From 71ee97d74f735eb0769acf4f5726fbe9d72c9d39 Mon Sep 17 00:00:00 2001 From: epriestley Date: Mon, 15 Feb 2016 11:37:13 -0800 Subject: [PATCH] Give Owners real view and edit policies Summary: Fixes T10360. In modern code, most of the meat is automatic. Test Plan: - Edited view policy and edit policy from web UI. - Viewed package, saw policy badge in header. - Tried to edit a package as a user without permission, got appropriate disabled states and errors. - Changed policies via Conduit. - Tried to view a package as a user without permission. Reviewers: chad Reviewed By: chad Maniphest Tasks: T10360 Differential Revision: https://secure.phabricator.com/D15275 --- .../autopatches/20160215.owners.policy.1.sql | 2 ++ .../autopatches/20160215.owners.policy.2.sql | 2 ++ .../autopatches/20160215.owners.policy.3.sql | 2 ++ .../autopatches/20160215.owners.policy.4.sql | 2 ++ src/__phutil_library_map__.php | 4 ++++ .../PhabricatorOwnersApplication.php | 15 +++++++++++++ ...PhabricatorOwnersDefaultEditCapability.php | 12 ++++++++++ ...PhabricatorOwnersDefaultViewCapability.php | 16 ++++++++++++++ .../PhabricatorOwnersDetailController.php | 6 +++-- .../PhabricatorOwnersPathsController.php | 3 +-- ...bricatorOwnersPackageTransactionEditor.php | 3 +++ .../storage/PhabricatorOwnersPackage.php | 22 +++++++++++++++++-- 12 files changed, 83 insertions(+), 6 deletions(-) create mode 100644 resources/sql/autopatches/20160215.owners.policy.1.sql create mode 100644 resources/sql/autopatches/20160215.owners.policy.2.sql create mode 100644 resources/sql/autopatches/20160215.owners.policy.3.sql create mode 100644 resources/sql/autopatches/20160215.owners.policy.4.sql create mode 100644 src/applications/owners/capability/PhabricatorOwnersDefaultEditCapability.php create mode 100644 src/applications/owners/capability/PhabricatorOwnersDefaultViewCapability.php diff --git a/resources/sql/autopatches/20160215.owners.policy.1.sql b/resources/sql/autopatches/20160215.owners.policy.1.sql new file mode 100644 index 0000000000..ae63906781 --- /dev/null +++ b/resources/sql/autopatches/20160215.owners.policy.1.sql @@ -0,0 +1,2 @@ +ALTER TABLE {$NAMESPACE}_owners.owners_package + ADD viewPolicy VARBINARY(64) NOT NULL; diff --git a/resources/sql/autopatches/20160215.owners.policy.2.sql b/resources/sql/autopatches/20160215.owners.policy.2.sql new file mode 100644 index 0000000000..f55b61a9ff --- /dev/null +++ b/resources/sql/autopatches/20160215.owners.policy.2.sql @@ -0,0 +1,2 @@ +ALTER TABLE {$NAMESPACE}_owners.owners_package + ADD editPolicy VARBINARY(64) NOT NULL; diff --git a/resources/sql/autopatches/20160215.owners.policy.3.sql b/resources/sql/autopatches/20160215.owners.policy.3.sql new file mode 100644 index 0000000000..9d3ae9f112 --- /dev/null +++ b/resources/sql/autopatches/20160215.owners.policy.3.sql @@ -0,0 +1,2 @@ +UPDATE {$NAMESPACE}_owners.owners_package + SET viewPolicy = 'users' WHERE viewPolicy = ''; diff --git a/resources/sql/autopatches/20160215.owners.policy.4.sql b/resources/sql/autopatches/20160215.owners.policy.4.sql new file mode 100644 index 0000000000..e108a6da9c --- /dev/null +++ b/resources/sql/autopatches/20160215.owners.policy.4.sql @@ -0,0 +1,2 @@ +UPDATE {$NAMESPACE}_owners.owners_package + SET editPolicy = 'users' WHERE editPolicy = ''; diff --git a/src/__phutil_library_map__.php b/src/__phutil_library_map__.php index 45cfd6fe6a..0a79cfeef1 100644 --- a/src/__phutil_library_map__.php +++ b/src/__phutil_library_map__.php @@ -2665,6 +2665,8 @@ phutil_register_library_map(array( 'PhabricatorOwnersCustomFieldStorage' => 'applications/owners/storage/PhabricatorOwnersCustomFieldStorage.php', 'PhabricatorOwnersCustomFieldStringIndex' => 'applications/owners/storage/PhabricatorOwnersCustomFieldStringIndex.php', 'PhabricatorOwnersDAO' => 'applications/owners/storage/PhabricatorOwnersDAO.php', + 'PhabricatorOwnersDefaultEditCapability' => 'applications/owners/capability/PhabricatorOwnersDefaultEditCapability.php', + 'PhabricatorOwnersDefaultViewCapability' => 'applications/owners/capability/PhabricatorOwnersDefaultViewCapability.php', 'PhabricatorOwnersDetailController' => 'applications/owners/controller/PhabricatorOwnersDetailController.php', 'PhabricatorOwnersEditController' => 'applications/owners/controller/PhabricatorOwnersEditController.php', 'PhabricatorOwnersListController' => 'applications/owners/controller/PhabricatorOwnersListController.php', @@ -7036,6 +7038,8 @@ phutil_register_library_map(array( 'PhabricatorOwnersCustomFieldStorage' => 'PhabricatorCustomFieldStorage', 'PhabricatorOwnersCustomFieldStringIndex' => 'PhabricatorCustomFieldStringIndexStorage', 'PhabricatorOwnersDAO' => 'PhabricatorLiskDAO', + 'PhabricatorOwnersDefaultEditCapability' => 'PhabricatorPolicyCapability', + 'PhabricatorOwnersDefaultViewCapability' => 'PhabricatorPolicyCapability', 'PhabricatorOwnersDetailController' => 'PhabricatorOwnersController', 'PhabricatorOwnersEditController' => 'PhabricatorOwnersController', 'PhabricatorOwnersListController' => 'PhabricatorOwnersController', diff --git a/src/applications/owners/application/PhabricatorOwnersApplication.php b/src/applications/owners/application/PhabricatorOwnersApplication.php index 574dd6ff7e..4b4841390a 100644 --- a/src/applications/owners/application/PhabricatorOwnersApplication.php +++ b/src/applications/owners/application/PhabricatorOwnersApplication.php @@ -54,4 +54,19 @@ final class PhabricatorOwnersApplication extends PhabricatorApplication { ); } + protected function getCustomCapabilities() { + return array( + PhabricatorOwnersDefaultViewCapability::CAPABILITY => array( + 'caption' => pht('Default view policy for newly created packages.'), + 'template' => PhabricatorOwnersPackagePHIDType::TYPECONST, + 'capability' => PhabricatorPolicyCapability::CAN_VIEW, + ), + PhabricatorOwnersDefaultEditCapability::CAPABILITY => array( + 'caption' => pht('Default edit policy for newly created packages.'), + 'template' => PhabricatorOwnersPackagePHIDType::TYPECONST, + 'capability' => PhabricatorPolicyCapability::CAN_EDIT, + ), + ); + } + } diff --git a/src/applications/owners/capability/PhabricatorOwnersDefaultEditCapability.php b/src/applications/owners/capability/PhabricatorOwnersDefaultEditCapability.php new file mode 100644 index 0000000000..9b89bfb83a --- /dev/null +++ b/src/applications/owners/capability/PhabricatorOwnersDefaultEditCapability.php @@ -0,0 +1,12 @@ +getViewer(); - // TODO: Implement this capability. - $can_edit = true; + $can_edit = PhabricatorPolicyFilter::hasCapability( + $viewer, + $package, + PhabricatorPolicyCapability::CAN_EDIT); $id = $package->getID(); $edit_uri = $this->getApplicationURI("/edit/{$id}/"); diff --git a/src/applications/owners/controller/PhabricatorOwnersPathsController.php b/src/applications/owners/controller/PhabricatorOwnersPathsController.php index b02f5437be..ccca55b6c5 100644 --- a/src/applications/owners/controller/PhabricatorOwnersPathsController.php +++ b/src/applications/owners/controller/PhabricatorOwnersPathsController.php @@ -12,8 +12,7 @@ final class PhabricatorOwnersPathsController ->requireCapabilities( array( PhabricatorPolicyCapability::CAN_VIEW, - // TODO: Support this capability. - // PhabricatorPolicyCapability::CAN_EDIT, + PhabricatorPolicyCapability::CAN_EDIT, )) ->needPaths(true) ->executeOne(); diff --git a/src/applications/owners/editor/PhabricatorOwnersPackageTransactionEditor.php b/src/applications/owners/editor/PhabricatorOwnersPackageTransactionEditor.php index f2cfc5151a..aa5ae1c6f3 100644 --- a/src/applications/owners/editor/PhabricatorOwnersPackageTransactionEditor.php +++ b/src/applications/owners/editor/PhabricatorOwnersPackageTransactionEditor.php @@ -21,6 +21,9 @@ final class PhabricatorOwnersPackageTransactionEditor $types[] = PhabricatorOwnersPackageTransaction::TYPE_PATHS; $types[] = PhabricatorOwnersPackageTransaction::TYPE_STATUS; + $types[] = PhabricatorTransactions::TYPE_VIEW_POLICY; + $types[] = PhabricatorTransactions::TYPE_EDIT_POLICY; + return $types; } diff --git a/src/applications/owners/storage/PhabricatorOwnersPackage.php b/src/applications/owners/storage/PhabricatorOwnersPackage.php index 23d540375d..e007b18c00 100644 --- a/src/applications/owners/storage/PhabricatorOwnersPackage.php +++ b/src/applications/owners/storage/PhabricatorOwnersPackage.php @@ -18,6 +18,8 @@ final class PhabricatorOwnersPackage protected $primaryOwnerPHID; protected $mailKey; protected $status; + protected $viewPolicy; + protected $editPolicy; private $paths = self::ATTACHABLE; private $owners = self::ATTACHABLE; @@ -27,8 +29,20 @@ final class PhabricatorOwnersPackage const STATUS_ARCHIVED = 'archived'; public static function initializeNewPackage(PhabricatorUser $actor) { + $app = id(new PhabricatorApplicationQuery()) + ->setViewer($actor) + ->withClasses(array('PhabricatorOwnersApplication')) + ->executeOne(); + + $view_policy = $app->getPolicy( + PhabricatorOwnersDefaultViewCapability::CAPABILITY); + $edit_policy = $app->getPolicy( + PhabricatorOwnersDefaultEditCapability::CAPABILITY); + return id(new PhabricatorOwnersPackage()) ->setAuditingEnabled(0) + ->setViewPolicy($view_policy) + ->setEditPolicy($edit_policy) ->attachPaths(array()) ->setStatus(self::STATUS_ACTIVE) ->attachOwners(array()) @@ -287,8 +301,12 @@ final class PhabricatorOwnersPackage } public function getPolicy($capability) { - // TODO: Implement proper policies. - return PhabricatorPolicies::POLICY_USER; + switch ($capability) { + case PhabricatorPolicyCapability::CAN_VIEW: + return $this->getViewPolicy(); + case PhabricatorPolicyCapability::CAN_EDIT: + return $this->getEditPolicy(); + } } public function hasAutomaticCapability($capability, PhabricatorUser $viewer) {