mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-24 22:40:55 +01:00
Make HeraldRule implement PhabricatorPolicyInterface
Summary: Ref T603. Ref T2769. Herald currently interacts with policies in a bad way; specifically, I can create a rule which emails me for everything, and thus learn about objects I can't otherwise see. This shouldn't be possible, so I'm going to reduce personal rules to have only the viewer's scope. For global rules, I think I'm always going to let any user edit them, but make who the rule acts as part of the configuration. There will be an option to make a rule omnipotent, but only admins (or some other special subset of users) will be able to select it. Transactions/subscriptions will provide a check against users editing global rules in ways that are bad. Test Plan: Next diffs. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T603, T2769 Differential Revision: https://secure.phabricator.com/D6649
This commit is contained in:
parent
2820fdc89b
commit
8eed5b1f14
2 changed files with 42 additions and 2 deletions
|
@ -2624,7 +2624,11 @@ phutil_register_library_map(array(
|
||||||
'HeraldNewController' => 'HeraldController',
|
'HeraldNewController' => 'HeraldController',
|
||||||
'HeraldPHIDTypeRule' => 'PhabricatorPHIDType',
|
'HeraldPHIDTypeRule' => 'PhabricatorPHIDType',
|
||||||
'HeraldRecursiveConditionsException' => 'Exception',
|
'HeraldRecursiveConditionsException' => 'Exception',
|
||||||
'HeraldRule' => 'HeraldDAO',
|
'HeraldRule' =>
|
||||||
|
array(
|
||||||
|
0 => 'HeraldDAO',
|
||||||
|
1 => 'PhabricatorPolicyInterface',
|
||||||
|
),
|
||||||
'HeraldRuleController' => 'HeraldController',
|
'HeraldRuleController' => 'HeraldController',
|
||||||
'HeraldRuleEdit' => 'HeraldDAO',
|
'HeraldRuleEdit' => 'HeraldDAO',
|
||||||
'HeraldRuleEditHistoryController' => 'HeraldController',
|
'HeraldRuleEditHistoryController' => 'HeraldController',
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
final class HeraldRule extends HeraldDAO {
|
final class HeraldRule extends HeraldDAO
|
||||||
|
implements PhabricatorPolicyInterface {
|
||||||
|
|
||||||
const TABLE_RULE_APPLIED = 'herald_ruleapplied';
|
const TABLE_RULE_APPLIED = 'herald_ruleapplied';
|
||||||
|
|
||||||
|
@ -232,4 +233,39 @@ final class HeraldRule extends HeraldDAO {
|
||||||
return $this->invalidOwner;
|
return $this->invalidOwner;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function isGlobalRule() {
|
||||||
|
return ($this->getRuleType() === HeraldRuleTypeConfig::RULE_TYPE_GLOBAL);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function isPersonalRule() {
|
||||||
|
return ($this->getRuleType() === HeraldRuleTypeConfig::RULE_TYPE_PERSONAL);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* -( PhabricatorPolicyInterface )----------------------------------------- */
|
||||||
|
|
||||||
|
|
||||||
|
public function getCapabilities() {
|
||||||
|
return array(
|
||||||
|
PhabricatorPolicyCapability::CAN_VIEW,
|
||||||
|
PhabricatorPolicyCapability::CAN_EDIT,
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function getPolicy($capability) {
|
||||||
|
if ($this->isGlobalRule()) {
|
||||||
|
return PhabricatorPolicies::POLICY_USER;
|
||||||
|
} else {
|
||||||
|
return PhabricatorPolicies::POLICY_NOONE;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public function hasAutomaticCapability($capability, PhabricatorUser $viewer) {
|
||||||
|
if ($this->isPersonalRule()) {
|
||||||
|
return ($viewer->getPHID() == $this->getAuthorPHID());
|
||||||
|
} else {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue