1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-10 00:42:41 +01:00

Use RepositoryQuery along common pathways

Summary: Ref T603. Make common repository queries (in Conduit and DiffusionRequest) policy-aware. These tend to get caugh by something else anyway, but tighten them up.

Test Plan: The conduit change already provided `user` everywhere. I verified that and browsed some pages.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D7060
This commit is contained in:
epriestley 2013-09-21 16:24:08 -07:00
parent e7a7e43104
commit a09616858b
2 changed files with 20 additions and 9 deletions

View file

@ -43,9 +43,10 @@ abstract class ConduitAPI_diffusion_abstractquery_Method
$this->repository = $this->getDiffusionRequest()->getRepository();
} else {
$callsign = $request->getValue('callsign');
$repository = id(new PhabricatorRepository())->loadOneWhere(
'callsign = %s',
$callsign);
$repository = id(new PhabricatorRepositoryQuery())
->setViewer($request->getUser())
->withCallsigns(array($callsign))
->executeOne();
if (!$repository) {
throw new ConduitException('ERR-UNKNOWN-REPOSITORY');
}

View file

@ -46,6 +46,7 @@ abstract class DiffusionRequest {
* Parameters are:
*
* - `callsign` Repository callsign. Provide this or `repository`.
* - `user` Viewing user. Required if `callsign` is provided.
* - `repository` Repository object. Provide this or `callsign`.
* - `branch` Optional, branch name.
* - `path` Optional, file path.
@ -63,14 +64,19 @@ abstract class DiffusionRequest {
} else if (!isset($data['repository']) && !isset($data['callsign'])) {
throw new Exception(
"One of 'repository' and 'callsign' is required.");
} else if (isset($data['callsign']) && empty($data['user'])) {
throw new Exception(
"Parameter 'user' is required if 'callsign' is provided.");
}
if (isset($data['repository'])) {
$object = self::newFromRepository($data['repository']);
} else {
$object = self::newFromCallsign($data['callsign']);
$object = self::newFromCallsign($data['callsign'], $data['user']);
}
$object->initializeFromDictionary($data);
return $object;
}
@ -89,7 +95,7 @@ abstract class DiffusionRequest {
AphrontRequest $request) {
$callsign = phutil_unescape_uri_path_component(idx($data, 'callsign'));
$object = self::newFromCallsign($callsign);
$object = self::newFromCallsign($callsign, $request->getUser());
$use_branches = $object->getSupportsBranches();
$parsed = self::parseRequestBlob(idx($data, 'dblob'), $use_branches);
@ -115,14 +121,18 @@ abstract class DiffusionRequest {
* Internal. Use @{method:newFromDictionary}, not this method.
*
* @param string Repository callsign.
* @param PhabricatorUser Viewing user.
* @return DiffusionRequest New request object.
* @task new
*/
final private static function newFromCallsign($callsign) {
$repository = id(new PhabricatorRepository())->loadOneWhere(
'callsign = %s',
$callsign);
final private static function newFromCallsign(
$callsign,
PhabricatorUser $viewer) {
$repository = id(new PhabricatorRepositoryQuery())
->setViewer($viewer)
->withCallsigns(array($callsign))
->executeOne();
if (!$repository) {
throw new Exception("No such repository '{$callsign}'.");
}