mirror of
https://we.phorge.it/source/phorge.git
synced 2025-01-10 14:51:06 +01:00
Add a Herald action to trigger "Must Encrypt" for mail
Summary: Depends on D18983. Ref T13053. Adds a new Herald action to activate the "must encrypt" flag and drop mail content. Test Plan: - Created a new Herald rule: {F5407075} - Created a "dog task" (woof woof, unsecure) and a "duck task" (quack quack, secure). - Viewed mail for both in `bin/mail` and web UI, saw appropriate security/encryption behavior. - Viewed "Must Encrypt" in "Headers" tab for the duck mail, saw why the mail was encrypted (link to Herald rule). Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13053 Differential Revision: https://secure.phabricator.com/D18984
This commit is contained in:
parent
7b2b5cd91e
commit
cbe4e68c07
7 changed files with 111 additions and 0 deletions
|
@ -3189,6 +3189,7 @@ phutil_register_library_map(array(
|
|||
'PhabricatorMailManagementUnverifyWorkflow' => 'applications/metamta/management/PhabricatorMailManagementUnverifyWorkflow.php',
|
||||
'PhabricatorMailManagementVolumeWorkflow' => 'applications/metamta/management/PhabricatorMailManagementVolumeWorkflow.php',
|
||||
'PhabricatorMailManagementWorkflow' => 'applications/metamta/management/PhabricatorMailManagementWorkflow.php',
|
||||
'PhabricatorMailMustEncryptHeraldAction' => 'applications/metamta/herald/PhabricatorMailMustEncryptHeraldAction.php',
|
||||
'PhabricatorMailOutboundMailHeraldAdapter' => 'applications/metamta/herald/PhabricatorMailOutboundMailHeraldAdapter.php',
|
||||
'PhabricatorMailOutboundRoutingHeraldAction' => 'applications/metamta/herald/PhabricatorMailOutboundRoutingHeraldAction.php',
|
||||
'PhabricatorMailOutboundRoutingSelfEmailHeraldAction' => 'applications/metamta/herald/PhabricatorMailOutboundRoutingSelfEmailHeraldAction.php',
|
||||
|
@ -8674,6 +8675,7 @@ phutil_register_library_map(array(
|
|||
'PhabricatorMailManagementUnverifyWorkflow' => 'PhabricatorMailManagementWorkflow',
|
||||
'PhabricatorMailManagementVolumeWorkflow' => 'PhabricatorMailManagementWorkflow',
|
||||
'PhabricatorMailManagementWorkflow' => 'PhabricatorManagementWorkflow',
|
||||
'PhabricatorMailMustEncryptHeraldAction' => 'HeraldAction',
|
||||
'PhabricatorMailOutboundMailHeraldAdapter' => 'HeraldAdapter',
|
||||
'PhabricatorMailOutboundRoutingHeraldAction' => 'HeraldAction',
|
||||
'PhabricatorMailOutboundRoutingSelfEmailHeraldAction' => 'PhabricatorMailOutboundRoutingHeraldAction',
|
||||
|
|
|
@ -39,6 +39,7 @@ abstract class HeraldAdapter extends Phobject {
|
|||
private $edgeCache = array();
|
||||
private $forbiddenActions = array();
|
||||
private $viewer;
|
||||
private $mustEncryptReasons = array();
|
||||
|
||||
public function getEmailPHIDs() {
|
||||
return array_values($this->emailPHIDs);
|
||||
|
@ -1182,4 +1183,17 @@ abstract class HeraldAdapter extends Phobject {
|
|||
return $this->forbiddenActions[$action];
|
||||
}
|
||||
|
||||
|
||||
/* -( Must Encrypt )------------------------------------------------------- */
|
||||
|
||||
|
||||
final public function addMustEncryptReason($reason) {
|
||||
$this->mustEncryptReasons[] = $reason;
|
||||
return $this;
|
||||
}
|
||||
|
||||
final public function getMustEncryptReasons() {
|
||||
return $this->mustEncryptReasons;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -175,6 +175,15 @@ final class PhabricatorMetaMTAMailViewController
|
|||
$properties->addProperty($key, $value);
|
||||
}
|
||||
|
||||
$encrypt_phids = $mail->getMustEncryptReasons();
|
||||
if ($encrypt_phids) {
|
||||
$properties->addProperty(
|
||||
pht('Must Encrypt'),
|
||||
$viewer->loadHandles($encrypt_phids)
|
||||
->renderList());
|
||||
}
|
||||
|
||||
|
||||
return $properties;
|
||||
}
|
||||
|
||||
|
|
|
@ -0,0 +1,62 @@
|
|||
<?php
|
||||
|
||||
final class PhabricatorMailMustEncryptHeraldAction
|
||||
extends HeraldAction {
|
||||
|
||||
const DO_MUST_ENCRYPT = 'do.must-encrypt';
|
||||
|
||||
const ACTIONCONST = 'email.must-encrypt';
|
||||
|
||||
public function getHeraldActionName() {
|
||||
return pht('Require secure email');
|
||||
}
|
||||
|
||||
public function renderActionDescription($value) {
|
||||
return pht(
|
||||
'Require mail content be transmitted only over secure channels.');
|
||||
}
|
||||
public function supportsObject($object) {
|
||||
return self::isMailGeneratingObject($object);
|
||||
}
|
||||
|
||||
public function getActionGroupKey() {
|
||||
return HeraldUtilityActionGroup::ACTIONGROUPKEY;
|
||||
}
|
||||
|
||||
public function supportsRuleType($rule_type) {
|
||||
return ($rule_type != HeraldRuleTypeConfig::RULE_TYPE_PERSONAL);
|
||||
}
|
||||
|
||||
public function getHeraldActionStandardType() {
|
||||
return self::STANDARD_NONE;
|
||||
}
|
||||
|
||||
public function applyEffect($object, HeraldEffect $effect) {
|
||||
$rule_phid = $effect->getRule()->getPHID();
|
||||
|
||||
$adapter = $this->getAdapter();
|
||||
$adapter->addMustEncryptReason($rule_phid);
|
||||
|
||||
$this->logEffect(self::DO_MUST_ENCRYPT, array($rule_phid));
|
||||
}
|
||||
|
||||
protected function getActionEffectMap() {
|
||||
return array(
|
||||
self::DO_MUST_ENCRYPT => array(
|
||||
'icon' => 'fa-shield',
|
||||
'color' => 'blue',
|
||||
'name' => pht('Must Encrypt'),
|
||||
),
|
||||
);
|
||||
}
|
||||
|
||||
protected function renderActionEffectDescription($type, $data) {
|
||||
switch ($type) {
|
||||
case self::DO_MUST_ENCRYPT:
|
||||
return pht(
|
||||
'Made it a requirement that mail content be transmitted only '.
|
||||
'over secure channels.');
|
||||
}
|
||||
}
|
||||
|
||||
}
|
|
@ -13,6 +13,10 @@ abstract class PhabricatorMetaMTAEmailHeraldAction
|
|||
}
|
||||
|
||||
public function supportsObject($object) {
|
||||
return self::isMailGeneratingObject($object);
|
||||
}
|
||||
|
||||
public static function isMailGeneratingObject($object) {
|
||||
// NOTE: This implementation lacks generality, but there's no great way to
|
||||
// figure out if something generates email right now.
|
||||
|
||||
|
|
|
@ -259,6 +259,15 @@ final class PhabricatorMetaMTAMail
|
|||
return $this->getParam('mustEncrypt', false);
|
||||
}
|
||||
|
||||
public function setMustEncryptReasons(array $reasons) {
|
||||
$this->setParam('mustEncryptReasons', $reasons);
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function getMustEncryptReasons() {
|
||||
return $this->getParam('mustEncryptReasons', array());
|
||||
}
|
||||
|
||||
public function setHTMLBody($html) {
|
||||
$this->setParam('html-body', $html);
|
||||
return $this;
|
||||
|
|
|
@ -71,6 +71,7 @@ abstract class PhabricatorApplicationTransactionEditor
|
|||
private $mailShouldSend = false;
|
||||
private $modularTypes;
|
||||
private $silent;
|
||||
private $mustEncrypt;
|
||||
|
||||
private $transactionQueue = array();
|
||||
|
||||
|
@ -2549,6 +2550,13 @@ abstract class PhabricatorApplicationTransactionEditor
|
|||
$this->loadHandles($xactions);
|
||||
|
||||
$mail = $this->buildMailForTarget($object, $xactions, $target);
|
||||
|
||||
if ($this->mustEncrypt) {
|
||||
$mail
|
||||
->setMustEncrypt(true)
|
||||
->setMustEncryptReasons($this->mustEncrypt);
|
||||
}
|
||||
|
||||
} catch (Exception $ex) {
|
||||
$caught = $ex;
|
||||
}
|
||||
|
@ -3214,6 +3222,8 @@ abstract class PhabricatorApplicationTransactionEditor
|
|||
$adapter->getQueuedHarbormasterBuildRequests());
|
||||
}
|
||||
|
||||
$this->mustEncrypt = $adapter->getMustEncryptReasons();
|
||||
|
||||
return array_merge(
|
||||
$this->didApplyHeraldRules($object, $adapter, $xscript),
|
||||
$adapter->getQueuedTransactions());
|
||||
|
@ -3558,6 +3568,7 @@ abstract class PhabricatorApplicationTransactionEditor
|
|||
'feedRelatedPHIDs',
|
||||
'feedShouldPublish',
|
||||
'mailShouldSend',
|
||||
'mustEncrypt',
|
||||
);
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue