1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-23 22:10:55 +01:00

Remove "feed.public" and sort out feed policies

Summary:
Ref T6817. Fixes T8731. On the old `secure` host, `feed.public` was set to `true`. I didn't bring the option over, which caused the secondary issue in T8731.

Specifically, when `feed.public` is off, a logged-out user looking at feed can't see //any// stories, so they query all of feed until they hit the time limit.

To fix this immediately, just use the most open policy, which is basically equivalent but always correct.

To fix this more thoroughly:

  - Remove `feed.public`, which violates policies and has been slated for removal for a while (see T6817).
  - Clean up policy handling.

Test Plan:
  - As a logged-out user, viewed feed on a public install with `feed.public` off; no longer saw all stories get queried + no feed shown.
  - Grepped for `feed.public`.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: chad, epriestley

Maniphest Tasks: T6817, T8731

Differential Revision: https://secure.phabricator.com/D13518
This commit is contained in:
epriestley 2015-07-01 15:06:55 -07:00
parent 7f67bd8aff
commit 6a996d76fd
7 changed files with 8 additions and 126 deletions

View file

@ -1885,7 +1885,6 @@ phutil_register_library_map(array(
'PhabricatorFeedListController' => 'applications/feed/controller/PhabricatorFeedListController.php', 'PhabricatorFeedListController' => 'applications/feed/controller/PhabricatorFeedListController.php',
'PhabricatorFeedManagementRepublishWorkflow' => 'applications/feed/management/PhabricatorFeedManagementRepublishWorkflow.php', 'PhabricatorFeedManagementRepublishWorkflow' => 'applications/feed/management/PhabricatorFeedManagementRepublishWorkflow.php',
'PhabricatorFeedManagementWorkflow' => 'applications/feed/management/PhabricatorFeedManagementWorkflow.php', 'PhabricatorFeedManagementWorkflow' => 'applications/feed/management/PhabricatorFeedManagementWorkflow.php',
'PhabricatorFeedPublicStreamController' => 'applications/feed/controller/PhabricatorFeedPublicStreamController.php',
'PhabricatorFeedQuery' => 'applications/feed/query/PhabricatorFeedQuery.php', 'PhabricatorFeedQuery' => 'applications/feed/query/PhabricatorFeedQuery.php',
'PhabricatorFeedSearchEngine' => 'applications/feed/query/PhabricatorFeedSearchEngine.php', 'PhabricatorFeedSearchEngine' => 'applications/feed/query/PhabricatorFeedSearchEngine.php',
'PhabricatorFeedStory' => 'applications/feed/story/PhabricatorFeedStory.php', 'PhabricatorFeedStory' => 'applications/feed/story/PhabricatorFeedStory.php',
@ -5520,7 +5519,6 @@ phutil_register_library_map(array(
'PhabricatorFeedListController' => 'PhabricatorFeedController', 'PhabricatorFeedListController' => 'PhabricatorFeedController',
'PhabricatorFeedManagementRepublishWorkflow' => 'PhabricatorFeedManagementWorkflow', 'PhabricatorFeedManagementRepublishWorkflow' => 'PhabricatorFeedManagementWorkflow',
'PhabricatorFeedManagementWorkflow' => 'PhabricatorManagementWorkflow', 'PhabricatorFeedManagementWorkflow' => 'PhabricatorManagementWorkflow',
'PhabricatorFeedPublicStreamController' => 'PhabricatorFeedController',
'PhabricatorFeedQuery' => 'PhabricatorCursorPagedPolicyAwareQuery', 'PhabricatorFeedQuery' => 'PhabricatorCursorPagedPolicyAwareQuery',
'PhabricatorFeedSearchEngine' => 'PhabricatorApplicationSearchEngine', 'PhabricatorFeedSearchEngine' => 'PhabricatorApplicationSearchEngine',
'PhabricatorFeedStory' => array( 'PhabricatorFeedStory' => array(

View file

@ -274,6 +274,8 @@ final class PhabricatorExtraConfigSetupCheck extends PhabricatorSetupCheck {
'security.allow-conduit-act-as-user' => pht( 'security.allow-conduit-act-as-user' => pht(
'Impersonating users over the API is no longer supported.'), 'Impersonating users over the API is no longer supported.'),
'feed.public' => pht('The framable public feed is no longer supported.'),
); );
return $ancient_config; return $ancient_config;

View file

@ -25,7 +25,6 @@ final class PhabricatorFeedApplication extends PhabricatorApplication {
public function getRoutes() { public function getRoutes() {
return array( return array(
'/feed/' => array( '/feed/' => array(
'public/' => 'PhabricatorFeedPublicStreamController',
'(?P<id>\d+)/' => 'PhabricatorFeedDetailController', '(?P<id>\d+)/' => 'PhabricatorFeedDetailController',
'(?:query/(?P<queryKey>[^/]+)/)?' => 'PhabricatorFeedListController', '(?:query/(?P<queryKey>[^/]+)/)?' => 'PhabricatorFeedListController',
), ),

View file

@ -4,7 +4,6 @@ final class PhabricatorFeedBuilder extends Phobject {
private $user; private $user;
private $stories; private $stories;
private $framed;
private $hovercards = false; private $hovercards = false;
private $noDataString; private $noDataString;
@ -13,11 +12,6 @@ final class PhabricatorFeedBuilder extends Phobject {
$this->stories = $stories; $this->stories = $stories;
} }
public function setFramed($framed) {
$this->framed = $framed;
return $this;
}
public function setUser(PhabricatorUser $user) { public function setUser(PhabricatorUser $user) {
$this->user = $user; $this->user = $user;
return $this; return $this;
@ -47,7 +41,6 @@ final class PhabricatorFeedBuilder extends Phobject {
$last_date = null; $last_date = null;
foreach ($stories as $story) { foreach ($stories as $story) {
$story->setFramed($this->framed);
$story->setHovercard($this->hovercards); $story->setHovercard($this->hovercards);
$date = ucfirst(phabricator_relative_date($story->getEpoch(), $user)); $date = ucfirst(phabricator_relative_date($story->getEpoch(), $user));

View file

@ -21,24 +21,6 @@ final class PhabricatorFeedConfigOptions
public function getOptions() { public function getOptions() {
return array( return array(
$this->newOption('feed.public', 'bool', false)
->setLocked(true)
->setBoolOptions(
array(
pht('Allow anyone to view the feed'),
pht('Require authentication'),
))
->setSummary(pht('Should the feed be public?'))
->setDescription(
pht(
"If you set this to true, you can embed Phabricator activity ".
"feeds in other pages using iframes. These feeds are completely ".
"public, and a login is not required to view them! This is ".
"intended for things like open source projects that want to ".
"expose an activity feed on the project homepage.\n\n".
"NOTE: You must also set `%s` to true for this ".
"setting to work properly.",
'policy.allow-public')),
$this->newOption('feed.http-hooks', 'list<string>', array()) $this->newOption('feed.http-hooks', 'list<string>', array())
->setLocked(true) ->setLocked(true)
->setSummary(pht('POST notifications of feed events.')) ->setSummary(pht('POST notifications of feed events.'))

View file

@ -1,39 +0,0 @@
<?php
final class PhabricatorFeedPublicStreamController
extends PhabricatorFeedController {
public function shouldRequireLogin() {
return false;
}
public function processRequest() {
if (!PhabricatorEnv::getEnvConfig('feed.public')) {
return new Aphront404Response();
}
$request = $this->getRequest();
$viewer = PhabricatorUser::getOmnipotentUser();
$query = new PhabricatorFeedQuery();
$query->setViewer($viewer);
$query->setLimit(100);
$stories = $query->execute();
$builder = new PhabricatorFeedBuilder($stories);
$builder
->setFramed(true)
->setUser($viewer);
$view = phutil_tag_div(
'phabricator-public-feed-frame',
$builder->buildView());
return $this->buildStandardPageResponse(
$view,
array(
'title' => pht('Public Feed'),
'public' => true,
));
}
}

View file

@ -16,7 +16,6 @@ abstract class PhabricatorFeedStory
private $data; private $data;
private $hasViewed; private $hasViewed;
private $framed;
private $hovercard = false; private $hovercard = false;
private $renderingTarget = PhabricatorApplicationTransaction::TARGET_HTML; private $renderingTarget = PhabricatorApplicationTransaction::TARGET_HTML;
@ -289,11 +288,6 @@ abstract class PhabricatorFeedStory
return $this->hasViewed; return $this->hasViewed;
} }
final public function setFramed($framed) {
$this->framed = $framed;
return $this;
}
final public function setHandles(array $handles) { final public function setHandles(array $handles) {
assert_instances_of($handles, 'PhabricatorObjectHandle'); assert_instances_of($handles, 'PhabricatorObjectHandle');
$this->handles = $handles; $this->handles = $handles;
@ -367,24 +361,7 @@ abstract class PhabricatorFeedStory
return $handle->getLinkName(); return $handle->getLinkName();
} }
// NOTE: We render our own link here to customize the styling and add return $handle->renderLink();
// the '_top' target for framed feeds.
$class = null;
if ($handle->getType() == PhabricatorPeopleUserPHIDType::TYPECONST) {
$class = 'phui-link-person';
}
return javelin_tag(
'a',
array(
'href' => $handle->getURI(),
'target' => $this->framed ? '_top' : null,
'sigil' => $this->hovercard ? 'hovercard' : null,
'meta' => $this->hovercard ? array('hoverPHID' => $phid) : null,
'class' => $class,
),
$handle->getLinkName());
} }
final protected function renderString($str) { final protected function renderString($str) {
@ -462,16 +439,10 @@ abstract class PhabricatorFeedStory
* @task policy * @task policy
*/ */
public function getPolicy($capability) { public function getPolicy($capability) {
$policy_object = $this->getPrimaryPolicyObject(); // NOTE: We enforce that a user can see all the objects a story is about
if ($policy_object) { // when loading it, so we don't need to perform a equivalent secondary
return $policy_object->getPolicy($capability); // policy check later.
} return PhabricatorPolicies::getMostOpenPolicy();
// TODO: Remove this once all objects are policy-aware. For now, keep
// respecting the `feed.public` setting.
return PhabricatorEnv::getEnvConfig('feed.public')
? PhabricatorPolicies::POLICY_PUBLIC
: PhabricatorPolicies::POLICY_USER;
} }
@ -479,39 +450,15 @@ abstract class PhabricatorFeedStory
* @task policy * @task policy
*/ */
public function hasAutomaticCapability($capability, PhabricatorUser $viewer) { public function hasAutomaticCapability($capability, PhabricatorUser $viewer) {
$policy_object = $this->getPrimaryPolicyObject();
if ($policy_object) {
return $policy_object->hasAutomaticCapability($capability, $viewer);
}
return false; return false;
} }
public function describeAutomaticCapability($capability) { public function describeAutomaticCapability($capability) {
return null; return null;
} }
/**
* Get the policy object this story is about, if such a policy object
* exists.
*
* @return PhabricatorPolicyInterface|null Policy object, if available.
* @task policy
*/
private function getPrimaryPolicyObject() {
$primary_phid = $this->getPrimaryObjectPHID();
if (empty($this->objects[$primary_phid])) {
$object = $this->objects[$primary_phid];
if ($object instanceof PhabricatorPolicyInterface) {
return $object;
}
}
return null;
}
/* -( PhabricatorMarkupInterface Implementation )--------------------------- */ /* -( PhabricatorMarkupInterface Implementation )--------------------------- */