Add actAsUser to API

Summary: createrevision creates the revision as the user which certificate is used. Add a meta parameter to API calls named actAsUser so one user can create revisions for someone else. Right now there is no authentication. Test Plan: Called createrevision with one users cert and set actAsUser to someone else. The revision was created as the actAsUser user. Reviewers: epriestley, nh, jungejason Reviewed By: epriestley CC: aran, epriestley Differential Revision: 1087
2024-12-19 03:50:54 +01:00 · 2011-11-07 15:11:25 -08:00 · 2011-11-07 15:11:25 -08:00 · 88dc9c471d
commit 88dc9c471d
parent 7d2a18d883
1 changed files with 33 additions and 0 deletions
--- a/src/applications/conduit/controller/api/PhabricatorConduitAPIController.php
+++ b/src/applications/conduit/controller/api/PhabricatorConduitAPIController.php
@ -113,6 +113,10 @@ class PhabricatorConduitAPIController
        // If we've explicitly authenticated the user here and either done
        // CSRF validation or are using a non-web authentication mechanism.
        $allow_unguarded_writes = true;
+
+        if (isset($metadata['actAsUser'])) {
+          $this->actAsUser($api_request, $metadata['actAsUser']);
+        }
      }

      if ($method_handler->shouldAllowUnguardedWrites()) {
@ -123,6 +127,7 @@ class PhabricatorConduitAPIController
        if ($allow_unguarded_writes) {
          $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
        }
+
        try {
          $result = $method_handler->executeMethod($api_request);
          $error_code = null;
@ -187,6 +192,34 @@ class PhabricatorConduitAPIController
    }
  }

+  /**
+   * Change the api request user to the user that we want to act as.
+   * Only admins can use actAsUser
+   *
+   * @param   ConduitAPIRequest Request being executed.
+   * @param   string            The username of the user we want to act as
+   */
+  private function actAsUser(
+    ConduitAPIRequest $api_request,
+    $user_name) {
+
+    if (!$api_request->getUser()->getIsAdmin()) {
+      throw new Exception("Only administrators can use actAsUser");
+    }
+
+    $user = id(new PhabricatorUser())->loadOneWhere(
+      'userName = %s',
+      $user_name);
+
+    if (!$user) {
+      throw new Exception(
+        "The actAsUser username '{$user_name}' is not a valid user."
+      );
+    }
+
+    $api_request->setUser($user);
+  }
+
  /**
   * Authenticate the client making the request to a Phabricator user account.
   *