mirror of
https://we.phorge.it/source/phorge.git
synced 2025-01-17 10:11:10 +01:00
Don't show client IP in push logs unless viewer can edit the repository
Summary: This locks push logs down a little bit and makes them slightly more administrative. Primarily, don't show IPs to googlebot, etc. Test Plan: Viewed push logs as edit and non-edit users. Reviewers: btrahan Reviewed By: btrahan CC: aran Differential Revision: https://secure.phabricator.com/D7722
This commit is contained in:
parent
faaaff0b6f
commit
a1f3233481
1 changed files with 39 additions and 5 deletions
|
@ -30,8 +30,34 @@ final class DiffusionPushLogListController extends DiffusionController
|
||||||
|
|
||||||
$this->loadHandles(mpull($logs, 'getPusherPHID'));
|
$this->loadHandles(mpull($logs, 'getPusherPHID'));
|
||||||
|
|
||||||
|
// Figure out which repositories are editable. We only let you see remote
|
||||||
|
// IPs if you have edit capability on a repository.
|
||||||
|
$editable_repos = array();
|
||||||
|
if ($logs) {
|
||||||
|
$editable_repos = id(new PhabricatorRepositoryQuery())
|
||||||
|
->setViewer($viewer)
|
||||||
|
->requireCapabilities(
|
||||||
|
array(
|
||||||
|
PhabricatorPolicyCapability::CAN_VIEW,
|
||||||
|
PhabricatorPolicyCapability::CAN_EDIT,
|
||||||
|
))
|
||||||
|
->withPHIDs(mpull($logs, 'getRepositoryPHID'))
|
||||||
|
->execute();
|
||||||
|
$editable_repos = mpull($editable_repos, null, 'getPHID');
|
||||||
|
}
|
||||||
|
|
||||||
$rows = array();
|
$rows = array();
|
||||||
foreach ($logs as $log) {
|
foreach ($logs as $log) {
|
||||||
|
|
||||||
|
// Reveal this if it's valid and the user can edit the repository.
|
||||||
|
$remote_addr = '-';
|
||||||
|
if (isset($editable_repos[$log->getRepositoryPHID()])) {
|
||||||
|
$remote_long = $log->getRemoteAddress();
|
||||||
|
if ($remote_long) {
|
||||||
|
$remote_addr = long2ip($remote_long);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
$callsign = $log->getRepository()->getCallsign();
|
$callsign = $log->getRepository()->getCallsign();
|
||||||
$rows[] = array(
|
$rows[] = array(
|
||||||
phutil_tag(
|
phutil_tag(
|
||||||
|
@ -41,14 +67,22 @@ final class DiffusionPushLogListController extends DiffusionController
|
||||||
),
|
),
|
||||||
$callsign),
|
$callsign),
|
||||||
$this->getHandle($log->getPusherPHID())->renderLink(),
|
$this->getHandle($log->getPusherPHID())->renderLink(),
|
||||||
$log->getRemoteAddress()
|
$remote_addr,
|
||||||
? long2ip($log->getRemoteAddress())
|
|
||||||
: null,
|
|
||||||
$log->getRemoteProtocol(),
|
$log->getRemoteProtocol(),
|
||||||
$log->getRefType(),
|
$log->getRefType(),
|
||||||
$log->getRefName(),
|
$log->getRefName(),
|
||||||
$log->getRefOldShort(),
|
phutil_tag(
|
||||||
$log->getRefNewShort(),
|
'a',
|
||||||
|
array(
|
||||||
|
'href' => '/r'.$callsign.$log->getRefOld(),
|
||||||
|
),
|
||||||
|
$log->getRefOldShort()),
|
||||||
|
phutil_tag(
|
||||||
|
'a',
|
||||||
|
array(
|
||||||
|
'href' => '/r'.$callsign.$log->getRefNew(),
|
||||||
|
),
|
||||||
|
$log->getRefNewShort()),
|
||||||
phabricator_datetime($log->getEpoch(), $viewer),
|
phabricator_datetime($log->getEpoch(), $viewer),
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue