1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2025-03-22 09:10:09 +01:00

Bind patches, file content and raw diffs bind policies to their originating objects

Summary:
Fixes T4270. When you download raw file content, diffs, and patches we currently give them default (all users) visibility.

Instead, bind them to the repository or revision in question.

(This code could use a bit of cleanup at some point.)

Test Plan: Hit the patch and content download links in Diffusion and the patch download link in Differential, got restricted files with accurate policy bindings.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T4270

Differential Revision: https://secure.phabricator.com/D7849
This commit is contained in:
epriestley 2013-12-30 11:27:02 -08:00
parent 10d4eaca6f
commit 591df78361
5 changed files with 45 additions and 4 deletions

View file

@ -70,6 +70,7 @@ final class DifferentialRevisionViewController extends DifferentialController {
if ($request->getExists('download')) {
return $this->buildRawDiffResponse(
$revision,
$changesets,
$vs_changesets,
$vs_map,
@ -850,6 +851,7 @@ final class DifferentialRevisionViewController extends DifferentialController {
* @return @{class:AphrontRedirectResponse}
*/
private function buildRawDiffResponse(
DifferentialRevision $revision,
array $changesets,
array $vs_changesets,
array $vs_map,
@ -910,8 +912,16 @@ final class DifferentialRevisionViewController extends DifferentialController {
$raw_diff,
array(
'name' => $file_name,
'ttl' => (60 * 60 * 24),
'viewPolicy' => PhabricatorPolicies::POLICY_NOONE,
));
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
$file->attachToObject(
$this->getRequest()->getUser(),
$revision->getPHID());
unset($unguarded);
return id(new AphrontRedirectResponse())->setURI($file->getBestURI());
}

View file

@ -810,12 +810,21 @@ final class DiffusionBrowseFileController extends DiffusionBrowseController {
}
private function loadFileForData($path, $data) {
return PhabricatorFile::buildFromFileDataOrHash(
$file = PhabricatorFile::buildFromFileDataOrHash(
$data,
array(
'name' => basename($path),
'ttl' => time() + 60 * 60 * 24,
'viewPolicy' => PhabricatorPolicies::POLICY_NOONE,
));
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
$file->attachToObject(
$this->getRequest()->getUser(),
$this->getDiffusionRequest()->getRepository()->getPHID());
unset($unguarded);
return $file;
}
private function buildRawResponse($path, $data) {

View file

@ -1049,8 +1049,16 @@ final class DiffusionCommitController extends DiffusionController {
$raw_diff,
array(
'name' => $drequest->getCommit().'.diff',
'ttl' => (60 * 60 * 24),
'viewPolicy' => PhabricatorPolicies::POLICY_NOONE,
));
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
$file->attachToObject(
$this->getRequest()->getUser(),
$drequest->getRepository()->getPHID());
unset($unguarded);
return id(new AphrontRedirectResponse())->setURI($file->getBestURI());
}

View file

@ -33,6 +33,8 @@ final class PhabricatorFileInfoController extends PhabricatorFileController {
$this->loadHandles($handle_phids);
$header = id(new PHUIHeaderView())
->setUser($user)
->setPolicyObject($file)
->setHeader($file->getName());
$ttl = $file->getTTL();

View file

@ -175,13 +175,17 @@ final class PhabricatorFile extends PhabricatorFileDAO
$file_ttl = idx($params, 'ttl');
$authorPHID = idx($params, 'authorPHID');
$new_file = new PhabricatorFile();
$new_file = new PhabricatorFile();
$new_file->setName($file_name);
$new_file->setByteSize($copy_of_byteSize);
$new_file->setAuthorPHID($authorPHID);
$new_file->setTtl($file_ttl);
if (idx($params, 'viewPolicy')) {
$new_file->setViewPolicy($params['viewPolicy']);
}
$new_file->setContentHash($hash);
$new_file->setStorageEngine($copy_of_storage_engine);
$new_file->setStorageHandle($copy_of_storage_handle);
@ -262,6 +266,10 @@ final class PhabricatorFile extends PhabricatorFileDAO
$file->setTtl($file_ttl);
$file->setContentHash(self::hashFileContent($data));
if (idx($params, 'viewPolicy')) {
$file->setViewPolicy($params['viewPolicy']);
}
$file->setStorageEngine($engine_identifier);
$file->setStorageHandle($data_handle);
@ -877,8 +885,12 @@ final class PhabricatorFile extends PhabricatorFileDAO
}
public function getPolicy($capability) {
// TODO: Implement proper per-object policies.
return PhabricatorPolicies::POLICY_USER;
switch ($capability) {
case PhabricatorPolicyCapability::CAN_VIEW:
return $this->getViewPolicy();
case PhabricatorPolicyCapability::CAN_EDIT:
return PhabricatorPolicies::POLICY_NOONE;
}
}
public function hasAutomaticCapability($capability, PhabricatorUser $viewer) {