mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-24 14:30:56 +01:00
Make HeraldRule implement PhabricatorPolicyInterface
Summary: Ref T603. Ref T2769. Herald currently interacts with policies in a bad way; specifically, I can create a rule which emails me for everything, and thus learn about objects I can't otherwise see. This shouldn't be possible, so I'm going to reduce personal rules to have only the viewer's scope. For global rules, I think I'm always going to let any user edit them, but make who the rule acts as part of the configuration. There will be an option to make a rule omnipotent, but only admins (or some other special subset of users) will be able to select it. Transactions/subscriptions will provide a check against users editing global rules in ways that are bad. Test Plan: Next diffs. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T603, T2769 Differential Revision: https://secure.phabricator.com/D6649
This commit is contained in:
parent
2820fdc89b
commit
8eed5b1f14
2 changed files with 42 additions and 2 deletions
|
@ -2624,7 +2624,11 @@ phutil_register_library_map(array(
|
|||
'HeraldNewController' => 'HeraldController',
|
||||
'HeraldPHIDTypeRule' => 'PhabricatorPHIDType',
|
||||
'HeraldRecursiveConditionsException' => 'Exception',
|
||||
'HeraldRule' => 'HeraldDAO',
|
||||
'HeraldRule' =>
|
||||
array(
|
||||
0 => 'HeraldDAO',
|
||||
1 => 'PhabricatorPolicyInterface',
|
||||
),
|
||||
'HeraldRuleController' => 'HeraldController',
|
||||
'HeraldRuleEdit' => 'HeraldDAO',
|
||||
'HeraldRuleEditHistoryController' => 'HeraldController',
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
<?php
|
||||
|
||||
final class HeraldRule extends HeraldDAO {
|
||||
final class HeraldRule extends HeraldDAO
|
||||
implements PhabricatorPolicyInterface {
|
||||
|
||||
const TABLE_RULE_APPLIED = 'herald_ruleapplied';
|
||||
|
||||
|
@ -232,4 +233,39 @@ final class HeraldRule extends HeraldDAO {
|
|||
return $this->invalidOwner;
|
||||
}
|
||||
|
||||
public function isGlobalRule() {
|
||||
return ($this->getRuleType() === HeraldRuleTypeConfig::RULE_TYPE_GLOBAL);
|
||||
}
|
||||
|
||||
public function isPersonalRule() {
|
||||
return ($this->getRuleType() === HeraldRuleTypeConfig::RULE_TYPE_PERSONAL);
|
||||
}
|
||||
|
||||
|
||||
/* -( PhabricatorPolicyInterface )----------------------------------------- */
|
||||
|
||||
|
||||
public function getCapabilities() {
|
||||
return array(
|
||||
PhabricatorPolicyCapability::CAN_VIEW,
|
||||
PhabricatorPolicyCapability::CAN_EDIT,
|
||||
);
|
||||
}
|
||||
|
||||
public function getPolicy($capability) {
|
||||
if ($this->isGlobalRule()) {
|
||||
return PhabricatorPolicies::POLICY_USER;
|
||||
} else {
|
||||
return PhabricatorPolicies::POLICY_NOONE;
|
||||
}
|
||||
}
|
||||
|
||||
public function hasAutomaticCapability($capability, PhabricatorUser $viewer) {
|
||||
if ($this->isPersonalRule()) {
|
||||
return ($viewer->getPHID() == $this->getAuthorPHID());
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue