From a6aa8f746f585f5966ff5ac269a805b4f81e84e6 Mon Sep 17 00:00:00 2001 From: epriestley Date: Tue, 11 Dec 2012 17:16:05 -0800 Subject: [PATCH] Implement "USER" policy Summary: I thought I'd already implemented this, but hadn't. Implement a "USER" policy -- a USER phid means only that user has the capability. Test Plan: Looked at macros as a user other than the comment owner. Reviewers: btrahan, vrana Reviewed By: btrahan CC: aran Differential Revision: https://secure.phabricator.com/D4155 --- .../policy/filter/PhabricatorPolicyFilter.php | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/src/applications/policy/filter/PhabricatorPolicyFilter.php b/src/applications/policy/filter/PhabricatorPolicyFilter.php index 70525774e1..1ce618b8b4 100644 --- a/src/applications/policy/filter/PhabricatorPolicyFilter.php +++ b/src/applications/policy/filter/PhabricatorPolicyFilter.php @@ -205,6 +205,12 @@ final class PhabricatorPolicyFilter { } else { $this->rejectObject($object, $policy, $capability); } + } else if ($type == PhabricatorPHIDConstants::PHID_TYPE_USER) { + if ($viewer->getPHID() == $policy) { + return true; + } else { + $this->rejectObject($object, $policy, $capability); + } } else { throw new Exception("Object has unknown policy '{$policy}'!"); } @@ -253,13 +259,16 @@ final class PhabricatorPolicyFilter { $who = "No one can {$verb} this object."; break; default: + $handle = PhabricatorObjectHandleData::loadOneHandle( + $policy, + $this->viewer); + $type = phid_get_type($policy); if ($type == PhabricatorPHIDConstants::PHID_TYPE_PROJ) { - $handle = PhabricatorObjectHandleData::loadOneHandle( - $policy, - $this->viewer); $who = "To {$verb} this object, you must be a member of project ". "'".$handle->getFullName()."'."; + } else if ($type == PhabricatorPHIDConstants::PHID_TYPE_USER) { + $who = "Only '".$handle->getFullName()."' can {$verb} this object."; } else { $who = "It is unclear who can {$verb} this object."; }