mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-14 02:42:40 +01:00
Remove "feed.public" and sort out feed policies
Summary: Ref T6817. Fixes T8731. On the old `secure` host, `feed.public` was set to `true`. I didn't bring the option over, which caused the secondary issue in T8731. Specifically, when `feed.public` is off, a logged-out user looking at feed can't see //any// stories, so they query all of feed until they hit the time limit. To fix this immediately, just use the most open policy, which is basically equivalent but always correct. To fix this more thoroughly: - Remove `feed.public`, which violates policies and has been slated for removal for a while (see T6817). - Clean up policy handling. Test Plan: - As a logged-out user, viewed feed on a public install with `feed.public` off; no longer saw all stories get queried + no feed shown. - Grepped for `feed.public`. Reviewers: btrahan Reviewed By: btrahan Subscribers: chad, epriestley Maniphest Tasks: T6817, T8731 Differential Revision: https://secure.phabricator.com/D13518
This commit is contained in:
parent
7f67bd8aff
commit
6a996d76fd
7 changed files with 8 additions and 126 deletions
|
@ -1885,7 +1885,6 @@ phutil_register_library_map(array(
|
||||||
'PhabricatorFeedListController' => 'applications/feed/controller/PhabricatorFeedListController.php',
|
'PhabricatorFeedListController' => 'applications/feed/controller/PhabricatorFeedListController.php',
|
||||||
'PhabricatorFeedManagementRepublishWorkflow' => 'applications/feed/management/PhabricatorFeedManagementRepublishWorkflow.php',
|
'PhabricatorFeedManagementRepublishWorkflow' => 'applications/feed/management/PhabricatorFeedManagementRepublishWorkflow.php',
|
||||||
'PhabricatorFeedManagementWorkflow' => 'applications/feed/management/PhabricatorFeedManagementWorkflow.php',
|
'PhabricatorFeedManagementWorkflow' => 'applications/feed/management/PhabricatorFeedManagementWorkflow.php',
|
||||||
'PhabricatorFeedPublicStreamController' => 'applications/feed/controller/PhabricatorFeedPublicStreamController.php',
|
|
||||||
'PhabricatorFeedQuery' => 'applications/feed/query/PhabricatorFeedQuery.php',
|
'PhabricatorFeedQuery' => 'applications/feed/query/PhabricatorFeedQuery.php',
|
||||||
'PhabricatorFeedSearchEngine' => 'applications/feed/query/PhabricatorFeedSearchEngine.php',
|
'PhabricatorFeedSearchEngine' => 'applications/feed/query/PhabricatorFeedSearchEngine.php',
|
||||||
'PhabricatorFeedStory' => 'applications/feed/story/PhabricatorFeedStory.php',
|
'PhabricatorFeedStory' => 'applications/feed/story/PhabricatorFeedStory.php',
|
||||||
|
@ -5520,7 +5519,6 @@ phutil_register_library_map(array(
|
||||||
'PhabricatorFeedListController' => 'PhabricatorFeedController',
|
'PhabricatorFeedListController' => 'PhabricatorFeedController',
|
||||||
'PhabricatorFeedManagementRepublishWorkflow' => 'PhabricatorFeedManagementWorkflow',
|
'PhabricatorFeedManagementRepublishWorkflow' => 'PhabricatorFeedManagementWorkflow',
|
||||||
'PhabricatorFeedManagementWorkflow' => 'PhabricatorManagementWorkflow',
|
'PhabricatorFeedManagementWorkflow' => 'PhabricatorManagementWorkflow',
|
||||||
'PhabricatorFeedPublicStreamController' => 'PhabricatorFeedController',
|
|
||||||
'PhabricatorFeedQuery' => 'PhabricatorCursorPagedPolicyAwareQuery',
|
'PhabricatorFeedQuery' => 'PhabricatorCursorPagedPolicyAwareQuery',
|
||||||
'PhabricatorFeedSearchEngine' => 'PhabricatorApplicationSearchEngine',
|
'PhabricatorFeedSearchEngine' => 'PhabricatorApplicationSearchEngine',
|
||||||
'PhabricatorFeedStory' => array(
|
'PhabricatorFeedStory' => array(
|
||||||
|
|
|
@ -274,6 +274,8 @@ final class PhabricatorExtraConfigSetupCheck extends PhabricatorSetupCheck {
|
||||||
|
|
||||||
'security.allow-conduit-act-as-user' => pht(
|
'security.allow-conduit-act-as-user' => pht(
|
||||||
'Impersonating users over the API is no longer supported.'),
|
'Impersonating users over the API is no longer supported.'),
|
||||||
|
|
||||||
|
'feed.public' => pht('The framable public feed is no longer supported.'),
|
||||||
);
|
);
|
||||||
|
|
||||||
return $ancient_config;
|
return $ancient_config;
|
||||||
|
|
|
@ -25,7 +25,6 @@ final class PhabricatorFeedApplication extends PhabricatorApplication {
|
||||||
public function getRoutes() {
|
public function getRoutes() {
|
||||||
return array(
|
return array(
|
||||||
'/feed/' => array(
|
'/feed/' => array(
|
||||||
'public/' => 'PhabricatorFeedPublicStreamController',
|
|
||||||
'(?P<id>\d+)/' => 'PhabricatorFeedDetailController',
|
'(?P<id>\d+)/' => 'PhabricatorFeedDetailController',
|
||||||
'(?:query/(?P<queryKey>[^/]+)/)?' => 'PhabricatorFeedListController',
|
'(?:query/(?P<queryKey>[^/]+)/)?' => 'PhabricatorFeedListController',
|
||||||
),
|
),
|
||||||
|
|
|
@ -4,7 +4,6 @@ final class PhabricatorFeedBuilder extends Phobject {
|
||||||
|
|
||||||
private $user;
|
private $user;
|
||||||
private $stories;
|
private $stories;
|
||||||
private $framed;
|
|
||||||
private $hovercards = false;
|
private $hovercards = false;
|
||||||
private $noDataString;
|
private $noDataString;
|
||||||
|
|
||||||
|
@ -13,11 +12,6 @@ final class PhabricatorFeedBuilder extends Phobject {
|
||||||
$this->stories = $stories;
|
$this->stories = $stories;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function setFramed($framed) {
|
|
||||||
$this->framed = $framed;
|
|
||||||
return $this;
|
|
||||||
}
|
|
||||||
|
|
||||||
public function setUser(PhabricatorUser $user) {
|
public function setUser(PhabricatorUser $user) {
|
||||||
$this->user = $user;
|
$this->user = $user;
|
||||||
return $this;
|
return $this;
|
||||||
|
@ -47,7 +41,6 @@ final class PhabricatorFeedBuilder extends Phobject {
|
||||||
|
|
||||||
$last_date = null;
|
$last_date = null;
|
||||||
foreach ($stories as $story) {
|
foreach ($stories as $story) {
|
||||||
$story->setFramed($this->framed);
|
|
||||||
$story->setHovercard($this->hovercards);
|
$story->setHovercard($this->hovercards);
|
||||||
|
|
||||||
$date = ucfirst(phabricator_relative_date($story->getEpoch(), $user));
|
$date = ucfirst(phabricator_relative_date($story->getEpoch(), $user));
|
||||||
|
|
|
@ -21,24 +21,6 @@ final class PhabricatorFeedConfigOptions
|
||||||
|
|
||||||
public function getOptions() {
|
public function getOptions() {
|
||||||
return array(
|
return array(
|
||||||
$this->newOption('feed.public', 'bool', false)
|
|
||||||
->setLocked(true)
|
|
||||||
->setBoolOptions(
|
|
||||||
array(
|
|
||||||
pht('Allow anyone to view the feed'),
|
|
||||||
pht('Require authentication'),
|
|
||||||
))
|
|
||||||
->setSummary(pht('Should the feed be public?'))
|
|
||||||
->setDescription(
|
|
||||||
pht(
|
|
||||||
"If you set this to true, you can embed Phabricator activity ".
|
|
||||||
"feeds in other pages using iframes. These feeds are completely ".
|
|
||||||
"public, and a login is not required to view them! This is ".
|
|
||||||
"intended for things like open source projects that want to ".
|
|
||||||
"expose an activity feed on the project homepage.\n\n".
|
|
||||||
"NOTE: You must also set `%s` to true for this ".
|
|
||||||
"setting to work properly.",
|
|
||||||
'policy.allow-public')),
|
|
||||||
$this->newOption('feed.http-hooks', 'list<string>', array())
|
$this->newOption('feed.http-hooks', 'list<string>', array())
|
||||||
->setLocked(true)
|
->setLocked(true)
|
||||||
->setSummary(pht('POST notifications of feed events.'))
|
->setSummary(pht('POST notifications of feed events.'))
|
||||||
|
|
|
@ -1,39 +0,0 @@
|
||||||
<?php
|
|
||||||
|
|
||||||
final class PhabricatorFeedPublicStreamController
|
|
||||||
extends PhabricatorFeedController {
|
|
||||||
|
|
||||||
public function shouldRequireLogin() {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
public function processRequest() {
|
|
||||||
if (!PhabricatorEnv::getEnvConfig('feed.public')) {
|
|
||||||
return new Aphront404Response();
|
|
||||||
}
|
|
||||||
|
|
||||||
$request = $this->getRequest();
|
|
||||||
$viewer = PhabricatorUser::getOmnipotentUser();
|
|
||||||
|
|
||||||
$query = new PhabricatorFeedQuery();
|
|
||||||
$query->setViewer($viewer);
|
|
||||||
$query->setLimit(100);
|
|
||||||
$stories = $query->execute();
|
|
||||||
|
|
||||||
$builder = new PhabricatorFeedBuilder($stories);
|
|
||||||
$builder
|
|
||||||
->setFramed(true)
|
|
||||||
->setUser($viewer);
|
|
||||||
|
|
||||||
$view = phutil_tag_div(
|
|
||||||
'phabricator-public-feed-frame',
|
|
||||||
$builder->buildView());
|
|
||||||
|
|
||||||
return $this->buildStandardPageResponse(
|
|
||||||
$view,
|
|
||||||
array(
|
|
||||||
'title' => pht('Public Feed'),
|
|
||||||
'public' => true,
|
|
||||||
));
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -16,7 +16,6 @@ abstract class PhabricatorFeedStory
|
||||||
|
|
||||||
private $data;
|
private $data;
|
||||||
private $hasViewed;
|
private $hasViewed;
|
||||||
private $framed;
|
|
||||||
private $hovercard = false;
|
private $hovercard = false;
|
||||||
private $renderingTarget = PhabricatorApplicationTransaction::TARGET_HTML;
|
private $renderingTarget = PhabricatorApplicationTransaction::TARGET_HTML;
|
||||||
|
|
||||||
|
@ -289,11 +288,6 @@ abstract class PhabricatorFeedStory
|
||||||
return $this->hasViewed;
|
return $this->hasViewed;
|
||||||
}
|
}
|
||||||
|
|
||||||
final public function setFramed($framed) {
|
|
||||||
$this->framed = $framed;
|
|
||||||
return $this;
|
|
||||||
}
|
|
||||||
|
|
||||||
final public function setHandles(array $handles) {
|
final public function setHandles(array $handles) {
|
||||||
assert_instances_of($handles, 'PhabricatorObjectHandle');
|
assert_instances_of($handles, 'PhabricatorObjectHandle');
|
||||||
$this->handles = $handles;
|
$this->handles = $handles;
|
||||||
|
@ -367,24 +361,7 @@ abstract class PhabricatorFeedStory
|
||||||
return $handle->getLinkName();
|
return $handle->getLinkName();
|
||||||
}
|
}
|
||||||
|
|
||||||
// NOTE: We render our own link here to customize the styling and add
|
return $handle->renderLink();
|
||||||
// the '_top' target for framed feeds.
|
|
||||||
|
|
||||||
$class = null;
|
|
||||||
if ($handle->getType() == PhabricatorPeopleUserPHIDType::TYPECONST) {
|
|
||||||
$class = 'phui-link-person';
|
|
||||||
}
|
|
||||||
|
|
||||||
return javelin_tag(
|
|
||||||
'a',
|
|
||||||
array(
|
|
||||||
'href' => $handle->getURI(),
|
|
||||||
'target' => $this->framed ? '_top' : null,
|
|
||||||
'sigil' => $this->hovercard ? 'hovercard' : null,
|
|
||||||
'meta' => $this->hovercard ? array('hoverPHID' => $phid) : null,
|
|
||||||
'class' => $class,
|
|
||||||
),
|
|
||||||
$handle->getLinkName());
|
|
||||||
}
|
}
|
||||||
|
|
||||||
final protected function renderString($str) {
|
final protected function renderString($str) {
|
||||||
|
@ -462,16 +439,10 @@ abstract class PhabricatorFeedStory
|
||||||
* @task policy
|
* @task policy
|
||||||
*/
|
*/
|
||||||
public function getPolicy($capability) {
|
public function getPolicy($capability) {
|
||||||
$policy_object = $this->getPrimaryPolicyObject();
|
// NOTE: We enforce that a user can see all the objects a story is about
|
||||||
if ($policy_object) {
|
// when loading it, so we don't need to perform a equivalent secondary
|
||||||
return $policy_object->getPolicy($capability);
|
// policy check later.
|
||||||
}
|
return PhabricatorPolicies::getMostOpenPolicy();
|
||||||
|
|
||||||
// TODO: Remove this once all objects are policy-aware. For now, keep
|
|
||||||
// respecting the `feed.public` setting.
|
|
||||||
return PhabricatorEnv::getEnvConfig('feed.public')
|
|
||||||
? PhabricatorPolicies::POLICY_PUBLIC
|
|
||||||
: PhabricatorPolicies::POLICY_USER;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -479,39 +450,15 @@ abstract class PhabricatorFeedStory
|
||||||
* @task policy
|
* @task policy
|
||||||
*/
|
*/
|
||||||
public function hasAutomaticCapability($capability, PhabricatorUser $viewer) {
|
public function hasAutomaticCapability($capability, PhabricatorUser $viewer) {
|
||||||
$policy_object = $this->getPrimaryPolicyObject();
|
|
||||||
if ($policy_object) {
|
|
||||||
return $policy_object->hasAutomaticCapability($capability, $viewer);
|
|
||||||
}
|
|
||||||
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
public function describeAutomaticCapability($capability) {
|
public function describeAutomaticCapability($capability) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Get the policy object this story is about, if such a policy object
|
|
||||||
* exists.
|
|
||||||
*
|
|
||||||
* @return PhabricatorPolicyInterface|null Policy object, if available.
|
|
||||||
* @task policy
|
|
||||||
*/
|
|
||||||
private function getPrimaryPolicyObject() {
|
|
||||||
$primary_phid = $this->getPrimaryObjectPHID();
|
|
||||||
if (empty($this->objects[$primary_phid])) {
|
|
||||||
$object = $this->objects[$primary_phid];
|
|
||||||
if ($object instanceof PhabricatorPolicyInterface) {
|
|
||||||
return $object;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/* -( PhabricatorMarkupInterface Implementation )--------------------------- */
|
/* -( PhabricatorMarkupInterface Implementation )--------------------------- */
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue