mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-22 05:20:56 +01:00
Add actAsUser to API
Summary: createrevision creates the revision as the user which certificate is used. Add a meta parameter to API calls named actAsUser so one user can create revisions for someone else. Right now there is no authentication. Test Plan: Called createrevision with one users cert and set actAsUser to someone else. The revision was created as the actAsUser user. Reviewers: epriestley, nh, jungejason Reviewed By: epriestley CC: aran, epriestley Differential Revision: 1087
This commit is contained in:
parent
7d2a18d883
commit
88dc9c471d
1 changed files with 33 additions and 0 deletions
|
@ -113,6 +113,10 @@ class PhabricatorConduitAPIController
|
|||
// If we've explicitly authenticated the user here and either done
|
||||
// CSRF validation or are using a non-web authentication mechanism.
|
||||
$allow_unguarded_writes = true;
|
||||
|
||||
if (isset($metadata['actAsUser'])) {
|
||||
$this->actAsUser($api_request, $metadata['actAsUser']);
|
||||
}
|
||||
}
|
||||
|
||||
if ($method_handler->shouldAllowUnguardedWrites()) {
|
||||
|
@ -123,6 +127,7 @@ class PhabricatorConduitAPIController
|
|||
if ($allow_unguarded_writes) {
|
||||
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
|
||||
}
|
||||
|
||||
try {
|
||||
$result = $method_handler->executeMethod($api_request);
|
||||
$error_code = null;
|
||||
|
@ -187,6 +192,34 @@ class PhabricatorConduitAPIController
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Change the api request user to the user that we want to act as.
|
||||
* Only admins can use actAsUser
|
||||
*
|
||||
* @param ConduitAPIRequest Request being executed.
|
||||
* @param string The username of the user we want to act as
|
||||
*/
|
||||
private function actAsUser(
|
||||
ConduitAPIRequest $api_request,
|
||||
$user_name) {
|
||||
|
||||
if (!$api_request->getUser()->getIsAdmin()) {
|
||||
throw new Exception("Only administrators can use actAsUser");
|
||||
}
|
||||
|
||||
$user = id(new PhabricatorUser())->loadOneWhere(
|
||||
'userName = %s',
|
||||
$user_name);
|
||||
|
||||
if (!$user) {
|
||||
throw new Exception(
|
||||
"The actAsUser username '{$user_name}' is not a valid user."
|
||||
);
|
||||
}
|
||||
|
||||
$api_request->setUser($user);
|
||||
}
|
||||
|
||||
/**
|
||||
* Authenticate the client making the request to a Phabricator user account.
|
||||
*
|
||||
|
|
Loading…
Reference in a new issue