjects(
PhabricatorObjectQuery $query,
array $phids) {
return id(new PhabricatorPolicyQuery())
->setViewer($query->getViewer())
->setParentQuery($query)
->withPHIDs($phids)
->execute();
}
public function loadHandles(
PhabricatorHandleQuery $query,
array $handles,
array $objects) {
foreach ($handles as $phid => $handle) {
$policy = $objects[$phid];
$handle->setName($policy->getName());
$handle->setURI($policy->getHref());
}
}
public function canLoadNamedObject($name) {
return false;
}
}

View file

@ -4,6 +4,7 @@ final class PhabricatorPolicyQuery extends PhabricatorQuery {
private $viewer; private $viewer;
private $object; private $object;
private $phids;
public function setViewer(PhabricatorUser $viewer) { public function setViewer(PhabricatorUser $viewer) {
$this->viewer = $viewer; $this->viewer = $viewer;
@ -15,6 +16,11 @@ final class PhabricatorPolicyQuery extends PhabricatorQuery {
return $this; return $this;
} }
public function withPHIDs(array $phids) {
$this->phids = $phids;
return $this;
}
public static function loadPolicies( public static function loadPolicies(
PhabricatorUser $viewer, PhabricatorUser $viewer,
PhabricatorPolicyInterface $object) { PhabricatorPolicyInterface $object) {
@ -68,9 +74,6 @@ final class PhabricatorPolicyQuery extends PhabricatorQuery {
if (!$this->viewer) { if (!$this->viewer) {
throw new Exception('Call setViewer() before execute()!'); throw new Exception('Call setViewer() before execute()!');
} }
if (!$this->object) {
throw new Exception('Call setObject() before execute()!');
}
$results = $this->getGlobalPolicies(); $results = $this->getGlobalPolicies();
@ -93,13 +96,15 @@ final class PhabricatorPolicyQuery extends PhabricatorQuery {
$results = mpull($results, null, 'getPHID'); $results = mpull($results, null, 'getPHID');
$other_policies = array(); $other_policies = array();
$capabilities = $this->object->getCapabilities(); if ($this->object) {
foreach ($capabilities as $capability) { $capabilities = $this->object->getCapabilities();
$policy = $this->object->getPolicy($capability); foreach ($capabilities as $capability) {
if (!$policy) { $policy = $this->object->getPolicy($capability);
continue; if (!$policy) {
continue;
}
$other_policies[$policy] = $policy;
} }
$other_policies[$policy] = $policy;
} }
// If this install doesn't have "Public" enabled, remove it as an option // If this install doesn't have "Public" enabled, remove it as an option
@ -127,6 +132,15 @@ final class PhabricatorPolicyQuery extends PhabricatorQuery {
$results = msort($results, 'getSortKey'); $results = msort($results, 'getSortKey');
if ($this->phids) {
$phids = array_fuse($this->phids);
foreach ($results as $key => $result) {
if (empty($phids[$result->getPHID()])) {
unset($results[$key]);
}
}
}
return $results; return $results;
} }
@ -160,7 +174,8 @@ final class PhabricatorPolicyQuery extends PhabricatorQuery {
$results[$constant] = id(new PhabricatorPolicy()) $results[$constant] = id(new PhabricatorPolicy())
->setType(PhabricatorPolicyType::TYPE_GLOBAL) ->setType(PhabricatorPolicyType::TYPE_GLOBAL)
->setPHID($constant) ->setPHID($constant)
->setName(self::getGlobalPolicyName($constant)); ->setName(self::getGlobalPolicyName($constant))
->makeEphemeral();
} }
return $results; return $results;

View file

@ -1,13 +1,33 @@
<?php <?php
final class PhabricatorPolicy { final class PhabricatorPolicy
extends PhabricatorPolicyDAO {
const ACTION_ACCEPT = 'accept';
const ACTION_DENY = 'deny';
private $phid;
private $name; private $name;
private $type; private $type;
private $href; private $href;
private $icon; private $icon;
protected $rules = array();
protected $defaultAction = self::ACTION_DENY;
public function getConfiguration() {
return array(
self::CONFIG_AUX_PHID => true,
self::CONFIG_SERIALIZATION => array(
'rules' => self::SERIALIZATION_JSON,
),
) + parent::getConfiguration();
}
public function generatePHID() {
return PhabricatorPHID::generateNewPHID(
PhabricatorPolicyPHIDTypePolicy::TYPECONST);
}
public static function newFromPolicyAndHandle( public static function newFromPolicyAndHandle(
$policy_identifier, $policy_identifier,
PhabricatorObjectHandle $handle = null) { PhabricatorObjectHandle $handle = null) {
@ -48,6 +68,8 @@ final class PhabricatorPolicy {
break; break;
} }
$policy->makeEphemeral();
return $policy; return $policy;
} }
@ -69,15 +91,6 @@ final class PhabricatorPolicy {
return $this->name; return $this->name;
} }
public function setPHID($phid) {
$this->phid = $phid;
return $this;
}
public function getPHID() {
return $this->phid;
}
public function setHref($href) { public function setHref($href) {
$this->href = $href; $this->href = $href;
return $this; return $this;

View file

@ -0,0 +1,9 @@
<?php
abstract class PhabricatorPolicyDAO extends PhabricatorLiskDAO {
public function getApplicationName() {
return 'policy';
}
}

View file

@ -204,6 +204,10 @@ final class PhabricatorBuiltinPatchList extends PhabricatorSQLPatchList {
'type' => 'db', 'type' => 'db',
'name' => 'legalpad', 'name' => 'legalpad',
), ),
'db.policy' => array(
'type' => 'db',
'name' => 'policy',
),
'0000.legacy.sql' => array( '0000.legacy.sql' => array(
'type' => 'sql', 'type' => 'sql',
'name' => $this->getPatchPath('0000.legacy.sql'), 'name' => $this->getPatchPath('0000.legacy.sql'),
@ -1664,6 +1668,10 @@ final class PhabricatorBuiltinPatchList extends PhabricatorSQLPatchList {
'type' => 'sql', 'type' => 'sql',
'name' => $this->getPatchPath('20131006.hdisable.sql'), 'name' => $this->getPatchPath('20131006.hdisable.sql'),
), ),
'20131010.pstorage.sql' => array(
'type' => 'sql',
'name' => $this->getPatchPath('20131010.pstorage.sql'),
),
); );
} }
} }