From 800f6971bbf39e600ac5cb231639d2cdbd1c9171 Mon Sep 17 00:00:00 2001 From: epriestley Date: Wed, 25 Sep 2013 13:44:52 -0700 Subject: [PATCH] Make Maniphest detail page react to viewer capabilities Summary: Ref T603. Disable things the user can't use, allow logged-out users to get a reasonable version of the page. Also allow logged-out users to view edit history of comments if they're able to see the object. Test Plan: Viewed Maniphest detail as a logged-out user, got a largely sensible page. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T603 Differential Revision: https://secure.phabricator.com/D7124 --- .../ManiphestTaskDetailController.php | 75 +++++++++++++------ ...ionTransactionCommentHistoryController.php | 4 + 2 files changed, 56 insertions(+), 23 deletions(-) diff --git a/src/applications/maniphest/controller/ManiphestTaskDetailController.php b/src/applications/maniphest/controller/ManiphestTaskDetailController.php index dbd2e20bb5..67ce31ead8 100644 --- a/src/applications/maniphest/controller/ManiphestTaskDetailController.php +++ b/src/applications/maniphest/controller/ManiphestTaskDetailController.php @@ -1,12 +1,13 @@ id = $data['id']; } @@ -306,20 +307,23 @@ final class ManiphestTaskDetailController extends ManiphestController { ), ); - Javelin::initBehavior('maniphest-transaction-controls', array( - 'select' => 'transaction-action', - 'controlMap' => $control_map, - 'tokenizers' => $tokenizer_map, - )); + // TODO: Initializing these behaviors for logged out users fatals things. + if ($user->isLoggedIn()) { + Javelin::initBehavior('maniphest-transaction-controls', array( + 'select' => 'transaction-action', + 'controlMap' => $control_map, + 'tokenizers' => $tokenizer_map, + )); - Javelin::initBehavior('maniphest-transaction-preview', array( - 'uri' => '/maniphest/transaction/preview/'.$task->getID().'/', - 'preview' => 'transaction-preview', - 'comments' => 'transaction-comments', - 'action' => 'transaction-action', - 'map' => $control_map, - 'tokenizers' => $tokenizer_map, - )); + Javelin::initBehavior('maniphest-transaction-preview', array( + 'uri' => '/maniphest/transaction/preview/'.$task->getID().'/', + 'preview' => 'transaction-preview', + 'comments' => 'transaction-comments', + 'action' => 'transaction-action', + 'map' => $control_map, + 'tokenizers' => $tokenizer_map, + )); + } $comment_header = id(new PHUIHeaderView()) ->setHeader($is_serious ? pht('Add Comment') : pht('Weigh In')); @@ -351,6 +355,15 @@ final class ManiphestTaskDetailController extends ManiphestController { $header = $this->buildHeaderView($task); $properties = $this->buildPropertyView($task, $field_list, $edges, $engine); + if (!$user->isLoggedIn()) { + // TODO: Eventually, everything should run through this. For now, we're + // only using it to get a consistent "Login to Comment" button. + $comment_form = id(new PhabricatorApplicationTransactionCommentView()) + ->setUser($user) + ->setRequestURI($request->getRequestURI()); + $preview_panel = null; + } + return $this->buildApplicationPage( array( $crumbs, @@ -393,15 +406,23 @@ final class ManiphestTaskDetailController extends ManiphestController { $id = $task->getID(); $phid = $task->getPHID(); + $can_edit = PhabricatorPolicyFilter::hasCapability( + $viewer, + $task, + PhabricatorPolicyCapability::CAN_EDIT); + $view = id(new PhabricatorActionListView()) ->setUser($viewer) ->setObject($task) - ->setObjectURI($this->getRequest()->getRequestURI()) - ->addAction( + ->setObjectURI($this->getRequest()->getRequestURI()); + + $view->addAction( id(new PhabricatorActionView()) ->setName(pht('Edit Task')) ->setIcon('edit') - ->setHref($this->getApplicationURI("/task/edit/{$id}/"))); + ->setHref($this->getApplicationURI("/task/edit/{$id}/")) + ->setDisabled(!$can_edit) + ->setWorkflow(!$can_edit)); if ($task->getOwnerPHID() === $viewer_phid) { $view->addAction( @@ -428,7 +449,9 @@ final class ManiphestTaskDetailController extends ManiphestController { ->setName(pht('Merge Duplicates In')) ->setHref("/search/attach/{$phid}/TASK/merge/") ->setWorkflow(true) - ->setIcon('merge')); + ->setIcon('merge') + ->setDisabled(!$can_edit) + ->setWorkflow(!$can_edit)); $view->addAction( id(new PhabricatorActionView()) @@ -441,14 +464,18 @@ final class ManiphestTaskDetailController extends ManiphestController { ->setName(pht('Edit Dependencies')) ->setHref("/search/attach/{$phid}/TASK/dependencies/") ->setWorkflow(true) - ->setIcon('link')); + ->setIcon('link') + ->setDisabled(!$can_edit) + ->setWorkflow(!$can_edit)); $view->addAction( id(new PhabricatorActionView()) ->setName(pht('Edit Differential Revisions')) ->setHref("/search/attach/{$phid}/DREV/") ->setWorkflow(true) - ->setIcon('attach')); + ->setIcon('attach') + ->setDisabled(!$can_edit) + ->setWorkflow(!$can_edit)); $pholio_app = PhabricatorApplication::getByClass('PhabricatorApplicationPholio'); @@ -458,7 +485,9 @@ final class ManiphestTaskDetailController extends ManiphestController { ->setName(pht('Edit Pholio Mocks')) ->setHref("/search/attach/{$phid}/MOCK/edge/") ->setWorkflow(true) - ->setIcon('attach')); + ->setIcon('attach') + ->setDisabled(!$can_edit) + ->setWorkflow(!$can_edit)); } return $view; diff --git a/src/applications/transactions/controller/PhabricatorApplicationTransactionCommentHistoryController.php b/src/applications/transactions/controller/PhabricatorApplicationTransactionCommentHistoryController.php index b7fa42486e..c1243a5548 100644 --- a/src/applications/transactions/controller/PhabricatorApplicationTransactionCommentHistoryController.php +++ b/src/applications/transactions/controller/PhabricatorApplicationTransactionCommentHistoryController.php @@ -5,6 +5,10 @@ final class PhabricatorApplicationTransactionCommentHistoryController private $phid; + public function shouldAllowPublic() { + return true; + } + public function willProcessRequest(array $data) { $this->phid = $data['phid']; }