revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2025-01-02 02:40:58 +01:00
Code Issues Releases Wiki Activity

Make Differential views capability-sensitive

Browse source 
Summary:
Ref T603. Make Differential behaviors for logged-out and underprivleged users more similar to other apps.

I'm going to drop this "anonymous access" thing at some point, but `reviews.fb.net` actually looks like it's running semi-modern code, so leave it alive until we have a more compelling replacement in the upstream.

Test Plan: As a logged out user, browsed Differential and clicked things and such.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D7148
This commit is contained in:
epriestley 2013-09-26 18:45:04 -07:00
parent 4163da9d62
commit e0f99484ac
6 changed files with 130 additions and 40 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
src/applications/differential/controller/DifferentialChangesetViewController.php
View file

@ -3,7 +3,15 @@
final class DifferentialChangesetViewController extends DifferentialController {
public function shouldRequireLogin() {
return !$this->allowsAnonymousAccess();
if ($this->allowsAnonymousAccess()) {
return false;
}
return parent::shouldRequireLogin();
}
public function shouldAllowPublic() {
return true;
}
public function processRequest() {
@ -28,6 +36,17 @@ final class DifferentialChangesetViewController extends DifferentialController {
return new Aphront404Response();
}
// TODO: (T603) Make Changeset policy-aware. For now, just fake it
// by making sure we can see the diff.
$diff = id(new DifferentialDiffQuery())
->setViewer($request->getUser())
->withIDs(array($changeset->getDiffID()))
->executeOne();
if (!$diff) {
return new Aphront404Response();
}
$view = $request->getStr('view');
if ($view) {
$changeset->attachHunks($changeset->loadHunks());

5
src/applications/differential/controller/DifferentialRevisionListController.php
View file

@ -6,7 +6,10 @@ final class DifferentialRevisionListController extends DifferentialController
private $queryKey;
public function shouldRequireLogin() {
return !$this->allowsAnonymousAccess();
if ($this->allowsAnonymousAccess()) {
return false;
}
return parent::shouldRequireLogin();
}
public function shouldAllowPublic() {

36
src/applications/differential/controller/DifferentialRevisionViewController.php
View file

@ -5,7 +5,14 @@ final class DifferentialRevisionViewController extends DifferentialController {
private $revisionID;
public function shouldRequireLogin() {
return !$this->allowsAnonymousAccess();
if ($this->allowsAnonymousAccess()) {
return false;
}
return parent::shouldRequireLogin();
}
public function shouldAllowPublic() {
return true;
}
public function willProcessRequest(array $data) {
@ -405,8 +412,15 @@ final class DifferentialRevisionViewController extends DifferentialController {
));
if ($comment_form) {
$page_pane->appendChild($comment_form->render());
} else {
// TODO: For now, just use this to get "Login to Comment".
$page_pane->appendChild(
id(new PhabricatorApplicationTransactionCommentView())
->setUser($user)
->setRequestURI($request->getRequestURI()));
}
$object_id = 'D'.$revision->getID();
$top_anchor = id(new PhabricatorAnchorView())
@ -493,22 +507,25 @@ final class DifferentialRevisionViewController extends DifferentialController {
$viewer_is_owner = ($revision->getAuthorPHID() == $viewer_phid);
$viewer_is_reviewer = in_array($viewer_phid, $revision->getReviewers());
$viewer_is_cc = in_array($viewer_phid, $revision->getCCPHIDs());
$viewer_is_anonymous = !$this->getRequest()->getUser()->isLoggedIn();
$logged_in = $this->getRequest()->getUser()->isLoggedIn();
$status = $revision->getStatus();
$revision_id = $revision->getID();
$revision_phid = $revision->getPHID();
$links = array();
if ($viewer_is_owner) {
$can_edit = PhabricatorPolicyFilter::hasCapability(
$user,
$revision,
PhabricatorPolicyCapability::CAN_EDIT);
$links[] = array(
'icon' => 'edit',
'href' => "/differential/revision/edit/{$revision_id}/",
'name' => pht('Edit Revision'),
'disabled' => !$can_edit,
'sigil' => $can_edit ? null : 'workflow',
);
}
if (!$viewer_is_anonymous) {
if (!$viewer_is_owner && !$viewer_is_reviewer) {
$action = $viewer_is_cc ? 'rem' : 'add';
@ -516,7 +533,9 @@ final class DifferentialRevisionViewController extends DifferentialController {
'icon' => $viewer_is_cc ? 'disable' : 'check',
'href' => "/differential/subscribe/{$action}/{$revision_id}/",
'name' => $viewer_is_cc ? pht('Unsubscribe') : pht('Subscribe'),
'instant' => true,
'instant' => $logged_in,
'disabled' => !$logged_in,
'sigil' => $can_edit ? null : 'workflow',
);
} else {
$links[] = array(
@ -534,6 +553,7 @@ final class DifferentialRevisionViewController extends DifferentialController {
'name' => pht('Edit Dependencies'),
'href' => "/search/attach/{$revision_phid}/DREV/dependencies/",
'sigil' => 'workflow',
'disabled' => !$can_edit,
);
$maniphest = 'PhabricatorApplicationManiphest';
@ -543,9 +563,9 @@ final class DifferentialRevisionViewController extends DifferentialController {
'name' => pht('Edit Maniphest Tasks'),
'href' => "/search/attach/{$revision_phid}/TASK/",
'sigil' => 'workflow',
'disabled' => !$can_edit,
);
}
}
$request_uri = $this->getRequest()->getRequestURI();
$links[] = array(

26
src/applications/differential/query/DifferentialDiffQuery.php
View file

@ -44,6 +44,32 @@ final class DifferentialDiffQuery
}
public function willFilterPage(array $diffs) {
$revision_ids = array_filter(mpull($diffs, 'getRevisionID'));
$revisions = array();
if ($revision_ids) {
$revisions = id(new DifferentialRevisionQuery())
->setViewer($this->getViewer())
->withIDs($revision_ids)
->execute();
}
foreach ($diffs as $key => $diff) {
if (!$diff->getRevisionID()) {
$diff->attachRevision(null);
continue;
}
$revision = idx($revisions, $diff->getRevisionID());
if ($revision) {
$diff->attachRevision($revision);
continue;
}
unset($diffs[$key]);
}
if ($this->needChangesets) {
$this->loadChangesets($diffs);
}

18
src/applications/differential/storage/DifferentialDiff.php
View file

@ -32,6 +32,7 @@ final class DifferentialDiff
private $unsavedChangesets = array();
private $changesets = self::ATTACHABLE;
private $arcanistProject = self::ATTACHABLE;
private $revision = self::ATTACHABLE;
public function addUnsavedChangeset(DifferentialChangeset $changeset) {
if ($this->changesets === null) {
@ -284,6 +285,15 @@ final class DifferentialDiff
return $changes;
}
public function getRevision() {
return $this->assertAttached($this->revision);
}
public function attachRevision(DifferentialRevision $revision = null) {
$this->revision = $revision;
return $this;
}
/* -( PhabricatorPolicyInterface )----------------------------------------- */
@ -295,10 +305,18 @@ final class DifferentialDiff
}
public function getPolicy($capability) {
if ($this->getRevision()) {
return $this->getRevision()->getPolicy($capability);
}
return PhabricatorPolicies::POLICY_USER;
}
public function hasAutomaticCapability($capability, PhabricatorUser $viewer) {
if ($this->getRevision()) {
return $this->getRevision()->hasAutomaticCapability($capability, $viewer);
}
return false;
}

4
src/applications/help/controller/PhabricatorHelpKeyboardShortcutController.php
View file

@ -3,6 +3,10 @@
final class PhabricatorHelpKeyboardShortcutController
extends PhabricatorHelpController {
public function shouldAllowPublic() {
return true;
}
public function processRequest() {
$request = $this->getRequest();
$user = $request->getUser();