1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-22 23:02:42 +01:00

Move the "Can Lock Projects" check from requireCapabilities() to transaction validation

Summary: Depends on D19584. Ref T13164. This check is an //extra// check: you need EDIT //and// this capability. Thus, we can do it in validation without issues.

Test Plan:
  - This code isn't reachable today: all methods of applying this transaction do a separate check for "Can Lock" upfront.
  - Commented out the "Can Lock" check in the LockController, tried to lock as a user without permission. Was rejected with a policy exception.

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T13164

Differential Revision: https://secure.phabricator.com/D19585
This commit is contained in:
epriestley 2018-08-14 14:46:59 -07:00
parent 3b92da22f4
commit 7e29ec2e2a
3 changed files with 18 additions and 6 deletions

View file

@ -120,12 +120,6 @@ final class PhabricatorProjectTransactionEditor
PhabricatorApplicationTransaction $xaction) { PhabricatorApplicationTransaction $xaction) {
switch ($xaction->getTransactionType()) { switch ($xaction->getTransactionType()) {
case PhabricatorProjectLockTransaction::TRANSACTIONTYPE:
PhabricatorPolicyFilter::requireCapability(
$this->requireActor(),
newv($this->getEditorApplicationClass(), array()),
ProjectCanLockProjectsCapability::CAPABILITY);
return;
case PhabricatorTransactions::TYPE_EDGE: case PhabricatorTransactions::TYPE_EDGE:
switch ($xaction->getMetadataValue('edge:type')) { switch ($xaction->getMetadataValue('edge:type')) {
case PhabricatorProjectProjectHasMemberEdgeType::EDGECONST: case PhabricatorProjectProjectHasMemberEdgeType::EDGECONST:

View file

@ -53,4 +53,12 @@ final class PhabricatorProjectLockTransaction
} }
} }
public function validateTransactions($object, array $xactions) {
if ($xactions) {
$this->requireApplicationCapability(
ProjectCanLockProjectsCapability::CAPABILITY);
}
return array();
}
} }

View file

@ -356,4 +356,14 @@ abstract class PhabricatorModularTransactionType
return array(); return array();
} }
protected function requireApplicationCapability($capability) {
$application_class = $this->getEditor()->getEditorApplicationClass();
$application = newv($application_class, array());
PhabricatorPolicyFilter::requireCapability(
$this->getActor(),
$application,
$capability);
}
} }