1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-26 07:20:57 +01:00

Update PhortunePaymentMethod for modern policy interfaces

Summary:
Depends on D20717. Ref T13366. Make PhortunePaymentMethod use an extended policy interface for consistency with modern approaches. Since Accounts have hard-coded policy behavior (and can't have object policies like "Subscribers") this should have no actual impact on program behavior.

This leaves one weird piece in the policy dialog UIs, see T13381.

Test Plan: Viewed and edited payment methods as a merchant and account member. Merchants can only view, not edit.

Maniphest Tasks: T13366

Differential Revision: https://secure.phabricator.com/D20718
This commit is contained in:
epriestley 2019-08-16 10:04:57 -07:00
parent 0cc7e8eeb8
commit c4e0ac4d27
6 changed files with 87 additions and 20 deletions

View file

@ -5329,6 +5329,7 @@ phutil_register_library_map(array(
'PhortunePaymentMethodDisableController' => 'applications/phortune/controller/payment/PhortunePaymentMethodDisableController.php',
'PhortunePaymentMethodEditController' => 'applications/phortune/controller/payment/PhortunePaymentMethodEditController.php',
'PhortunePaymentMethodPHIDType' => 'applications/phortune/phid/PhortunePaymentMethodPHIDType.php',
'PhortunePaymentMethodPolicyCodex' => 'applications/phortune/codex/PhortunePaymentMethodPolicyCodex.php',
'PhortunePaymentMethodQuery' => 'applications/phortune/query/PhortunePaymentMethodQuery.php',
'PhortunePaymentProvider' => 'applications/phortune/provider/PhortunePaymentProvider.php',
'PhortunePaymentProviderConfig' => 'applications/phortune/storage/PhortunePaymentProviderConfig.php',
@ -11893,11 +11894,14 @@ phutil_register_library_map(array(
'PhortunePaymentMethod' => array(
'PhortuneDAO',
'PhabricatorPolicyInterface',
'PhabricatorExtendedPolicyInterface',
'PhabricatorPolicyCodexInterface',
),
'PhortunePaymentMethodCreateController' => 'PhortuneController',
'PhortunePaymentMethodDisableController' => 'PhortuneController',
'PhortunePaymentMethodEditController' => 'PhortuneController',
'PhortunePaymentMethodPHIDType' => 'PhabricatorPHIDType',
'PhortunePaymentMethodPolicyCodex' => 'PhabricatorPolicyCodex',
'PhortunePaymentMethodQuery' => 'PhabricatorCursorPagedPolicyAwareQuery',
'PhortunePaymentProvider' => 'Phobject',
'PhortunePaymentProviderConfig' => array(

View file

@ -0,0 +1,35 @@
<?php
final class PhortunePaymentMethodPolicyCodex
extends PhabricatorPolicyCodex {
public function getPolicySpecialRuleDescriptions() {
$object = $this->getObject();
$rules = array();
$rules[] = $this->newRule()
->setCapabilities(
array(
PhabricatorPolicyCapability::CAN_VIEW,
))
->setIsActive(true)
->setDescription(
pht(
'Account members may view and edit payment methods.'));
$rules[] = $this->newRule()
->setCapabilities(
array(
PhabricatorPolicyCapability::CAN_VIEW,
))
->setIsActive(true)
->setDescription(
pht(
'Merchants you have a relationship with may view associated '.
'payment methods.'));
return $rules;
}
}

View file

@ -34,7 +34,6 @@ final class PhortuneAccountPaymentMethodsController
->setCrumbs($crumbs)
->setNavigation($navigation)
->appendChild($view);
}
private function buildPaymentMethodsSection(PhortuneAccount $account) {

View file

@ -53,6 +53,7 @@ final class PhortunePaymentMethodQuery
$account = idx($accounts, $method->getAccountPHID());
if (!$account) {
unset($methods[$key]);
$this->didRejectResult($method);
continue;
}
$method->attachAccount($account);
@ -72,6 +73,7 @@ final class PhortunePaymentMethodQuery
$merchant = idx($merchants, $method->getMerchantPHID());
if (!$merchant) {
unset($methods[$key]);
$this->didRejectResult($method);
continue;
}
$method->attachMerchant($merchant);
@ -91,6 +93,7 @@ final class PhortunePaymentMethodQuery
$provider_config = idx($provider_configs, $method->getProviderPHID());
if (!$provider_config) {
unset($methods[$key]);
$this->didRejectResult($method);
continue;
}
$method->attachProviderConfig($provider_config);

View file

@ -4,8 +4,12 @@
* A payment method is a credit card; it is associated with an account and
* charges can be made against it.
*/
final class PhortunePaymentMethod extends PhortuneDAO
implements PhabricatorPolicyInterface {
final class PhortunePaymentMethod
extends PhortuneDAO
implements
PhabricatorPolicyInterface,
PhabricatorExtendedPolicyInterface,
PhabricatorPolicyCodexInterface {
const STATUS_ACTIVE = 'payment:active';
const STATUS_DISABLED = 'payment:disabled';
@ -148,18 +152,50 @@ final class PhortunePaymentMethod extends PhortuneDAO
}
public function getPolicy($capability) {
return $this->getAccount()->getPolicy($capability);
return PhabricatorPolicies::getMostOpenPolicy();
}
public function hasAutomaticCapability($capability, PhabricatorUser $viewer) {
return $this->getAccount()->hasAutomaticCapability(
$capability,
$viewer);
// See T13366. If you can edit the merchant associated with this payment
// method, you can view the payment method.
if ($capability === PhabricatorPolicyCapability::CAN_VIEW) {
$any_edit = PhortuneMerchantQuery::canViewersEditMerchants(
array($viewer->getPHID()),
array($this->getMerchantPHID()));
if ($any_edit) {
return true;
}
}
return false;
}
public function describeAutomaticCapability($capability) {
return pht(
'Members of an account can always view and edit its payment methods.');
/* -( PhabricatorExtendedPolicyInterface )--------------------------------- */
public function getExtendedPolicy($capability, PhabricatorUser $viewer) {
if ($this->hasAutomaticCapability($capability, $viewer)) {
return array();
}
// See T13366. For blanket view and edit permissions on all payment
// methods, you must be able to edit the associated account.
return array(
array(
$this->getAccount(),
PhabricatorPolicyCapability::CAN_EDIT,
),
);
}
/* -( PhabricatorPolicyCodexInterface )------------------------------------ */
public function newPolicyCodex() {
return new PhortunePaymentMethodPolicyCodex();
}
}

View file

@ -44,16 +44,6 @@ abstract class PhabricatorPolicyCodex
return null;
}
final public function getPolicySpecialRuleForCapability($capability) {
foreach ($this->getPolicySpecialRuleDescriptions() as $rule) {
if (in_array($capability, $rule->getCapabilities())) {
return $rule;
}
}
return null;
}
final protected function newRule() {
return new PhabricatorPolicyCodexRuleDescription();
}