Allow "Default View" policies to be set to Public

Summary: Ref T603. Currently, we hard-code defense against setting policies to "Public" in several places, and special case only the CAN_VIEW policy. In fact, other policies (like Default View) should also be able to be set to public. Instead of hard-coding this, move it to the capability definitions. Test Plan: Set default view policy in Maniphest to "Public", created a task, verified default policy. Reviewers: btrahan, asherkin Reviewed By: asherkin CC: asherkin, aran Maniphest Tasks: T603 Differential Revision: https://secure.phabricator.com/D7276
2024-11-27 01:02:42 +01:00 · 2013-10-09 15:06:18 -07:00 · 2013-10-09 15:06:18 -07:00 · f4582dc49d
commit f4582dc49d
parent 11fbd213b1
7 changed files with 36 additions and 10 deletions
--- a/src/applications/differential/capability/DifferentialCapabilityDefaultView.php
+++ b/src/applications/differential/capability/DifferentialCapabilityDefaultView.php
@ -13,4 +13,8 @@ final class DifferentialCapabilityDefaultView
    return pht('Default View Policy');
  }

+  public function shouldAllowPublicPolicySetting() {
+    return true;
+  }
+
 }
--- a/src/applications/maniphest/capability/ManiphestCapabilityDefaultView.php
+++ b/src/applications/maniphest/capability/ManiphestCapabilityDefaultView.php
@ -13,4 +13,8 @@ final class ManiphestCapabilityDefaultView
    return pht('Default View Policy');
  }

+  public function shouldAllowPublicPolicySetting() {
+    return true;
+  }
+
 }
--- a/src/applications/meta/controller/PhabricatorApplicationEditController.php
+++ b/src/applications/meta/controller/PhabricatorApplicationEditController.php
@ -51,9 +51,9 @@ final class PhabricatorApplicationEditController
          continue;
        }

-        if ($new == PhabricatorPolicies::POLICY_PUBLIC &&
-            $capability != PhabricatorPolicyCapability::CAN_VIEW) {
-          // Can't set policies other than "view" to public.
+        $capobj = PhabricatorPolicyCapability::getCapabilityByKey($capability);
+        if (!$capobj || !$capobj->shouldAllowPublicPolicySetting()) {
+          // Can't set non-public policies to public.
          continue;
        }

--- a/src/applications/policy/capability/PhabricatorPolicyCapability.php
+++ b/src/applications/policy/capability/PhabricatorPolicyCapability.php
@ -40,6 +40,15 @@ abstract class PhabricatorPolicyCapability extends Phobject {
    return null;
  }

+  /**
+   * Can this capability be set to "public"? Broadly, this is only appropriate
+   * for view and view-related policies.
+   *
+   * @return bool True to allow the "public" policy. Returns false by default.
+   */
+  public function shouldAllowPublicPolicySetting() {
+    return false;
+  }

  final public static function getCapabilityByKey($key) {
    return idx(self::getCapabilityMap(), $key);
--- a/src/applications/policy/capability/PhabricatorPolicyCapabilityCanView.php
+++ b/src/applications/policy/capability/PhabricatorPolicyCapabilityCanView.php
@ -15,4 +15,8 @@ final class PhabricatorPolicyCapabilityCanView
    return pht('You do not have permission to view this object.');
  }

+  public function shouldAllowPublicPolicySetting() {
+    return true;
+  }
+
 }
--- a/src/applications/policy/filter/PhabricatorPolicyFilter.php
+++ b/src/applications/policy/filter/PhabricatorPolicyFilter.php
@ -173,9 +173,10 @@ final class PhabricatorPolicyFilter {
        $policy = PhabricatorPolicies::POLICY_USER;
      }

-      // If the object is set to "public" but the capability is anything other
-      // than "view", restrict the policy to "user".
-      if ($capability != PhabricatorPolicyCapability::CAN_VIEW) {
+      // If the object is set to "public" but the capability is not a public
+      // capability, restrict the policy to "user".
+      $capobj = PhabricatorPolicyCapability::getCapabilityByKey($capability);
+      if (!$capobj || !$capobj->shouldAllowPublicPolicySetting()) {
        $policy = PhabricatorPolicies::POLICY_USER;
      }
    }
--- a/src/view/form/control/AphrontFormPolicyControl.php
+++ b/src/view/form/control/AphrontFormPolicyControl.php
@ -36,12 +36,16 @@ final class AphrontFormPolicyControl extends AphrontFormControl {
  }

  protected function getOptions() {
+    $capability = $this->capability;
+
    $options = array();
    foreach ($this->policies as $policy) {
-      if (($policy->getPHID() == PhabricatorPolicies::POLICY_PUBLIC) &&
-          ($this->capability != PhabricatorPolicyCapability::CAN_VIEW)) {
-        // Never expose "Public" for anything except "Can View".
-        continue;
+      if ($policy->getPHID() == PhabricatorPolicies::POLICY_PUBLIC) {
+        // Never expose "Public" for capabilities which don't support it.
+        $capobj = PhabricatorPolicyCapability::getCapabilityByKey($capability);
+        if (!$capobj || !$capobj->shouldAllowPublicPolicySetting()) {
+          continue;
+        }
      }

      $type_name = PhabricatorPolicyType::getPolicyTypeName($policy->getType());