1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2025-01-02 02:40:58 +01:00

Maniphest - prevent uneditable tasks from being able to be closed as duplicates

Summary:
Fixes T7923.

Prevent the user from finding tasks that they can't edit in merge workflows. Also ensure that we query properly on final merge action just in case.

Test Plan: Tried to find a task I couldn't edit in various searches under the "merge" dialogue and couldn't find the task. Removed this big of code and tried to merge in a task and after hitting "merge" observed the page reloaded with no task merged in.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7923

Differential Revision: https://secure.phabricator.com/D12872
This commit is contained in:
Bob Trahan 2015-05-18 13:07:05 -07:00
parent 3167b55264
commit 78dddf39ba
6 changed files with 80 additions and 50 deletions

View file

@ -3,6 +3,7 @@
final class PhabricatorHandleQuery final class PhabricatorHandleQuery
extends PhabricatorCursorPagedPolicyAwareQuery { extends PhabricatorCursorPagedPolicyAwareQuery {
private $objectCapabilities;
private $phids = array(); private $phids = array();
public function withPHIDs(array $phids) { public function withPHIDs(array $phids) {
@ -10,6 +11,18 @@ final class PhabricatorHandleQuery
return $this; return $this;
} }
public function requireObjectCapabilities(array $capabilities) {
$this->objectCapabilities = $capabilities;
return $this;
}
protected function getRequiredObjectCapabilities() {
if ($this->objectCapabilities) {
return $this->objectCapabilities;
}
return $this->getRequiredCapabilities();
}
protected function loadPage() { protected function loadPage() {
$types = PhabricatorPHIDType::getAllTypes(); $types = PhabricatorPHIDType::getAllTypes();
@ -20,6 +33,7 @@ final class PhabricatorHandleQuery
$object_query = id(new PhabricatorObjectQuery()) $object_query = id(new PhabricatorObjectQuery())
->withPHIDs($phids) ->withPHIDs($phids)
->requireCapabilities($this->getRequiredObjectCapabilities())
->setViewer($this->getViewer()); ->setViewer($this->getViewer());
$objects = $object_query->execute(); $objects = $object_query->execute();

View file

@ -32,7 +32,7 @@ final class PhabricatorSearchApplication extends PhabricatorApplication {
'(?:query/(?P<queryKey>[^/]+)/)?' => 'PhabricatorSearchController', '(?:query/(?P<queryKey>[^/]+)/)?' => 'PhabricatorSearchController',
'attach/(?P<phid>[^/]+)/(?P<type>\w+)/(?:(?P<action>\w+)/)?' 'attach/(?P<phid>[^/]+)/(?P<type>\w+)/(?:(?P<action>\w+)/)?'
=> 'PhabricatorSearchAttachController', => 'PhabricatorSearchAttachController',
'select/(?P<type>\w+)/' 'select/(?P<type>\w+)/(?:(?P<action>\w+)/)?'
=> 'PhabricatorSearchSelectController', => 'PhabricatorSearchSelectController',
'index/(?P<phid>[^/]+)/' => 'PhabricatorSearchIndexController', 'index/(?P<phid>[^/]+)/' => 'PhabricatorSearchIndexController',
'hovercard/(?P<mode>retrieve|test)/' 'hovercard/(?P<mode>retrieve|test)/'

View file

@ -3,38 +3,22 @@
final class PhabricatorSearchAttachController final class PhabricatorSearchAttachController
extends PhabricatorSearchBaseController { extends PhabricatorSearchBaseController {
private $phid; public function handleRequest(AphrontRequest $request) {
private $type; $user = $request->getUser();
private $action; $phid = $request->getURIData('phid');
$attach_type = $request->getURIData('type');
const ACTION_ATTACH = 'attach'; $action = $request->getURIData('action', self::ACTION_ATTACH);
const ACTION_MERGE = 'merge';
const ACTION_DEPENDENCIES = 'dependencies';
const ACTION_BLOCKS = 'blocks';
const ACTION_EDGE = 'edge';
public function willProcessRequest(array $data) {
$this->phid = $data['phid'];
$this->type = $data['type'];
$this->action = idx($data, 'action', self::ACTION_ATTACH);
}
public function processRequest() {
$request = $this->getRequest();
$user = $request->getUser();
$handle = id(new PhabricatorHandleQuery()) $handle = id(new PhabricatorHandleQuery())
->setViewer($user) ->setViewer($user)
->withPHIDs(array($this->phid)) ->withPHIDs(array($phid))
->executeOne(); ->executeOne();
$object_type = $handle->getType(); $object_type = $handle->getType();
$attach_type = $this->type;
$object = id(new PhabricatorObjectQuery()) $object = id(new PhabricatorObjectQuery())
->setViewer($user) ->setViewer($user)
->withPHIDs(array($this->phid)) ->withPHIDs(array($phid))
->executeOne(); ->executeOne();
if (!$object) { if (!$object) {
@ -42,7 +26,7 @@ final class PhabricatorSearchAttachController
} }
$edge_type = null; $edge_type = null;
switch ($this->action) { switch ($action) {
case self::ACTION_EDGE: case self::ACTION_EDGE:
case self::ACTION_DEPENDENCIES: case self::ACTION_DEPENDENCIES:
case self::ACTION_BLOCKS: case self::ACTION_BLOCKS:
@ -66,7 +50,7 @@ final class PhabricatorSearchAttachController
} }
$old_phids = PhabricatorEdgeQuery::loadDestinationPHIDs( $old_phids = PhabricatorEdgeQuery::loadDestinationPHIDs(
$this->phid, $phid,
$edge_type); $edge_type);
$add_phids = $phids; $add_phids = $phids;
$rem_phids = array_diff($old_phids, $add_phids); $rem_phids = array_diff($old_phids, $add_phids);
@ -100,7 +84,7 @@ final class PhabricatorSearchAttachController
} else { } else {
if ($edge_type) { if ($edge_type) {
$phids = PhabricatorEdgeQuery::loadDestinationPHIDs( $phids = PhabricatorEdgeQuery::loadDestinationPHIDs(
$this->phid, $phid,
$edge_type); $edge_type);
} else { } else {
// This is a merge. // This is a merge.
@ -108,7 +92,7 @@ final class PhabricatorSearchAttachController
} }
} }
$strings = $this->getStrings(); $strings = $this->getStrings($attach_type, $action);
$handles = $this->loadViewerHandles($phids); $handles = $this->loadViewerHandles($phids);
@ -116,11 +100,11 @@ final class PhabricatorSearchAttachController
$obj_dialog $obj_dialog
->setUser($user) ->setUser($user)
->setHandles($handles) ->setHandles($handles)
->setFilters($this->getFilters($strings)) ->setFilters($this->getFilters($strings, $attach_type))
->setSelectedFilter($strings['selected']) ->setSelectedFilter($strings['selected'])
->setExcluded($this->phid) ->setExcluded($phid)
->setCancelURI($handle->getURI()) ->setCancelURI($handle->getURI())
->setSearchURI('/search/select/'.$attach_type.'/') ->setSearchURI('/search/select/'.$attach_type.'/'.$action.'/')
->setTitle($strings['title']) ->setTitle($strings['title'])
->setHeader($strings['header']) ->setHeader($strings['header'])
->setButtonText($strings['button']) ->setButtonText($strings['button'])
@ -148,6 +132,11 @@ final class PhabricatorSearchAttachController
$targets = id(new ManiphestTaskQuery()) $targets = id(new ManiphestTaskQuery())
->setViewer($user) ->setViewer($user)
->requireCapabilities(
array(
PhabricatorPolicyCapability::CAN_VIEW,
PhabricatorPolicyCapability::CAN_EDIT,
))
->withPHIDs(array_keys($phids)) ->withPHIDs(array_keys($phids))
->needSubscriberPHIDs(true) ->needSubscriberPHIDs(true)
->needProjectPHIDs(true) ->needProjectPHIDs(true)
@ -208,8 +197,8 @@ final class PhabricatorSearchAttachController
return $response; return $response;
} }
private function getStrings() { private function getStrings($attach_type, $action) {
switch ($this->type) { switch ($attach_type) {
case DifferentialRevisionPHIDType::TYPECONST: case DifferentialRevisionPHIDType::TYPECONST:
$noun = 'Revisions'; $noun = 'Revisions';
$selected = 'created'; $selected = 'created';
@ -228,7 +217,7 @@ final class PhabricatorSearchAttachController
break; break;
} }
switch ($this->action) { switch ($action) {
case self::ACTION_EDGE: case self::ACTION_EDGE:
case self::ACTION_ATTACH: case self::ACTION_ATTACH:
$dialog_title = "Manage Attached {$noun}"; $dialog_title = "Manage Attached {$noun}";
@ -268,8 +257,8 @@ final class PhabricatorSearchAttachController
); );
} }
private function getFilters(array $strings) { private function getFilters(array $strings, $attach_type) {
if ($this->type == PholioMockPHIDType::TYPECONST) { if ($attach_type == PholioMockPHIDType::TYPECONST) {
$filters = array( $filters = array(
'created' => 'Created By Me', 'created' => 'Created By Me',
'all' => 'All '.$strings['target_plural_noun'], 'all' => 'All '.$strings['target_plural_noun'],

View file

@ -2,6 +2,12 @@
abstract class PhabricatorSearchBaseController extends PhabricatorController { abstract class PhabricatorSearchBaseController extends PhabricatorController {
const ACTION_ATTACH = 'attach';
const ACTION_MERGE = 'merge';
const ACTION_DEPENDENCIES = 'dependencies';
const ACTION_BLOCKS = 'blocks';
const ACTION_EDGE = 'edge';
public function buildStandardPageResponse($view, array $data) { public function buildStandardPageResponse($view, array $data) {
$page = $this->buildStandardPageView(); $page = $this->buildStandardPageView();

View file

@ -3,22 +3,17 @@
final class PhabricatorSearchSelectController final class PhabricatorSearchSelectController
extends PhabricatorSearchBaseController { extends PhabricatorSearchBaseController {
private $type; public function handleRequest(AphrontRequest $request) {
public function willProcessRequest(array $data) {
$this->type = $data['type'];
}
public function processRequest() {
$request = $this->getRequest();
$user = $request->getUser(); $user = $request->getUser();
$type = $request->getURIData('type');
$action = $request->getURIData('action');
$query = new PhabricatorSavedQuery(); $query = new PhabricatorSavedQuery();
$query_str = $request->getStr('query'); $query_str = $request->getStr('query');
$query->setEngineClassName('PhabricatorSearchApplicationSearchEngine'); $query->setEngineClassName('PhabricatorSearchApplicationSearchEngine');
$query->setParameter('query', $query_str); $query->setParameter('query', $query_str);
$query->setParameter('types', array($this->type)); $query->setParameter('types', array($type));
$status_open = PhabricatorSearchRelationship::RELATIONSHIP_OPEN; $status_open = PhabricatorSearchRelationship::RELATIONSHIP_OPEN;
@ -31,7 +26,7 @@ final class PhabricatorSearchSelectController
$query->setParameter('authorPHIDs', array($user->getPHID())); $query->setParameter('authorPHIDs', array($user->getPHID()));
// TODO - if / when we allow pholio mocks to be archived, etc // TODO - if / when we allow pholio mocks to be archived, etc
// update this // update this
if ($this->type != PholioMockPHIDType::TYPECONST) { if ($type != PholioMockPHIDType::TYPECONST) {
$query->setParameter('statuses', array($status_open)); $query->setParameter('statuses', array($status_open));
} }
break; break;
@ -42,15 +37,25 @@ final class PhabricatorSearchSelectController
$query->setParameter('excludePHIDs', array($request->getStr('exclude'))); $query->setParameter('excludePHIDs', array($request->getStr('exclude')));
$capabilities = array(PhabricatorPolicyCapability::CAN_VIEW);
switch ($action) {
case self::ACTION_MERGE:
$capabilities[] = PhabricatorPolicyCapability::CAN_EDIT;
break;
default:
break;
}
$results = id(new PhabricatorSearchDocumentQuery()) $results = id(new PhabricatorSearchDocumentQuery())
->setViewer($user) ->setViewer($user)
->requireObjectCapabilities($capabilities)
->withSavedQuery($query) ->withSavedQuery($query)
->setOffset(0) ->setOffset(0)
->setLimit(100) ->setLimit(100)
->execute(); ->execute();
$phids = array_fill_keys(mpull($results, 'getPHID'), true); $phids = array_fill_keys(mpull($results, 'getPHID'), true);
$phids += $this->queryObjectNames($query_str); $phids += $this->queryObjectNames($query_str, $capabilities);
$phids = array_keys($phids); $phids = array_keys($phids);
$handles = $this->loadViewerHandles($phids); $handles = $this->loadViewerHandles($phids);
@ -64,12 +69,14 @@ final class PhabricatorSearchSelectController
return id(new AphrontAjaxResponse())->setContent($data); return id(new AphrontAjaxResponse())->setContent($data);
} }
private function queryObjectNames($query) { private function queryObjectNames($query, $capabilities) {
$viewer = $this->getRequest()->getUser(); $request = $this->getRequest();
$viewer = $request->getUser();
$objects = id(new PhabricatorObjectQuery()) $objects = id(new PhabricatorObjectQuery())
->setViewer($viewer) ->setViewer($viewer)
->withTypes(array($this->type)) ->requireCapabilities($capabilities)
->withTypes(array($request->getURIData('type')))
->withNames(array($query)) ->withNames(array($query))
->execute(); ->execute();

View file

@ -4,17 +4,31 @@ final class PhabricatorSearchDocumentQuery
extends PhabricatorCursorPagedPolicyAwareQuery { extends PhabricatorCursorPagedPolicyAwareQuery {
private $savedQuery; private $savedQuery;
private $objectCapabilities;
public function withSavedQuery(PhabricatorSavedQuery $query) { public function withSavedQuery(PhabricatorSavedQuery $query) {
$this->savedQuery = $query; $this->savedQuery = $query;
return $this; return $this;
} }
public function requireObjectCapabilities(array $capabilities) {
$this->objectCapabilities = $capabilities;
return $this;
}
protected function getRequiredObjectCapabilities() {
if ($this->objectCapabilities) {
return $this->objectCapabilities;
}
return $this->getRequiredCapabilities();
}
protected function loadPage() { protected function loadPage() {
$phids = $this->loadDocumentPHIDsWithoutPolicyChecks(); $phids = $this->loadDocumentPHIDsWithoutPolicyChecks();
$handles = id(new PhabricatorHandleQuery()) $handles = id(new PhabricatorHandleQuery())
->setViewer($this->getViewer()) ->setViewer($this->getViewer())
->requireObjectCapabilities($this->getRequiredObjectCapabilities())
->withPHIDs($phids) ->withPHIDs($phids)
->execute(); ->execute();