1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-29 18:22:41 +01:00

Make "Can Interact" and logged-out users interact more gracefully

Summary:
Fixes T12378. Two minor issues here:

  - CAN_INTERACT on tasks uses "USER", but should just use the view policy, which may be more permissive ("PUBLIC").
  - CAN_INTERACT is currently prevented from being "PUBLIC" by additional safeguards. Define an explicit capability object for the permission which returns `true` from `shouldAllowPublicPolicySetting()`.

Test Plan:
  - Viewed an unlocked task as a logged-out user, saw "login to comment" instead of "locked".
  - Viewed a locked task as a logged-out user, saw "locked".

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T12378

Differential Revision: https://secure.phabricator.com/D17485
This commit is contained in:
epriestley 2017-03-09 08:41:03 -08:00
parent 4c7d464f8b
commit d0c648dfa5
3 changed files with 23 additions and 1 deletions

View file

@ -3445,6 +3445,7 @@ phutil_register_library_map(array(
'PhabricatorPolicyAwareQuery' => 'infrastructure/query/policy/PhabricatorPolicyAwareQuery.php', 'PhabricatorPolicyAwareQuery' => 'infrastructure/query/policy/PhabricatorPolicyAwareQuery.php',
'PhabricatorPolicyAwareTestQuery' => 'applications/policy/__tests__/PhabricatorPolicyAwareTestQuery.php', 'PhabricatorPolicyAwareTestQuery' => 'applications/policy/__tests__/PhabricatorPolicyAwareTestQuery.php',
'PhabricatorPolicyCanEditCapability' => 'applications/policy/capability/PhabricatorPolicyCanEditCapability.php', 'PhabricatorPolicyCanEditCapability' => 'applications/policy/capability/PhabricatorPolicyCanEditCapability.php',
'PhabricatorPolicyCanInteractCapability' => 'applications/policy/capability/PhabricatorPolicyCanInteractCapability.php',
'PhabricatorPolicyCanJoinCapability' => 'applications/policy/capability/PhabricatorPolicyCanJoinCapability.php', 'PhabricatorPolicyCanJoinCapability' => 'applications/policy/capability/PhabricatorPolicyCanJoinCapability.php',
'PhabricatorPolicyCanViewCapability' => 'applications/policy/capability/PhabricatorPolicyCanViewCapability.php', 'PhabricatorPolicyCanViewCapability' => 'applications/policy/capability/PhabricatorPolicyCanViewCapability.php',
'PhabricatorPolicyCapability' => 'applications/policy/capability/PhabricatorPolicyCapability.php', 'PhabricatorPolicyCapability' => 'applications/policy/capability/PhabricatorPolicyCapability.php',
@ -8654,6 +8655,7 @@ phutil_register_library_map(array(
'PhabricatorPolicyAwareQuery' => 'PhabricatorOffsetPagedQuery', 'PhabricatorPolicyAwareQuery' => 'PhabricatorOffsetPagedQuery',
'PhabricatorPolicyAwareTestQuery' => 'PhabricatorPolicyAwareQuery', 'PhabricatorPolicyAwareTestQuery' => 'PhabricatorPolicyAwareQuery',
'PhabricatorPolicyCanEditCapability' => 'PhabricatorPolicyCapability', 'PhabricatorPolicyCanEditCapability' => 'PhabricatorPolicyCapability',
'PhabricatorPolicyCanInteractCapability' => 'PhabricatorPolicyCapability',
'PhabricatorPolicyCanJoinCapability' => 'PhabricatorPolicyCapability', 'PhabricatorPolicyCanJoinCapability' => 'PhabricatorPolicyCapability',
'PhabricatorPolicyCanViewCapability' => 'PhabricatorPolicyCapability', 'PhabricatorPolicyCanViewCapability' => 'PhabricatorPolicyCapability',
'PhabricatorPolicyCapability' => 'Phobject', 'PhabricatorPolicyCapability' => 'Phobject',

View file

@ -361,7 +361,7 @@ final class ManiphestTask extends ManiphestDAO
if ($this->isLocked()) { if ($this->isLocked()) {
return PhabricatorPolicies::POLICY_NOONE; return PhabricatorPolicies::POLICY_NOONE;
} else { } else {
return PhabricatorPolicies::POLICY_USER; return $this->getViewPolicy();
} }
case PhabricatorPolicyCapability::CAN_EDIT: case PhabricatorPolicyCapability::CAN_EDIT:
return $this->getEditPolicy(); return $this->getEditPolicy();

View file

@ -0,0 +1,20 @@
<?php
final class PhabricatorPolicyCanInteractCapability
extends PhabricatorPolicyCapability {
const CAPABILITY = self::CAN_INTERACT;
public function getCapabilityName() {
return pht('Can Interact');
}
public function describeCapabilityRejection() {
return pht('You do not have permission to interact with this object.');
}
public function shouldAllowPublicPolicySetting() {
return true;
}
}