1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-22 23:02:42 +01:00

Make PhabricatorPolicyQuery a CursorPagedPolicyAwareQuery

Summary:
Ref T603. Make these actually implement policy interfaces, so shared infrastructure (like handle loading) works as expected. They don't actually have meaningful policies, and we short circuit all the checks.

(I don't plan to let you set policy controls on policies themselves)

Test Plan: Loaded handles for Policy objects via common infrastructure.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D7298
This commit is contained in:
epriestley 2013-10-14 12:06:52 -07:00
parent 7364a3bedd
commit 5e5b7576a6
2 changed files with 41 additions and 17 deletions

View file

@ -1,16 +1,11 @@
<?php
final class PhabricatorPolicyQuery extends PhabricatorQuery {
final class PhabricatorPolicyQuery
extends PhabricatorCursorPagedPolicyAwareQuery {
private $viewer;
private $object;
private $phids;
public function setViewer(PhabricatorUser $viewer) {
$this->viewer = $viewer;
return $this;
}
public function setObject(PhabricatorPolicyInterface $object) {
$this->object = $object;
return $this;
@ -58,11 +53,7 @@ final class PhabricatorPolicyQuery extends PhabricatorQuery {
return $policies;
}
public function execute() {
if (!$this->viewer) {
throw new Exception('Call setViewer() before execute()!');
}
public function loadPage() {
if ($this->object && $this->phids) {
throw new Exception(
"You can not issue a policy query with both setObject() and ".
@ -102,7 +93,7 @@ final class PhabricatorPolicyQuery extends PhabricatorQuery {
if ($handle_policies) {
$handles = id(new PhabricatorHandleQuery())
->setViewer($this->viewer)
->setViewer($this->getViewer())
->withPHIDs($handle_policies)
->execute();
foreach ($handle_policies as $phid) {
@ -179,11 +170,12 @@ final class PhabricatorPolicyQuery extends PhabricatorQuery {
private function loadObjectPolicyPHIDs() {
$phids = array();
$viewer = $this->getViewer();
if ($this->viewer->getPHID()) {
if ($viewer->getPHID()) {
$projects = id(new PhabricatorProjectQuery())
->setViewer($this->viewer)
->withMemberPHIDs(array($this->viewer->getPHID()))
->setViewer($viewer)
->withMemberPHIDs(array($viewer->getPHID()))
->execute();
foreach ($projects as $project) {
$phids[] = $project->getPHID();
@ -215,5 +207,11 @@ final class PhabricatorPolicyQuery extends PhabricatorQuery {
return $phids;
}
protected function shouldDisablePolicyFiltering() {
// Policy filtering of policies is currently perilous and not required by
// the application.
return true;
}
}

View file

@ -1,7 +1,8 @@
<?php
final class PhabricatorPolicy
extends PhabricatorPolicyDAO {
extends PhabricatorPolicyDAO
implements PhabricatorPolicyInterface {
const ACTION_ALLOW = 'allow';
const ACTION_DENY = 'deny';
@ -300,4 +301,29 @@ final class PhabricatorPolicy
return $this->assertAttached($this->ruleObjects);
}
/* -( PhabricatorPolicyInterface )----------------------------------------- */
public function getCapabilities() {
return array(
PhabricatorPolicyCapability::CAN_VIEW,
);
}
public function getPolicy($capability) {
// NOTE: We implement policies only so we can comply with the interface.
// The actual query skips them, as enforcing policies on policies seems
// perilous and isn't currently required by the application.
return PhabricatorPolicies::POLICY_PUBLIC;
}
public function hasAutomaticCapability($capability, PhabricatorUser $viewer) {
return false;
}
public function describeAutomaticCapability($capability) {
return null;
}
}