1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-30 10:42:41 +01:00

Allow "Default View" policies to be set to Public

Summary: Ref T603. Currently, we hard-code defense against setting policies to "Public" in several places, and special case only the CAN_VIEW policy. In fact, other policies (like Default View) should also be able to be set to public. Instead of hard-coding this, move it to the capability definitions.

Test Plan: Set default view policy in Maniphest to "Public", created a task, verified default policy.

Reviewers: btrahan, asherkin

Reviewed By: asherkin

CC: asherkin, aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D7276
This commit is contained in:
epriestley 2013-10-09 15:06:18 -07:00
parent 11fbd213b1
commit f4582dc49d
7 changed files with 36 additions and 10 deletions

View file

@ -13,4 +13,8 @@ final class DifferentialCapabilityDefaultView
return pht('Default View Policy');
}
public function shouldAllowPublicPolicySetting() {
return true;
}
}

View file

@ -13,4 +13,8 @@ final class ManiphestCapabilityDefaultView
return pht('Default View Policy');
}
public function shouldAllowPublicPolicySetting() {
return true;
}
}

View file

@ -51,9 +51,9 @@ final class PhabricatorApplicationEditController
continue;
}
if ($new == PhabricatorPolicies::POLICY_PUBLIC &&
$capability != PhabricatorPolicyCapability::CAN_VIEW) {
// Can't set policies other than "view" to public.
$capobj = PhabricatorPolicyCapability::getCapabilityByKey($capability);
if (!$capobj || !$capobj->shouldAllowPublicPolicySetting()) {
// Can't set non-public policies to public.
continue;
}

View file

@ -40,6 +40,15 @@ abstract class PhabricatorPolicyCapability extends Phobject {
return null;
}
/**
* Can this capability be set to "public"? Broadly, this is only appropriate
* for view and view-related policies.
*
* @return bool True to allow the "public" policy. Returns false by default.
*/
public function shouldAllowPublicPolicySetting() {
return false;
}
final public static function getCapabilityByKey($key) {
return idx(self::getCapabilityMap(), $key);

View file

@ -15,4 +15,8 @@ final class PhabricatorPolicyCapabilityCanView
return pht('You do not have permission to view this object.');
}
public function shouldAllowPublicPolicySetting() {
return true;
}
}

View file

@ -173,9 +173,10 @@ final class PhabricatorPolicyFilter {
$policy = PhabricatorPolicies::POLICY_USER;
}
// If the object is set to "public" but the capability is anything other
// than "view", restrict the policy to "user".
if ($capability != PhabricatorPolicyCapability::CAN_VIEW) {
// If the object is set to "public" but the capability is not a public
// capability, restrict the policy to "user".
$capobj = PhabricatorPolicyCapability::getCapabilityByKey($capability);
if (!$capobj || !$capobj->shouldAllowPublicPolicySetting()) {
$policy = PhabricatorPolicies::POLICY_USER;
}
}

View file

@ -36,13 +36,17 @@ final class AphrontFormPolicyControl extends AphrontFormControl {
}
protected function getOptions() {
$capability = $this->capability;
$options = array();
foreach ($this->policies as $policy) {
if (($policy->getPHID() == PhabricatorPolicies::POLICY_PUBLIC) &&
($this->capability != PhabricatorPolicyCapability::CAN_VIEW)) {
// Never expose "Public" for anything except "Can View".
if ($policy->getPHID() == PhabricatorPolicies::POLICY_PUBLIC) {
// Never expose "Public" for capabilities which don't support it.
$capobj = PhabricatorPolicyCapability::getCapabilityByKey($capability);
if (!$capobj || !$capobj->shouldAllowPublicPolicySetting()) {
continue;
}
}
$type_name = PhabricatorPolicyType::getPolicyTypeName($policy->getType());
$options[$type_name][$policy->getPHID()] = $policy->getFullName();