From bc6e6c0500b7c7c0c7e48f93c05c6952e066c795 Mon Sep 17 00:00:00 2001 From: epriestley Date: Thu, 6 Oct 2016 14:57:43 -0700 Subject: [PATCH] Allow Calendar exports to be disabled Summary: Ref T10747. This adds disable/enable to exports. Mostly useful if you leak a URI by accident. Test Plan: - Disabled and enabled exports. - Verified that disabled exports don't actually export any data. Reviewers: chad Reviewed By: chad Maniphest Tasks: T10747 Differential Revision: https://secure.phabricator.com/D16681 --- src/__phutil_library_map__.php | 2 + .../PhabricatorCalendarApplication.php | 3 + ...ricatorCalendarExportDisableController.php | 63 +++++++++++++++++++ ...PhabricatorCalendarExportICSController.php | 4 ++ ...habricatorCalendarExportViewController.php | 32 ++++++++-- 5 files changed, 99 insertions(+), 5 deletions(-) create mode 100644 src/applications/calendar/controller/PhabricatorCalendarExportDisableController.php diff --git a/src/__phutil_library_map__.php b/src/__phutil_library_map__.php index e7b7304e18..085e86c84b 100644 --- a/src/__phutil_library_map__.php +++ b/src/__phutil_library_map__.php @@ -2076,6 +2076,7 @@ phutil_register_library_map(array( 'PhabricatorCalendarEventUntilDateTransaction' => 'applications/calendar/xaction/PhabricatorCalendarEventUntilDateTransaction.php', 'PhabricatorCalendarEventViewController' => 'applications/calendar/controller/PhabricatorCalendarEventViewController.php', 'PhabricatorCalendarExport' => 'applications/calendar/storage/PhabricatorCalendarExport.php', + 'PhabricatorCalendarExportDisableController' => 'applications/calendar/controller/PhabricatorCalendarExportDisableController.php', 'PhabricatorCalendarExportDisableTransaction' => 'applications/calendar/xaction/PhabricatorCalendarExportDisableTransaction.php', 'PhabricatorCalendarExportEditController' => 'applications/calendar/controller/PhabricatorCalendarExportEditController.php', 'PhabricatorCalendarExportEditEngine' => 'applications/calendar/editor/PhabricatorCalendarExportEditEngine.php', @@ -6849,6 +6850,7 @@ phutil_register_library_map(array( 'PhabricatorApplicationTransactionInterface', 'PhabricatorDestructibleInterface', ), + 'PhabricatorCalendarExportDisableController' => 'PhabricatorCalendarController', 'PhabricatorCalendarExportDisableTransaction' => 'PhabricatorCalendarExportTransactionType', 'PhabricatorCalendarExportEditController' => 'PhabricatorCalendarController', 'PhabricatorCalendarExportEditEngine' => 'PhabricatorEditEngine', diff --git a/src/applications/calendar/application/PhabricatorCalendarApplication.php b/src/applications/calendar/application/PhabricatorCalendarApplication.php index ba18c13830..208fc83ae9 100644 --- a/src/applications/calendar/application/PhabricatorCalendarApplication.php +++ b/src/applications/calendar/application/PhabricatorCalendarApplication.php @@ -71,6 +71,9 @@ final class PhabricatorCalendarApplication extends PhabricatorApplication { => 'PhabricatorCalendarExportViewController', 'ics/(?P[^/]+)/(?P[^/]*)' => 'PhabricatorCalendarExportICSController', + 'disable/(?P[1-9]\d*)/' + => 'PhabricatorCalendarExportDisableController', + ), ), ); diff --git a/src/applications/calendar/controller/PhabricatorCalendarExportDisableController.php b/src/applications/calendar/controller/PhabricatorCalendarExportDisableController.php new file mode 100644 index 0000000000..6be28499c4 --- /dev/null +++ b/src/applications/calendar/controller/PhabricatorCalendarExportDisableController.php @@ -0,0 +1,63 @@ +getViewer(); + + $export = id(new PhabricatorCalendarExportQuery()) + ->setViewer($viewer) + ->withIDs(array($request->getURIData('id'))) + ->requireCapabilities( + array( + PhabricatorPolicyCapability::CAN_VIEW, + PhabricatorPolicyCapability::CAN_EDIT, + )) + ->executeOne(); + if (!$export) { + return new Aphront404Response(); + } + + $export_uri = $export->getURI(); + $is_disable = !$export->getIsDisabled(); + + if ($request->isFormPost()) { + $xactions = array(); + $xactions[] = id(new PhabricatorCalendarExportTransaction()) + ->setTransactionType( + PhabricatorCalendarExportDisableTransaction::TRANSACTIONTYPE) + ->setNewValue($is_disable ? 1 : 0); + + $editor = id(new PhabricatorCalendarExportEditor()) + ->setActor($viewer) + ->setContinueOnNoEffect(true) + ->setContinueOnMissingFields(true) + ->setContentSourceFromRequest($request); + + $editor->applyTransactions($export, $xactions); + + return id(new AphrontRedirectResponse())->setURI($export_uri); + } + + if ($is_disable) { + $title = pht('Disable Export'); + $body = pht( + 'Disable this export? The export URI will no longer function.'); + $button = pht('Disable Export'); + } else { + $title = pht('Enable Export'); + $body = pht( + 'Enable this export? Anyone who knows the export URI will be able '. + 'to export the data.'); + $button = pht('Enable Export'); + } + + return $this->newDialog() + ->setTitle($title) + ->appendParagraph($body) + ->addCancelButton($export_uri) + ->addSubmitButton($button); + } + +} diff --git a/src/applications/calendar/controller/PhabricatorCalendarExportICSController.php b/src/applications/calendar/controller/PhabricatorCalendarExportICSController.php index 04a116a740..a1264693bd 100644 --- a/src/applications/calendar/controller/PhabricatorCalendarExportICSController.php +++ b/src/applications/calendar/controller/PhabricatorCalendarExportICSController.php @@ -24,6 +24,10 @@ final class PhabricatorCalendarExportICSController return new Aphront404Response(); } + if ($export->getIsDisabled()) { + return new Aphront404Response(); + } + $author = id(new PhabricatorPeopleQuery()) ->setViewer($omnipotent) ->withPHIDs(array($export->getAuthorPHID())) diff --git a/src/applications/calendar/controller/PhabricatorCalendarExportViewController.php b/src/applications/calendar/controller/PhabricatorCalendarExportViewController.php index 3763fe30ae..1dc2a8d1be 100644 --- a/src/applications/calendar/controller/PhabricatorCalendarExportViewController.php +++ b/src/applications/calendar/controller/PhabricatorCalendarExportViewController.php @@ -55,7 +55,7 @@ final class PhabricatorCalendarExportViewController if ($export->getIsDisabled()) { $icon = 'fa-ban'; - $color = 'grey'; + $color = 'red'; $status = pht('Disabled'); } else { $icon = 'fa-check'; @@ -102,6 +102,24 @@ final class PhabricatorCalendarExportViewController ->setIcon('fa-download') ->setHref($ics_uri)); + $disable_uri = "export/disable/{$id}/"; + $disable_uri = $this->getApplicationURI($disable_uri); + if ($export->getIsDisabled()) { + $disable_name = pht('Enable Export'); + $disable_icon = 'fa-check'; + } else { + $disable_name = pht('Disable Export'); + $disable_icon = 'fa-ban'; + } + + $curtain->addAction( + id(new PhabricatorActionView()) + ->setName($disable_name) + ->setIcon($disable_icon) + ->setDisabled(!$can_edit) + ->setWorkflow(true) + ->setHref($disable_uri)); + return $curtain; } @@ -140,14 +158,18 @@ final class PhabricatorCalendarExportViewController $ics_uri = $export->getICSURI(); $ics_uri = PhabricatorEnv::getURI($ics_uri); - $properties->addProperty( - pht('ICS URI'), - phutil_tag( + if ($export->getIsDisabled()) { + $ics_href = phutil_tag('em', array(), $ics_uri); + } else { + $ics_href = phutil_tag( 'a', array( 'href' => $ics_uri, ), - $ics_uri)); + $ics_uri); + } + + $properties->addProperty(pht('ICS URI'), $ics_href); return $properties; }