revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-10 08:52:39 +01:00
Code Issues Releases Wiki Activity

Make policy violation dialog more flexible

Browse source 
Summary:
Ref T8424. When users are rejected because they can't see the space an object is in, this isn't really a capability rejection. Don't require a capability when rejecting objects.

This mostly simplifies upcoming changes.

Test Plan:
  - Viewed a capability exception dialog, it looked the same as always.
  - (After additional changes, viewed a space exception dialog.)

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T8424

Differential Revision: https://secure.phabricator.com/D13155
This commit is contained in:
epriestley 2015-06-04 17:45:51 -07:00
parent 763b63a0fb
commit e595478f1d
2 changed files with 46 additions and 35 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
src/aphront/configuration/AphrontDefaultApplicationConfiguration.php
View file

@ -164,14 +164,6 @@ class AphrontDefaultApplicationConfiguration
return $login_controller->handleRequest($request); return $login_controller->handleRequest($request);
} }
$list = $ex->getMoreInfo();
foreach ($list as $key => $item) {
$list[$key] = phutil_tag('li', array(), $item);
}
if ($list) {
$list = phutil_tag('ul', array(), $list);
}
$content = array( $content = array(
phutil_tag( phutil_tag(
'div', 'div',
@ -179,17 +171,28 @@ class AphrontDefaultApplicationConfiguration
'class' => 'aphront-policy-rejection', 'class' => 'aphront-policy-rejection',
), ),
$ex->getRejection()), $ex->getRejection()),
phutil_tag( );
if ($ex->getCapabilityName()) {
$list = $ex->getMoreInfo();
foreach ($list as $key => $item) {
$list[$key] = phutil_tag('li', array(), $item);
}
if ($list) {
$list = phutil_tag('ul', array(), $list);
}
$content[] = phutil_tag(
'div', 'div',
array( array(
'class' => 'aphront-capability-details', 'class' => 'aphront-capability-details',
), ),
pht('Users with the "%s" capability:', $ex->getCapabilityName())), pht('Users with the "%s" capability:', $ex->getCapabilityName()));
$list,
);
$dialog = new AphrontDialogView(); $content[] = $list;
$dialog }
$dialog = id(new AphrontDialogView())
->setTitle($ex->getTitle()) ->setTitle($ex->getTitle())
->setClass('aphront-access-dialog') ->setClass('aphront-access-dialog')
->setUser($user) ->setUser($user)

50
src/applications/policy/filter/PhabricatorPolicyFilter.php
View file

@ -547,35 +547,17 @@ final class PhabricatorPolicyFilter {
$details = array_filter(array_merge(array($more), (array)$exceptions)); $details = array_filter(array_merge(array($more), (array)$exceptions));
// NOTE: Not every type of policy object has a real PHID; just load an $access_denied = $this->renderAccessDenied($object);
// empty handle if a real PHID isn't available.
$phid = nonempty($object->getPHID(), PhabricatorPHIDConstants::PHID_VOID);
$handle = id(new PhabricatorHandleQuery())
->setViewer($this->viewer)
->withPHIDs(array($phid))
->executeOne();
$is_serious = PhabricatorEnv::getEnvConfig('phabricator.serious-business');
if ($is_serious) {
$title = pht(
'Access Denied: %s',
$handle->getObjectName());
} else {
$title = pht(
'You Shall Not Pass: %s',
$handle->getObjectName());
}
$full_message = pht( $full_message = pht(
'[%s] (%s) %s // %s', '[%s] (%s) %s // %s',
$title, $access_denied,
$capability_name, $capability_name,
$rejection, $rejection,
implode(' ', $details)); implode(' ', $details));
$exception = id(new PhabricatorPolicyException($full_message)) $exception = id(new PhabricatorPolicyException($full_message))
->setTitle($title) ->setTitle($access_denied)
->setRejection($rejection) ->setRejection($rejection)
->setCapabilityName($capability_name) ->setCapabilityName($capability_name)
->setMoreInfo($details); ->setMoreInfo($details);
@ -668,4 +650,30 @@ final class PhabricatorPolicyFilter {
} }
} }
private function renderAccessDenied(PhabricatorPolicyInterface $object) {
// NOTE: Not every type of policy object has a real PHID; just load an
// empty handle if a real PHID isn't available.
$phid = nonempty($object->getPHID(), PhabricatorPHIDConstants::PHID_VOID);
$handle = id(new PhabricatorHandleQuery())
->setViewer($this->viewer)
->withPHIDs(array($phid))
->executeOne();
$object_name = $handle->getObjectName();
$is_serious = PhabricatorEnv::getEnvConfig('phabricator.serious-business');
if ($is_serious) {
$access_denied = pht(
'Access Denied: %s',
$object_name);
} else {
$access_denied = pht(
'You Shall Not Pass: %s',
$object_name);
}
return $access_denied;
}
} }