Paste: Add edit policy

Summary: T5549

Test Plan: Set edit policy on paste, check that only users meeting the policy requirements can edit it.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Maniphest Tasks: T5549

Differential Revision: https://secure.phabricator.com/D11097

resources/sql/autopatches/20141230.pasteeditpolicycolumn.sql

@@ -0,0 +1,3 @@
+ALTER TABLE `{$NAMESPACE}_pastebin`.`pastebin_paste`
+  ADD `editPolicy` VARBINARY(64) NOT NULL
+  AFTER `viewPolicy`;

resources/sql/autopatches/20141230.pasteeditpolicyexisting.sql

@@ -0,0 +1,2 @@
+UPDATE `{$NAMESPACE}_pastebin`.`pastebin_paste` SET editPolicy = authorPHID
+  WHERE editPolicy = '';

src/__phutil_library_map__.php

@@ -1203,6 +1203,7 @@ phutil_register_library_map(array(
     'PasteConduitAPIMethod' => 'applications/paste/conduit/PasteConduitAPIMethod.php',
     'PasteCreateConduitAPIMethod' => 'applications/paste/conduit/PasteCreateConduitAPIMethod.php',
     'PasteCreateMailReceiver' => 'applications/paste/mail/PasteCreateMailReceiver.php',
+    'PasteDefaultEditCapability' => 'applications/paste/capability/PasteDefaultEditCapability.php',
     'PasteDefaultViewCapability' => 'applications/paste/capability/PasteDefaultViewCapability.php',
     'PasteEmbedView' => 'applications/paste/view/PasteEmbedView.php',
     'PasteInfoConduitAPIMethod' => 'applications/paste/conduit/PasteInfoConduitAPIMethod.php',
@@ -4326,6 +4327,7 @@ phutil_register_library_map(array(
     'PasteConduitAPIMethod' => 'ConduitAPIMethod',
     'PasteCreateConduitAPIMethod' => 'PasteConduitAPIMethod',
     'PasteCreateMailReceiver' => 'PhabricatorMailReceiver',
+    'PasteDefaultEditCapability' => 'PhabricatorPolicyCapability',
     'PasteDefaultViewCapability' => 'PhabricatorPolicyCapability',
     'PasteEmbedView' => 'AphrontView',
     'PasteInfoConduitAPIMethod' => 'PasteConduitAPIMethod',

src/applications/paste/application/PhabricatorPasteApplication.php

@@ -50,6 +50,9 @@ final class PhabricatorPasteApplication extends PhabricatorApplication {
       PasteDefaultViewCapability::CAPABILITY => array(
         'caption' => pht('Default view policy for newly created pastes.'),
       ),
+      PasteDefaultEditCapability::CAPABILITY => array(
+        'caption' => pht('Default edit policy for newly created pastes.'),
+      ),
     );
   }
 

src/applications/paste/capability/PasteDefaultEditCapability.php

@@ -0,0 +1,11 @@
+<?php
+
+final class PasteDefaultEditCapability extends PhabricatorPolicyCapability {
+
+  const CAPABILITY = 'paste.default.edit';
+
+  public function getCapabilityName() {
+    return pht('Default Edit Policy');
+  }
+
+}

src/applications/paste/controller/PhabricatorPasteEditController.php

@@ -69,7 +69,8 @@ final class PhabricatorPasteEditController extends PhabricatorPasteController {
       $v_language = $paste->getLanguage();
       $v_text = $paste->getRawContent();
     }
-    $v_policy = $paste->getViewPolicy();
+    $v_view_policy = $paste->getViewPolicy();
+    $v_edit_policy = $paste->getEditPolicy();
 
     if ($is_create) {
       $v_projects = array();
@@ -93,7 +94,8 @@ final class PhabricatorPasteEditController extends PhabricatorPasteController {
 
       $v_title = $request->getStr('title');
       $v_language = $request->getStr('language');
-      $v_policy = $request->getStr('can_view');
+      $v_view_policy = $request->getStr('can_view');
+      $v_edit_policy = $request->getStr('can_edit');
       $v_projects = $request->getArr('projects');
 
       // NOTE: The author is the only editor and can always view the paste,
@@ -119,7 +121,10 @@ final class PhabricatorPasteEditController extends PhabricatorPasteController {
           ->setNewValue($v_language);
         $xactions[] = id(new PhabricatorPasteTransaction())
           ->setTransactionType(PhabricatorTransactions::TYPE_VIEW_POLICY)
-          ->setNewValue($v_policy);
+          ->setNewValue($v_view_policy);
+        $xactions[] = id(new PhabricatorPasteTransaction())
+          ->setTransactionType(PhabricatorTransactions::TYPE_EDIT_POLICY)
+          ->setNewValue($v_edit_policy);
 
         $proj_edge_type = PhabricatorProjectObjectHasProjectEdgeType::EDGECONST;
         $xactions[] = id(new PhabricatorPasteTransaction())
@@ -136,7 +141,8 @@ final class PhabricatorPasteEditController extends PhabricatorPasteController {
       } else {
         // make sure we update policy so its correctly populated to what
         // the user chose
-        $paste->setViewPolicy($v_policy);
+        $paste->setViewPolicy($v_view_policy);
+        $paste->setEditPolicy($v_edit_policy);
       }
     }
 
@@ -174,6 +180,13 @@ final class PhabricatorPasteEditController extends PhabricatorPasteController {
         ->setPolicies($policies)
         ->setName('can_view'));
 
+    $form->appendChild(
+      id(new AphrontFormPolicyControl())
+        ->setUser($user)
+        ->setCapability(PhabricatorPolicyCapability::CAN_EDIT)
+        ->setPolicyObject($paste)
+        ->setPolicies($policies)
+        ->setName('can_edit'));
 
     if ($v_projects) {
       $project_handles = $this->loadViewerHandles($v_projects);

src/applications/paste/editor/PhabricatorPasteEditor.php

@@ -25,6 +25,7 @@ final class PhabricatorPasteEditor
         'mime-type' => 'text/plain; charset=utf-8',
         'authorPHID' => $actor->getPHID(),
         'viewPolicy' => PhabricatorPolicies::POLICY_NOONE,
+        'editPolicy' => PhabricatorPolicies::POLICY_NOONE,
       ));
   }
 
@@ -35,6 +36,7 @@ final class PhabricatorPasteEditor
     $types[] = PhabricatorPasteTransaction::TYPE_TITLE;
     $types[] = PhabricatorPasteTransaction::TYPE_LANGUAGE;
     $types[] = PhabricatorTransactions::TYPE_VIEW_POLICY;
+    $types[] = PhabricatorTransactions::TYPE_EDIT_POLICY;
     $types[] = PhabricatorTransactions::TYPE_COMMENT;
 
     return $types;
@@ -83,6 +85,9 @@ final class PhabricatorPasteEditor
       case PhabricatorTransactions::TYPE_VIEW_POLICY:
         $object->setViewPolicy($xaction->getNewValue());
         return;
+      case PhabricatorTransactions::TYPE_EDIT_POLICY:
+        $object->setEditPolicy($xaction->getNewValue());
+        return;
       case PhabricatorTransactions::TYPE_COMMENT:
       case PhabricatorTransactions::TYPE_SUBSCRIBERS:
       case PhabricatorTransactions::TYPE_EDGE:
@@ -101,6 +106,7 @@ final class PhabricatorPasteEditor
       case PhabricatorPasteTransaction::TYPE_TITLE:
       case PhabricatorPasteTransaction::TYPE_LANGUAGE:
       case PhabricatorTransactions::TYPE_VIEW_POLICY:
+      case PhabricatorTransactions::TYPE_EDIT_POLICY:
       case PhabricatorTransactions::TYPE_COMMENT:
       case PhabricatorTransactions::TYPE_SUBSCRIBERS:
       case PhabricatorTransactions::TYPE_EDGE:

src/applications/paste/storage/PhabricatorPaste.php

@@ -17,6 +17,7 @@ final class PhabricatorPaste extends PhabricatorPasteDAO
   protected $language;
   protected $parentPHID;
   protected $viewPolicy;
+  protected $editPolicy;
   protected $mailKey;
 
   private $content = self::ATTACHABLE;
@@ -29,11 +30,13 @@ final class PhabricatorPaste extends PhabricatorPasteDAO
       ->executeOne();
 
     $view_policy = $app->getPolicy(PasteDefaultViewCapability::CAPABILITY);
+    $edit_policy = $app->getPolicy(PasteDefaultEditCapability::CAPABILITY);
 
     return id(new PhabricatorPaste())
       ->setTitle('')
       ->setAuthorPHID($actor->getPHID())
-      ->setViewPolicy($view_policy);
+      ->setViewPolicy($view_policy)
+      ->setEditPolicy($edit_policy);
   }
 
   public function getURI() {
@@ -146,6 +149,8 @@ final class PhabricatorPaste extends PhabricatorPasteDAO
   public function getPolicy($capability) {
     if ($capability == PhabricatorPolicyCapability::CAN_VIEW) {
       return $this->viewPolicy;
+    } else if ($capability == PhabricatorPolicyCapability::CAN_EDIT) {
+      return $this->editPolicy;
     }
     return PhabricatorPolicies::POLICY_NOONE;
   }