mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-20 20:40:56 +01:00
Policy - lock down DiffusionSymbolQuery repo-loading code
Summary: Ref T7094. Test Plan: couldn't really test this - how does one get symbols going nowadays given they are acanist project based? Reviewers: epriestley Reviewed By: epriestley Subscribers: Korvin, epriestley Maniphest Tasks: T7094 Differential Revision: https://secure.phabricator.com/D11584
This commit is contained in:
parent
352c36f0ab
commit
e1dcbc4386
4 changed files with 25 additions and 7 deletions
|
@ -37,7 +37,8 @@ final class DiffusionFindSymbolsConduitAPIMethod
|
||||||
$language = $request->getValue('language');
|
$language = $request->getValue('language');
|
||||||
$type = $request->getValue('type');
|
$type = $request->getValue('type');
|
||||||
|
|
||||||
$query = new DiffusionSymbolQuery();
|
$query = id(new DiffusionSymbolQuery())
|
||||||
|
->setViewer($request->getUser());
|
||||||
if ($name !== null) {
|
if ($name !== null) {
|
||||||
$query->setName($name);
|
$query->setName($name);
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,8 +8,9 @@ final class DiffusionSymbolController extends DiffusionController {
|
||||||
$user = $request->getUser();
|
$user = $request->getUser();
|
||||||
$this->name = $request->getURIData('name');
|
$this->name = $request->getURIData('name');
|
||||||
|
|
||||||
$query = new DiffusionSymbolQuery();
|
$query = id(new DiffusionSymbolQuery())
|
||||||
$query->setName($this->name);
|
->setViewer($user)
|
||||||
|
->setName($this->name);
|
||||||
|
|
||||||
if ($request->getStr('context') !== null) {
|
if ($request->getStr('context') !== null) {
|
||||||
$query->setContext($request->getStr('context'));
|
$query->setContext($request->getStr('context'));
|
||||||
|
|
|
@ -11,6 +11,7 @@
|
||||||
*/
|
*/
|
||||||
final class DiffusionSymbolQuery extends PhabricatorOffsetPagedQuery {
|
final class DiffusionSymbolQuery extends PhabricatorOffsetPagedQuery {
|
||||||
|
|
||||||
|
private $viewer;
|
||||||
private $context;
|
private $context;
|
||||||
private $namePrefix;
|
private $namePrefix;
|
||||||
private $name;
|
private $name;
|
||||||
|
@ -26,6 +27,20 @@ final class DiffusionSymbolQuery extends PhabricatorOffsetPagedQuery {
|
||||||
|
|
||||||
/* -( Configuring the Query )---------------------------------------------- */
|
/* -( Configuring the Query )---------------------------------------------- */
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @task config
|
||||||
|
*/
|
||||||
|
public function setViewer(PhabricatorUser $viewer) {
|
||||||
|
$this->viewer = $viewer;
|
||||||
|
return $this;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @task config
|
||||||
|
*/
|
||||||
|
public function getViewer() {
|
||||||
|
return $this->viewer;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @task config
|
* @task config
|
||||||
|
@ -263,10 +278,10 @@ final class DiffusionSymbolQuery extends PhabricatorOffsetPagedQuery {
|
||||||
$repo_ids = array_filter($repo_ids);
|
$repo_ids = array_filter($repo_ids);
|
||||||
|
|
||||||
if ($repo_ids) {
|
if ($repo_ids) {
|
||||||
// TODO: (T603) Provide a viewer here.
|
$repos = id(new PhabricatorRepositoryQuery())
|
||||||
$repos = id(new PhabricatorRepository())->loadAllWhere(
|
->setViewer($this->getViewer())
|
||||||
'id IN (%Ld)',
|
->withIDs($repo_ids)
|
||||||
$repo_ids);
|
->execute();
|
||||||
} else {
|
} else {
|
||||||
$repos = array();
|
$repos = array();
|
||||||
}
|
}
|
||||||
|
|
|
@ -19,6 +19,7 @@ final class DiffusionSymbolDatasource
|
||||||
|
|
||||||
if (strlen($raw_query)) {
|
if (strlen($raw_query)) {
|
||||||
$symbols = id(new DiffusionSymbolQuery())
|
$symbols = id(new DiffusionSymbolQuery())
|
||||||
|
->setViewer($viewer)
|
||||||
->setNamePrefix($raw_query)
|
->setNamePrefix($raw_query)
|
||||||
->setLimit(15)
|
->setLimit(15)
|
||||||
->needArcanistProjects(true)
|
->needArcanistProjects(true)
|
||||||
|
|
Loading…
Reference in a new issue