mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-22 23:02:42 +01:00
Make PhabricatorPolicyQuery a CursorPagedPolicyAwareQuery
Summary: Ref T603. Make these actually implement policy interfaces, so shared infrastructure (like handle loading) works as expected. They don't actually have meaningful policies, and we short circuit all the checks. (I don't plan to let you set policy controls on policies themselves) Test Plan: Loaded handles for Policy objects via common infrastructure. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T603 Differential Revision: https://secure.phabricator.com/D7298
This commit is contained in:
parent
7364a3bedd
commit
5e5b7576a6
2 changed files with 41 additions and 17 deletions
|
@ -1,16 +1,11 @@
|
|||
<?php
|
||||
|
||||
final class PhabricatorPolicyQuery extends PhabricatorQuery {
|
||||
final class PhabricatorPolicyQuery
|
||||
extends PhabricatorCursorPagedPolicyAwareQuery {
|
||||
|
||||
private $viewer;
|
||||
private $object;
|
||||
private $phids;
|
||||
|
||||
public function setViewer(PhabricatorUser $viewer) {
|
||||
$this->viewer = $viewer;
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function setObject(PhabricatorPolicyInterface $object) {
|
||||
$this->object = $object;
|
||||
return $this;
|
||||
|
@ -58,11 +53,7 @@ final class PhabricatorPolicyQuery extends PhabricatorQuery {
|
|||
return $policies;
|
||||
}
|
||||
|
||||
public function execute() {
|
||||
if (!$this->viewer) {
|
||||
throw new Exception('Call setViewer() before execute()!');
|
||||
}
|
||||
|
||||
public function loadPage() {
|
||||
if ($this->object && $this->phids) {
|
||||
throw new Exception(
|
||||
"You can not issue a policy query with both setObject() and ".
|
||||
|
@ -102,7 +93,7 @@ final class PhabricatorPolicyQuery extends PhabricatorQuery {
|
|||
|
||||
if ($handle_policies) {
|
||||
$handles = id(new PhabricatorHandleQuery())
|
||||
->setViewer($this->viewer)
|
||||
->setViewer($this->getViewer())
|
||||
->withPHIDs($handle_policies)
|
||||
->execute();
|
||||
foreach ($handle_policies as $phid) {
|
||||
|
@ -179,11 +170,12 @@ final class PhabricatorPolicyQuery extends PhabricatorQuery {
|
|||
|
||||
private function loadObjectPolicyPHIDs() {
|
||||
$phids = array();
|
||||
$viewer = $this->getViewer();
|
||||
|
||||
if ($this->viewer->getPHID()) {
|
||||
if ($viewer->getPHID()) {
|
||||
$projects = id(new PhabricatorProjectQuery())
|
||||
->setViewer($this->viewer)
|
||||
->withMemberPHIDs(array($this->viewer->getPHID()))
|
||||
->setViewer($viewer)
|
||||
->withMemberPHIDs(array($viewer->getPHID()))
|
||||
->execute();
|
||||
foreach ($projects as $project) {
|
||||
$phids[] = $project->getPHID();
|
||||
|
@ -215,5 +207,11 @@ final class PhabricatorPolicyQuery extends PhabricatorQuery {
|
|||
return $phids;
|
||||
}
|
||||
|
||||
protected function shouldDisablePolicyFiltering() {
|
||||
// Policy filtering of policies is currently perilous and not required by
|
||||
// the application.
|
||||
return true;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
|
|
@ -1,7 +1,8 @@
|
|||
<?php
|
||||
|
||||
final class PhabricatorPolicy
|
||||
extends PhabricatorPolicyDAO {
|
||||
extends PhabricatorPolicyDAO
|
||||
implements PhabricatorPolicyInterface {
|
||||
|
||||
const ACTION_ALLOW = 'allow';
|
||||
const ACTION_DENY = 'deny';
|
||||
|
@ -300,4 +301,29 @@ final class PhabricatorPolicy
|
|||
return $this->assertAttached($this->ruleObjects);
|
||||
}
|
||||
|
||||
|
||||
/* -( PhabricatorPolicyInterface )----------------------------------------- */
|
||||
|
||||
|
||||
public function getCapabilities() {
|
||||
return array(
|
||||
PhabricatorPolicyCapability::CAN_VIEW,
|
||||
);
|
||||
}
|
||||
|
||||
public function getPolicy($capability) {
|
||||
// NOTE: We implement policies only so we can comply with the interface.
|
||||
// The actual query skips them, as enforcing policies on policies seems
|
||||
// perilous and isn't currently required by the application.
|
||||
return PhabricatorPolicies::POLICY_PUBLIC;
|
||||
}
|
||||
|
||||
public function hasAutomaticCapability($capability, PhabricatorUser $viewer) {
|
||||
return false;
|
||||
}
|
||||
|
||||
public function describeAutomaticCapability($capability) {
|
||||
return null;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue