mirror of
https://we.phorge.it/source/phorge.git
synced 2025-03-22 09:10:09 +01:00
Bind patches, file content and raw diffs bind policies to their originating objects
Summary: Fixes T4270. When you download raw file content, diffs, and patches we currently give them default (all users) visibility. Instead, bind them to the repository or revision in question. (This code could use a bit of cleanup at some point.) Test Plan: Hit the patch and content download links in Diffusion and the patch download link in Differential, got restricted files with accurate policy bindings. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T4270 Differential Revision: https://secure.phabricator.com/D7849
This commit is contained in:
parent
10d4eaca6f
commit
591df78361
5 changed files with 45 additions and 4 deletions
|
@ -70,6 +70,7 @@ final class DifferentialRevisionViewController extends DifferentialController {
|
|||
|
||||
if ($request->getExists('download')) {
|
||||
return $this->buildRawDiffResponse(
|
||||
$revision,
|
||||
$changesets,
|
||||
$vs_changesets,
|
||||
$vs_map,
|
||||
|
@ -850,6 +851,7 @@ final class DifferentialRevisionViewController extends DifferentialController {
|
|||
* @return @{class:AphrontRedirectResponse}
|
||||
*/
|
||||
private function buildRawDiffResponse(
|
||||
DifferentialRevision $revision,
|
||||
array $changesets,
|
||||
array $vs_changesets,
|
||||
array $vs_map,
|
||||
|
@ -910,8 +912,16 @@ final class DifferentialRevisionViewController extends DifferentialController {
|
|||
$raw_diff,
|
||||
array(
|
||||
'name' => $file_name,
|
||||
'ttl' => (60 * 60 * 24),
|
||||
'viewPolicy' => PhabricatorPolicies::POLICY_NOONE,
|
||||
));
|
||||
|
||||
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
|
||||
$file->attachToObject(
|
||||
$this->getRequest()->getUser(),
|
||||
$revision->getPHID());
|
||||
unset($unguarded);
|
||||
|
||||
return id(new AphrontRedirectResponse())->setURI($file->getBestURI());
|
||||
|
||||
}
|
||||
|
|
|
@ -810,12 +810,21 @@ final class DiffusionBrowseFileController extends DiffusionBrowseController {
|
|||
}
|
||||
|
||||
private function loadFileForData($path, $data) {
|
||||
return PhabricatorFile::buildFromFileDataOrHash(
|
||||
$file = PhabricatorFile::buildFromFileDataOrHash(
|
||||
$data,
|
||||
array(
|
||||
'name' => basename($path),
|
||||
'ttl' => time() + 60 * 60 * 24,
|
||||
'viewPolicy' => PhabricatorPolicies::POLICY_NOONE,
|
||||
));
|
||||
|
||||
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
|
||||
$file->attachToObject(
|
||||
$this->getRequest()->getUser(),
|
||||
$this->getDiffusionRequest()->getRepository()->getPHID());
|
||||
unset($unguarded);
|
||||
|
||||
return $file;
|
||||
}
|
||||
|
||||
private function buildRawResponse($path, $data) {
|
||||
|
|
|
@ -1049,8 +1049,16 @@ final class DiffusionCommitController extends DiffusionController {
|
|||
$raw_diff,
|
||||
array(
|
||||
'name' => $drequest->getCommit().'.diff',
|
||||
'ttl' => (60 * 60 * 24),
|
||||
'viewPolicy' => PhabricatorPolicies::POLICY_NOONE,
|
||||
));
|
||||
|
||||
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
|
||||
$file->attachToObject(
|
||||
$this->getRequest()->getUser(),
|
||||
$drequest->getRepository()->getPHID());
|
||||
unset($unguarded);
|
||||
|
||||
return id(new AphrontRedirectResponse())->setURI($file->getBestURI());
|
||||
}
|
||||
|
||||
|
|
|
@ -33,6 +33,8 @@ final class PhabricatorFileInfoController extends PhabricatorFileController {
|
|||
|
||||
$this->loadHandles($handle_phids);
|
||||
$header = id(new PHUIHeaderView())
|
||||
->setUser($user)
|
||||
->setPolicyObject($file)
|
||||
->setHeader($file->getName());
|
||||
|
||||
$ttl = $file->getTTL();
|
||||
|
|
|
@ -175,13 +175,17 @@ final class PhabricatorFile extends PhabricatorFileDAO
|
|||
$file_ttl = idx($params, 'ttl');
|
||||
$authorPHID = idx($params, 'authorPHID');
|
||||
|
||||
$new_file = new PhabricatorFile();
|
||||
$new_file = new PhabricatorFile();
|
||||
|
||||
$new_file->setName($file_name);
|
||||
$new_file->setByteSize($copy_of_byteSize);
|
||||
$new_file->setAuthorPHID($authorPHID);
|
||||
$new_file->setTtl($file_ttl);
|
||||
|
||||
if (idx($params, 'viewPolicy')) {
|
||||
$new_file->setViewPolicy($params['viewPolicy']);
|
||||
}
|
||||
|
||||
$new_file->setContentHash($hash);
|
||||
$new_file->setStorageEngine($copy_of_storage_engine);
|
||||
$new_file->setStorageHandle($copy_of_storage_handle);
|
||||
|
@ -262,6 +266,10 @@ final class PhabricatorFile extends PhabricatorFileDAO
|
|||
$file->setTtl($file_ttl);
|
||||
$file->setContentHash(self::hashFileContent($data));
|
||||
|
||||
if (idx($params, 'viewPolicy')) {
|
||||
$file->setViewPolicy($params['viewPolicy']);
|
||||
}
|
||||
|
||||
$file->setStorageEngine($engine_identifier);
|
||||
$file->setStorageHandle($data_handle);
|
||||
|
||||
|
@ -877,8 +885,12 @@ final class PhabricatorFile extends PhabricatorFileDAO
|
|||
}
|
||||
|
||||
public function getPolicy($capability) {
|
||||
// TODO: Implement proper per-object policies.
|
||||
return PhabricatorPolicies::POLICY_USER;
|
||||
switch ($capability) {
|
||||
case PhabricatorPolicyCapability::CAN_VIEW:
|
||||
return $this->getViewPolicy();
|
||||
case PhabricatorPolicyCapability::CAN_EDIT:
|
||||
return PhabricatorPolicies::POLICY_NOONE;
|
||||
}
|
||||
}
|
||||
|
||||
public function hasAutomaticCapability($capability, PhabricatorUser $viewer) {
|
||||
|
|
Loading…
Add table
Reference in a new issue