mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-18 19:40:55 +01:00
Save authorPHID on Passphrase Credentials to support "Credential Author" object policy
Summary: Fixes T5135. Currently, when you create a credential, we default the policies to your PHID. This means we can't have an application-level configurable default because there's no way to select "the actor's PHID" as a policy. Start tracking the credential author's PHID and add an object policy for it, so there is such a setting. Then, add policy defaults. This mostly unblocks T6787. This obsoletes T6860. Test Plan: - Created a credential with "Credential Author" policy. - Verified I can see/edit it, but other users can not. - Changed default policies to something else. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T5135 Differential Revision: https://secure.phabricator.com/D13385
This commit is contained in:
parent
bc6d0478b4
commit
85af4b01b9
7 changed files with 114 additions and 2 deletions
2
resources/sql/autopatches/20150621.phrase.1.sql
Normal file
2
resources/sql/autopatches/20150621.phrase.1.sql
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
ALTER TABLE {$NAMESPACE}_passphrase.passphrase_credential
|
||||||
|
ADD authorPHID VARBINARY(64) NOT NULL;
|
|
@ -1267,6 +1267,7 @@ phutil_register_library_map(array(
|
||||||
'PassphraseConduitAPIMethod' => 'applications/passphrase/conduit/PassphraseConduitAPIMethod.php',
|
'PassphraseConduitAPIMethod' => 'applications/passphrase/conduit/PassphraseConduitAPIMethod.php',
|
||||||
'PassphraseController' => 'applications/passphrase/controller/PassphraseController.php',
|
'PassphraseController' => 'applications/passphrase/controller/PassphraseController.php',
|
||||||
'PassphraseCredential' => 'applications/passphrase/storage/PassphraseCredential.php',
|
'PassphraseCredential' => 'applications/passphrase/storage/PassphraseCredential.php',
|
||||||
|
'PassphraseCredentialAuthorPolicyRule' => 'applications/passphrase/policyrule/PassphraseCredentialAuthorPolicyRule.php',
|
||||||
'PassphraseCredentialConduitController' => 'applications/passphrase/controller/PassphraseCredentialConduitController.php',
|
'PassphraseCredentialConduitController' => 'applications/passphrase/controller/PassphraseCredentialConduitController.php',
|
||||||
'PassphraseCredentialControl' => 'applications/passphrase/view/PassphraseCredentialControl.php',
|
'PassphraseCredentialControl' => 'applications/passphrase/view/PassphraseCredentialControl.php',
|
||||||
'PassphraseCredentialCreateController' => 'applications/passphrase/controller/PassphraseCredentialCreateController.php',
|
'PassphraseCredentialCreateController' => 'applications/passphrase/controller/PassphraseCredentialCreateController.php',
|
||||||
|
@ -1286,6 +1287,8 @@ phutil_register_library_map(array(
|
||||||
'PassphraseCredentialTypeTestCase' => 'applications/passphrase/credentialtype/__tests__/PassphraseCredentialTypeTestCase.php',
|
'PassphraseCredentialTypeTestCase' => 'applications/passphrase/credentialtype/__tests__/PassphraseCredentialTypeTestCase.php',
|
||||||
'PassphraseCredentialViewController' => 'applications/passphrase/controller/PassphraseCredentialViewController.php',
|
'PassphraseCredentialViewController' => 'applications/passphrase/controller/PassphraseCredentialViewController.php',
|
||||||
'PassphraseDAO' => 'applications/passphrase/storage/PassphraseDAO.php',
|
'PassphraseDAO' => 'applications/passphrase/storage/PassphraseDAO.php',
|
||||||
|
'PassphraseDefaultEditCapability' => 'applications/passphrase/capability/PassphraseDefaultEditCapability.php',
|
||||||
|
'PassphraseDefaultViewCapability' => 'applications/passphrase/capability/PassphraseDefaultViewCapability.php',
|
||||||
'PassphraseNoteCredentialType' => 'applications/passphrase/credentialtype/PassphraseNoteCredentialType.php',
|
'PassphraseNoteCredentialType' => 'applications/passphrase/credentialtype/PassphraseNoteCredentialType.php',
|
||||||
'PassphrasePasswordCredentialType' => 'applications/passphrase/credentialtype/PassphrasePasswordCredentialType.php',
|
'PassphrasePasswordCredentialType' => 'applications/passphrase/credentialtype/PassphrasePasswordCredentialType.php',
|
||||||
'PassphrasePasswordKey' => 'applications/passphrase/keys/PassphrasePasswordKey.php',
|
'PassphrasePasswordKey' => 'applications/passphrase/keys/PassphrasePasswordKey.php',
|
||||||
|
@ -4779,6 +4782,7 @@ phutil_register_library_map(array(
|
||||||
'PhabricatorPolicyInterface',
|
'PhabricatorPolicyInterface',
|
||||||
'PhabricatorDestructibleInterface',
|
'PhabricatorDestructibleInterface',
|
||||||
),
|
),
|
||||||
|
'PassphraseCredentialAuthorPolicyRule' => 'PhabricatorPolicyRule',
|
||||||
'PassphraseCredentialConduitController' => 'PassphraseController',
|
'PassphraseCredentialConduitController' => 'PassphraseController',
|
||||||
'PassphraseCredentialControl' => 'AphrontFormControl',
|
'PassphraseCredentialControl' => 'AphrontFormControl',
|
||||||
'PassphraseCredentialCreateController' => 'PassphraseController',
|
'PassphraseCredentialCreateController' => 'PassphraseController',
|
||||||
|
@ -4798,6 +4802,8 @@ phutil_register_library_map(array(
|
||||||
'PassphraseCredentialTypeTestCase' => 'PhabricatorTestCase',
|
'PassphraseCredentialTypeTestCase' => 'PhabricatorTestCase',
|
||||||
'PassphraseCredentialViewController' => 'PassphraseController',
|
'PassphraseCredentialViewController' => 'PassphraseController',
|
||||||
'PassphraseDAO' => 'PhabricatorLiskDAO',
|
'PassphraseDAO' => 'PhabricatorLiskDAO',
|
||||||
|
'PassphraseDefaultEditCapability' => 'PhabricatorPolicyCapability',
|
||||||
|
'PassphraseDefaultViewCapability' => 'PhabricatorPolicyCapability',
|
||||||
'PassphraseNoteCredentialType' => 'PassphraseCredentialType',
|
'PassphraseNoteCredentialType' => 'PassphraseCredentialType',
|
||||||
'PassphrasePasswordCredentialType' => 'PassphraseCredentialType',
|
'PassphrasePasswordCredentialType' => 'PassphraseCredentialType',
|
||||||
'PassphrasePasswordKey' => 'PassphraseAbstractKey',
|
'PassphrasePasswordKey' => 'PassphraseAbstractKey',
|
||||||
|
|
|
@ -63,4 +63,22 @@ final class PhabricatorPassphraseApplication extends PhabricatorApplication {
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
protected function getCustomCapabilities() {
|
||||||
|
$policy_key = id(new PassphraseCredentialAuthorPolicyRule())
|
||||||
|
->getObjectPolicyFullKey();
|
||||||
|
|
||||||
|
return array(
|
||||||
|
PassphraseDefaultViewCapability::CAPABILITY => array(
|
||||||
|
'caption' => pht('Default view policy for newly created credentials.'),
|
||||||
|
'template' => PassphraseCredentialPHIDType::TYPECONST,
|
||||||
|
'default' => $policy_key,
|
||||||
|
),
|
||||||
|
PassphraseDefaultEditCapability::CAPABILITY => array(
|
||||||
|
'caption' => pht('Default edit policy for newly created credentials.'),
|
||||||
|
'template' => PassphraseCredentialPHIDType::TYPECONST,
|
||||||
|
'default' => $policy_key,
|
||||||
|
),
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,12 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
final class PassphraseDefaultEditCapability
|
||||||
|
extends PhabricatorPolicyCapability {
|
||||||
|
|
||||||
|
const CAPABILITY = 'passphrase.default.edit';
|
||||||
|
|
||||||
|
public function getCapabilityName() {
|
||||||
|
return pht('Default Edit Policy');
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,16 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
final class PassphraseDefaultViewCapability
|
||||||
|
extends PhabricatorPolicyCapability {
|
||||||
|
|
||||||
|
const CAPABILITY = 'passphrase.default.view';
|
||||||
|
|
||||||
|
public function getCapabilityName() {
|
||||||
|
return pht('Default View Policy');
|
||||||
|
}
|
||||||
|
|
||||||
|
public function shouldAllowPublicPolicySetting() {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,48 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
final class PassphraseCredentialAuthorPolicyRule
|
||||||
|
extends PhabricatorPolicyRule {
|
||||||
|
|
||||||
|
public function getObjectPolicyKey() {
|
||||||
|
return 'passphrase.author';
|
||||||
|
}
|
||||||
|
|
||||||
|
public function getObjectPolicyName() {
|
||||||
|
return pht('Credential Author');
|
||||||
|
}
|
||||||
|
|
||||||
|
public function getPolicyExplanation() {
|
||||||
|
return pht('The author of this credential can take this action.');
|
||||||
|
}
|
||||||
|
|
||||||
|
public function getRuleDescription() {
|
||||||
|
return pht('credential author');
|
||||||
|
}
|
||||||
|
|
||||||
|
public function canApplyToObject(PhabricatorPolicyInterface $object) {
|
||||||
|
return ($object instanceof PassphraseCredential);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function applyRule(
|
||||||
|
PhabricatorUser $viewer,
|
||||||
|
$value,
|
||||||
|
PhabricatorPolicyInterface $object) {
|
||||||
|
|
||||||
|
$author_phid = $object->getAuthorPHID();
|
||||||
|
if (!$author_phid) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
$viewer_phid = $viewer->getPHID();
|
||||||
|
if (!$viewer_phid) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
return ($viewer_phid == $author_phid);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function getValueControlType() {
|
||||||
|
return self::CONTROL_TYPE_NONE;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -17,17 +17,27 @@ final class PassphraseCredential extends PassphraseDAO
|
||||||
protected $isDestroyed;
|
protected $isDestroyed;
|
||||||
protected $isLocked = 0;
|
protected $isLocked = 0;
|
||||||
protected $allowConduit = 0;
|
protected $allowConduit = 0;
|
||||||
|
protected $authorPHID;
|
||||||
|
|
||||||
private $secret = self::ATTACHABLE;
|
private $secret = self::ATTACHABLE;
|
||||||
|
|
||||||
public static function initializeNewCredential(PhabricatorUser $actor) {
|
public static function initializeNewCredential(PhabricatorUser $actor) {
|
||||||
|
$app = id(new PhabricatorApplicationQuery())
|
||||||
|
->setViewer($actor)
|
||||||
|
->withClasses(array('PhabricatorPassphraseApplication'))
|
||||||
|
->executeOne();
|
||||||
|
|
||||||
|
$view_policy = $app->getPolicy(PassphraseDefaultViewCapability::CAPABILITY);
|
||||||
|
$edit_policy = $app->getPolicy(PassphraseDefaultEditCapability::CAPABILITY);
|
||||||
|
|
||||||
return id(new PassphraseCredential())
|
return id(new PassphraseCredential())
|
||||||
->setName('')
|
->setName('')
|
||||||
->setUsername('')
|
->setUsername('')
|
||||||
->setDescription('')
|
->setDescription('')
|
||||||
->setIsDestroyed(0)
|
->setIsDestroyed(0)
|
||||||
->setViewPolicy($actor->getPHID())
|
->setAuthorPHID($actor->getPHID())
|
||||||
->setEditPolicy($actor->getPHID());
|
->setViewPolicy($view_policy)
|
||||||
|
->setEditPolicy($edit_policy);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function getMonogram() {
|
public function getMonogram() {
|
||||||
|
|
Loading…
Reference in a new issue