mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-30 10:42:41 +01:00
Allow "Default View" policies to be set to Public
Summary: Ref T603. Currently, we hard-code defense against setting policies to "Public" in several places, and special case only the CAN_VIEW policy. In fact, other policies (like Default View) should also be able to be set to public. Instead of hard-coding this, move it to the capability definitions. Test Plan: Set default view policy in Maniphest to "Public", created a task, verified default policy. Reviewers: btrahan, asherkin Reviewed By: asherkin CC: asherkin, aran Maniphest Tasks: T603 Differential Revision: https://secure.phabricator.com/D7276
This commit is contained in:
parent
11fbd213b1
commit
f4582dc49d
7 changed files with 36 additions and 10 deletions
|
@ -13,4 +13,8 @@ final class DifferentialCapabilityDefaultView
|
|||
return pht('Default View Policy');
|
||||
}
|
||||
|
||||
public function shouldAllowPublicPolicySetting() {
|
||||
return true;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -13,4 +13,8 @@ final class ManiphestCapabilityDefaultView
|
|||
return pht('Default View Policy');
|
||||
}
|
||||
|
||||
public function shouldAllowPublicPolicySetting() {
|
||||
return true;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -51,9 +51,9 @@ final class PhabricatorApplicationEditController
|
|||
continue;
|
||||
}
|
||||
|
||||
if ($new == PhabricatorPolicies::POLICY_PUBLIC &&
|
||||
$capability != PhabricatorPolicyCapability::CAN_VIEW) {
|
||||
// Can't set policies other than "view" to public.
|
||||
$capobj = PhabricatorPolicyCapability::getCapabilityByKey($capability);
|
||||
if (!$capobj || !$capobj->shouldAllowPublicPolicySetting()) {
|
||||
// Can't set non-public policies to public.
|
||||
continue;
|
||||
}
|
||||
|
||||
|
|
|
@ -40,6 +40,15 @@ abstract class PhabricatorPolicyCapability extends Phobject {
|
|||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
* Can this capability be set to "public"? Broadly, this is only appropriate
|
||||
* for view and view-related policies.
|
||||
*
|
||||
* @return bool True to allow the "public" policy. Returns false by default.
|
||||
*/
|
||||
public function shouldAllowPublicPolicySetting() {
|
||||
return false;
|
||||
}
|
||||
|
||||
final public static function getCapabilityByKey($key) {
|
||||
return idx(self::getCapabilityMap(), $key);
|
||||
|
|
|
@ -15,4 +15,8 @@ final class PhabricatorPolicyCapabilityCanView
|
|||
return pht('You do not have permission to view this object.');
|
||||
}
|
||||
|
||||
public function shouldAllowPublicPolicySetting() {
|
||||
return true;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -173,9 +173,10 @@ final class PhabricatorPolicyFilter {
|
|||
$policy = PhabricatorPolicies::POLICY_USER;
|
||||
}
|
||||
|
||||
// If the object is set to "public" but the capability is anything other
|
||||
// than "view", restrict the policy to "user".
|
||||
if ($capability != PhabricatorPolicyCapability::CAN_VIEW) {
|
||||
// If the object is set to "public" but the capability is not a public
|
||||
// capability, restrict the policy to "user".
|
||||
$capobj = PhabricatorPolicyCapability::getCapabilityByKey($capability);
|
||||
if (!$capobj || !$capobj->shouldAllowPublicPolicySetting()) {
|
||||
$policy = PhabricatorPolicies::POLICY_USER;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -36,13 +36,17 @@ final class AphrontFormPolicyControl extends AphrontFormControl {
|
|||
}
|
||||
|
||||
protected function getOptions() {
|
||||
$capability = $this->capability;
|
||||
|
||||
$options = array();
|
||||
foreach ($this->policies as $policy) {
|
||||
if (($policy->getPHID() == PhabricatorPolicies::POLICY_PUBLIC) &&
|
||||
($this->capability != PhabricatorPolicyCapability::CAN_VIEW)) {
|
||||
// Never expose "Public" for anything except "Can View".
|
||||
if ($policy->getPHID() == PhabricatorPolicies::POLICY_PUBLIC) {
|
||||
// Never expose "Public" for capabilities which don't support it.
|
||||
$capobj = PhabricatorPolicyCapability::getCapabilityByKey($capability);
|
||||
if (!$capobj || !$capobj->shouldAllowPublicPolicySetting()) {
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
$type_name = PhabricatorPolicyType::getPolicyTypeName($policy->getType());
|
||||
$options[$type_name][$policy->getPHID()] = $policy->getFullName();
|
||||
|
|
Loading…
Reference in a new issue