mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-17 12:22:42 +01:00
Give Owners real view and edit policies
Summary: Fixes T10360. In modern code, most of the meat is automatic. Test Plan: - Edited view policy and edit policy from web UI. - Viewed package, saw policy badge in header. - Tried to edit a package as a user without permission, got appropriate disabled states and errors. - Changed policies via Conduit. - Tried to view a package as a user without permission. Reviewers: chad Reviewed By: chad Maniphest Tasks: T10360 Differential Revision: https://secure.phabricator.com/D15275
This commit is contained in:
epriestley
parent
f1f8ee8e6a
commit
71ee97d74f
12 changed files with 83 additions and 6 deletions
2
resources/sql/autopatches/20160215.owners.policy.1.sql
Normal file
2
resources/sql/autopatches/20160215.owners.policy.1.sql
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
ALTER TABLE {$NAMESPACE}_owners.owners_package
|
||||
ADD viewPolicy VARBINARY(64) NOT NULL;
|
||||
2
resources/sql/autopatches/20160215.owners.policy.2.sql
Normal file
2
resources/sql/autopatches/20160215.owners.policy.2.sql
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
ALTER TABLE {$NAMESPACE}_owners.owners_package
|
||||
ADD editPolicy VARBINARY(64) NOT NULL;
|
||||
2
resources/sql/autopatches/20160215.owners.policy.3.sql
Normal file
2
resources/sql/autopatches/20160215.owners.policy.3.sql
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
UPDATE {$NAMESPACE}_owners.owners_package
|
||||
SET viewPolicy = 'users' WHERE viewPolicy = '';
|
||||
2
resources/sql/autopatches/20160215.owners.policy.4.sql
Normal file
2
resources/sql/autopatches/20160215.owners.policy.4.sql
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
UPDATE {$NAMESPACE}_owners.owners_package
|
||||
SET editPolicy = 'users' WHERE editPolicy = '';
|
||||
|
|
@ -2665,6 +2665,8 @@ phutil_register_library_map(array(
|
|||
'PhabricatorOwnersCustomFieldStorage' => 'applications/owners/storage/PhabricatorOwnersCustomFieldStorage.php',
|
||||
'PhabricatorOwnersCustomFieldStringIndex' => 'applications/owners/storage/PhabricatorOwnersCustomFieldStringIndex.php',
|
||||
'PhabricatorOwnersDAO' => 'applications/owners/storage/PhabricatorOwnersDAO.php',
|
||||
'PhabricatorOwnersDefaultEditCapability' => 'applications/owners/capability/PhabricatorOwnersDefaultEditCapability.php',
|
||||
'PhabricatorOwnersDefaultViewCapability' => 'applications/owners/capability/PhabricatorOwnersDefaultViewCapability.php',
|
||||
'PhabricatorOwnersDetailController' => 'applications/owners/controller/PhabricatorOwnersDetailController.php',
|
||||
'PhabricatorOwnersEditController' => 'applications/owners/controller/PhabricatorOwnersEditController.php',
|
||||
'PhabricatorOwnersListController' => 'applications/owners/controller/PhabricatorOwnersListController.php',
|
||||
|
|
@ -7036,6 +7038,8 @@ phutil_register_library_map(array(
|
|||
'PhabricatorOwnersCustomFieldStorage' => 'PhabricatorCustomFieldStorage',
|
||||
'PhabricatorOwnersCustomFieldStringIndex' => 'PhabricatorCustomFieldStringIndexStorage',
|
||||
'PhabricatorOwnersDAO' => 'PhabricatorLiskDAO',
|
||||
'PhabricatorOwnersDefaultEditCapability' => 'PhabricatorPolicyCapability',
|
||||
'PhabricatorOwnersDefaultViewCapability' => 'PhabricatorPolicyCapability',
|
||||
'PhabricatorOwnersDetailController' => 'PhabricatorOwnersController',
|
||||
'PhabricatorOwnersEditController' => 'PhabricatorOwnersController',
|
||||
'PhabricatorOwnersListController' => 'PhabricatorOwnersController',
|
||||
|
|
|
|||
|
|
@ -54,4 +54,19 @@ final class PhabricatorOwnersApplication extends PhabricatorApplication {
|
|||
);
|
||||
}
|
||||
|
||||
protected function getCustomCapabilities() {
|
||||
return array(
|
||||
PhabricatorOwnersDefaultViewCapability::CAPABILITY => array(
|
||||
'caption' => pht('Default view policy for newly created packages.'),
|
||||
'template' => PhabricatorOwnersPackagePHIDType::TYPECONST,
|
||||
'capability' => PhabricatorPolicyCapability::CAN_VIEW,
|
||||
),
|
||||
PhabricatorOwnersDefaultEditCapability::CAPABILITY => array(
|
||||
'caption' => pht('Default edit policy for newly created packages.'),
|
||||
'template' => PhabricatorOwnersPackagePHIDType::TYPECONST,
|
||||
'capability' => PhabricatorPolicyCapability::CAN_EDIT,
|
||||
),
|
||||
);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,12 @@
|
|||
<?php
|
||||
|
||||
final class PhabricatorOwnersDefaultEditCapability
|
||||
extends PhabricatorPolicyCapability {
|
||||
|
||||
const CAPABILITY = 'owners.default.edit';
|
||||
|
||||
public function getCapabilityName() {
|
||||
return pht('Default Edit Policy');
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -0,0 +1,16 @@
|
|||
<?php
|
||||
|
||||
final class PhabricatorOwnersDefaultViewCapability
|
||||
extends PhabricatorPolicyCapability {
|
||||
|
||||
const CAPABILITY = 'owners.default.view';
|
||||
|
||||
public function getCapabilityName() {
|
||||
return pht('Default View Policy');
|
||||
}
|
||||
|
||||
public function shouldAllowPublicPolicySetting() {
|
||||
return true;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -211,8 +211,10 @@ final class PhabricatorOwnersDetailController
|
|||
private function buildPackageActionView(PhabricatorOwnersPackage $package) {
|
||||
$viewer = $this->getViewer();
|
||||
|
||||
// TODO: Implement this capability.
|
||||
$can_edit = true;
|
||||
$can_edit = PhabricatorPolicyFilter::hasCapability(
|
||||
$viewer,
|
||||
$package,
|
||||
PhabricatorPolicyCapability::CAN_EDIT);
|
||||
|
||||
$id = $package->getID();
|
||||
$edit_uri = $this->getApplicationURI("/edit/{$id}/");
|
||||
|
|
|
|||
|
|
@ -12,8 +12,7 @@ final class PhabricatorOwnersPathsController
|
|||
->requireCapabilities(
|
||||
array(
|
||||
PhabricatorPolicyCapability::CAN_VIEW,
|
||||
// TODO: Support this capability.
|
||||
// PhabricatorPolicyCapability::CAN_EDIT,
|
||||
PhabricatorPolicyCapability::CAN_EDIT,
|
||||
))
|
||||
->needPaths(true)
|
||||
->executeOne();
|
||||
|
|
|
|||
|
|
@ -21,6 +21,9 @@ final class PhabricatorOwnersPackageTransactionEditor
|
|||
$types[] = PhabricatorOwnersPackageTransaction::TYPE_PATHS;
|
||||
$types[] = PhabricatorOwnersPackageTransaction::TYPE_STATUS;
|
||||
|
||||
$types[] = PhabricatorTransactions::TYPE_VIEW_POLICY;
|
||||
$types[] = PhabricatorTransactions::TYPE_EDIT_POLICY;
|
||||
|
||||
return $types;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -18,6 +18,8 @@ final class PhabricatorOwnersPackage
|
|||
protected $primaryOwnerPHID;
|
||||
protected $mailKey;
|
||||
protected $status;
|
||||
protected $viewPolicy;
|
||||
protected $editPolicy;
|
||||
|
||||
private $paths = self::ATTACHABLE;
|
||||
private $owners = self::ATTACHABLE;
|
||||
|
|
@ -27,8 +29,20 @@ final class PhabricatorOwnersPackage
|
|||
const STATUS_ARCHIVED = 'archived';
|
||||
|
||||
public static function initializeNewPackage(PhabricatorUser $actor) {
|
||||
$app = id(new PhabricatorApplicationQuery())
|
||||
->setViewer($actor)
|
||||
->withClasses(array('PhabricatorOwnersApplication'))
|
||||
->executeOne();
|
||||
|
||||
$view_policy = $app->getPolicy(
|
||||
PhabricatorOwnersDefaultViewCapability::CAPABILITY);
|
||||
$edit_policy = $app->getPolicy(
|
||||
PhabricatorOwnersDefaultEditCapability::CAPABILITY);
|
||||
|
||||
return id(new PhabricatorOwnersPackage())
|
||||
->setAuditingEnabled(0)
|
||||
->setViewPolicy($view_policy)
|
||||
->setEditPolicy($edit_policy)
|
||||
->attachPaths(array())
|
||||
->setStatus(self::STATUS_ACTIVE)
|
||||
->attachOwners(array())
|
||||
|
|
@ -287,8 +301,12 @@ final class PhabricatorOwnersPackage
|
|||
}
|
||||
|
||||
public function getPolicy($capability) {
|
||||
// TODO: Implement proper policies.
|
||||
return PhabricatorPolicies::POLICY_USER;
|
||||
switch ($capability) {
|
||||
case PhabricatorPolicyCapability::CAN_VIEW:
|
||||
return $this->getViewPolicy();
|
||||
case PhabricatorPolicyCapability::CAN_EDIT:
|
||||
return $this->getEditPolicy();
|
||||
}
|
||||
}
|
||||
|
||||
public function hasAutomaticCapability($capability, PhabricatorUser $viewer) {
|
||||
|
|
|
|||
Loading…
Reference in a new issue