mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-18 21:02:41 +01:00
Lockdown tool directory editing to administrators
Summary: Someone has "defaced" secure.phabricator.com with a helpful suggestion that I actually do this; fair enough. :P Test Plan: Logged in as myself, unable to edit directory information. Logged out, logged in as admin, was able to edit directory information. I need to fix some more CSS stuff since some of these tabs render out hideous in the admin background, but I can followup with that. Reviewed By: tuomaspelkonen Reviewers: aran, jungejason, tuomaspelkonen Commenters: aran CC: aran, tuomaspelkonen, epriestley Differential Revision: 296
This commit is contained in:
epriestley
parent
84731e8f00
commit
f72c1acc63
7 changed files with 134 additions and 68 deletions
|
|
@ -18,18 +18,27 @@
|
|||
|
||||
abstract class PhabricatorDirectoryController extends PhabricatorController {
|
||||
|
||||
public function shouldRequireAdmin() {
|
||||
// Most controllers here are admin-only, so default to locking them down.
|
||||
return true;
|
||||
}
|
||||
|
||||
public function buildStandardPageResponse($view, array $data) {
|
||||
$page = $this->buildStandardPageView();
|
||||
|
||||
$page->setApplicationName('Directory');
|
||||
$page->setBaseURI('/');
|
||||
$page->setTitle(idx($data, 'title'));
|
||||
$page->setTabs(
|
||||
array(
|
||||
'directory' => array(
|
||||
'href' => '/',
|
||||
'name' => 'Directory',
|
||||
),
|
||||
|
||||
$tabs = array(
|
||||
'directory' => array(
|
||||
'href' => '/',
|
||||
'name' => 'Directory',
|
||||
),
|
||||
);
|
||||
|
||||
if ($this->getRequest()->getUser()->getIsAdmin()) {
|
||||
$tabs += array(
|
||||
'categories' => array(
|
||||
'href' => '/directory/category/',
|
||||
'name' => 'Categories',
|
||||
|
|
@ -38,7 +47,11 @@ abstract class PhabricatorDirectoryController extends PhabricatorController {
|
|||
'href' => '/directory/item/',
|
||||
'name' => 'Items',
|
||||
),
|
||||
),
|
||||
);
|
||||
}
|
||||
|
||||
$page->setTabs(
|
||||
$tabs,
|
||||
idx($data, 'tab'));
|
||||
$page->setGlyph("\xE2\x9A\x92");
|
||||
$page->appendChild($view);
|
||||
|
|
|
|||
|
|
@ -19,6 +19,12 @@
|
|||
class PhabricatorDirectoryMainController
|
||||
extends PhabricatorDirectoryController {
|
||||
|
||||
public function shouldRequireAdmin() {
|
||||
// These controllers are admin-only by default, but this one is public,
|
||||
// so allow non-admin users to view it.
|
||||
return false;
|
||||
}
|
||||
|
||||
public function processRequest() {
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -42,75 +42,65 @@ class PhabricatorPeopleListController extends PhabricatorPeopleController {
|
|||
|
||||
$rows = array();
|
||||
foreach ($users as $user) {
|
||||
$cols = array();
|
||||
$cols[] = date('M jS, Y', $user->getDateCreated());
|
||||
$cols[] = date('g:i:s A', $user->getDateCreated());
|
||||
$cols[] = phutil_render_tag(
|
||||
'a',
|
||||
array(
|
||||
'href' => '/p/'.$user->getUsername().'/',
|
||||
),
|
||||
phutil_escape_html($user->getUserName()));
|
||||
$cols[] = phutil_escape_html($user->getRealName());
|
||||
|
||||
if ($is_admin) {
|
||||
$status = '';
|
||||
if ($user->getIsDisabled()) {
|
||||
$status = 'Disabled';
|
||||
} else if ($user->getIsAdmin()) {
|
||||
$status = 'Admin';
|
||||
} else {
|
||||
$status = '-';
|
||||
}
|
||||
$cols[] = $status;
|
||||
$cols[] = phutil_render_tag(
|
||||
$status = '';
|
||||
if ($user->getIsDisabled()) {
|
||||
$status = 'Disabled';
|
||||
} else if ($user->getIsAdmin()) {
|
||||
$status = 'Admin';
|
||||
} else {
|
||||
$status = '-';
|
||||
}
|
||||
|
||||
$rows[] = array(
|
||||
date('M jS, Y', $user->getDateCreated()),
|
||||
date('g:i:s A', $user->getDateCreated()),
|
||||
phutil_render_tag(
|
||||
'a',
|
||||
array(
|
||||
'href' => '/p/'.$user->getUsername().'/',
|
||||
),
|
||||
phutil_escape_html($user->getUserName())),
|
||||
phutil_escape_html($user->getRealName()),
|
||||
$status,
|
||||
phutil_render_tag(
|
||||
'a',
|
||||
array(
|
||||
'class' => 'button grey small',
|
||||
'href' => '/people/edit/'.$user->getID().'/',
|
||||
),
|
||||
'Administrate User');
|
||||
}
|
||||
|
||||
$rows[] = $cols;
|
||||
'Administrate User'),
|
||||
);
|
||||
}
|
||||
|
||||
$table = new AphrontTableView($rows);
|
||||
if ($is_admin) {
|
||||
$table->setHeaders(
|
||||
array(
|
||||
'Join Date',
|
||||
'Time',
|
||||
'Username',
|
||||
'Real Name',
|
||||
'Status',
|
||||
'',
|
||||
));
|
||||
$table->setColumnClasses(
|
||||
array(
|
||||
null,
|
||||
'right',
|
||||
'pri',
|
||||
'wide',
|
||||
null,
|
||||
'action',
|
||||
));
|
||||
} else {
|
||||
$table->setHeaders(
|
||||
array(
|
||||
'Join Date',
|
||||
'Time',
|
||||
'Username',
|
||||
'Real Name',
|
||||
));
|
||||
$table->setColumnClasses(
|
||||
array(
|
||||
null,
|
||||
'right',
|
||||
'pri',
|
||||
'wide',
|
||||
));
|
||||
}
|
||||
$table->setHeaders(
|
||||
array(
|
||||
'Join Date',
|
||||
'Time',
|
||||
'Username',
|
||||
'Real Name',
|
||||
'Status',
|
||||
'',
|
||||
));
|
||||
$table->setColumnClasses(
|
||||
array(
|
||||
null,
|
||||
'right',
|
||||
'pri',
|
||||
'wide',
|
||||
null,
|
||||
'action',
|
||||
));
|
||||
$table->setColumnVisibility(
|
||||
array(
|
||||
true,
|
||||
true,
|
||||
true,
|
||||
true,
|
||||
$is_admin,
|
||||
$is_admin,
|
||||
));
|
||||
|
||||
$panel = new AphrontPanelView();
|
||||
$panel->setHeader('People ('.number_format($count).')');
|
||||
|
|
|
|||
|
|
@ -18,6 +18,11 @@
|
|||
|
||||
abstract class PhabricatorRepositoryController extends PhabricatorController {
|
||||
|
||||
public function shouldRequireAdmin() {
|
||||
// Most of these controllers are admin-only.
|
||||
return true;
|
||||
}
|
||||
|
||||
public function buildStandardPageResponse($view, array $data) {
|
||||
$page = $this->buildStandardPageView();
|
||||
|
||||
|
|
|
|||
|
|
@ -20,6 +20,10 @@
|
|||
class PhabricatorRepositoryGitHubPostReceiveController
|
||||
extends PhabricatorRepositoryController {
|
||||
|
||||
public function shouldRequireAdmin() {
|
||||
return false;
|
||||
}
|
||||
|
||||
public function shouldRequireLogin() {
|
||||
return false;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -19,9 +19,16 @@
|
|||
class PhabricatorRepositoryListController
|
||||
extends PhabricatorRepositoryController {
|
||||
|
||||
public function shouldRequireAdmin() {
|
||||
return false;
|
||||
}
|
||||
|
||||
public function processRequest() {
|
||||
|
||||
$request = $this->getRequest();
|
||||
$user = $request->getUser();
|
||||
$is_admin = $user->getIsAdmin();
|
||||
|
||||
$repos = id(new PhabricatorRepository())->loadAll();
|
||||
|
||||
$rows = array();
|
||||
|
|
@ -82,9 +89,21 @@ class PhabricatorRepositoryListController
|
|||
'action',
|
||||
));
|
||||
|
||||
$table->setColumnVisibility(
|
||||
array(
|
||||
true,
|
||||
true,
|
||||
true,
|
||||
true,
|
||||
$is_admin,
|
||||
$is_admin,
|
||||
));
|
||||
|
||||
$panel = new AphrontPanelView();
|
||||
$panel->setHeader('Repositories');
|
||||
$panel->setCreateButton('Create New Repository', '/repository/create/');
|
||||
if ($is_admin) {
|
||||
$panel->setCreateButton('Create New Repository', '/repository/create/');
|
||||
}
|
||||
$panel->appendChild($table);
|
||||
|
||||
$projects = id(new PhabricatorRepositoryArcanistProject())->loadAll();
|
||||
|
|
@ -125,6 +144,13 @@ class PhabricatorRepositoryListController
|
|||
'action',
|
||||
));
|
||||
|
||||
$project_table->setColumnVisibility(
|
||||
array(
|
||||
true,
|
||||
true,
|
||||
$is_admin,
|
||||
));
|
||||
|
||||
$project_panel = new AphrontPanelView();
|
||||
$project_panel->setHeader('Arcanist Projects');
|
||||
$project_panel->appendChild($project_table);
|
||||
|
|
|
|||
|
|
@ -25,6 +25,7 @@ class AphrontTableView extends AphrontView {
|
|||
protected $zebraStripes = true;
|
||||
protected $noDataString;
|
||||
protected $className;
|
||||
protected $columnVisibility = array();
|
||||
|
||||
public function __construct(array $data) {
|
||||
$this->data = $data;
|
||||
|
|
@ -60,6 +61,11 @@ class AphrontTableView extends AphrontView {
|
|||
return $this;
|
||||
}
|
||||
|
||||
public function setColumnVisibility(array $visibility) {
|
||||
$this->columnVisibility = $visibility;
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function render() {
|
||||
require_celerity_resource('aphront-table-view-css');
|
||||
|
||||
|
|
@ -80,10 +86,17 @@ class AphrontTableView extends AphrontView {
|
|||
}
|
||||
}
|
||||
|
||||
$visibility = array_values($this->columnVisibility);
|
||||
$headers = $this->headers;
|
||||
if ($headers) {
|
||||
while (count($headers) > count($visibility)) {
|
||||
$visibility[] = true;
|
||||
}
|
||||
$table[] = '<tr>';
|
||||
foreach ($headers as $col_num => $header) {
|
||||
if (!$visibility[$col_num]) {
|
||||
continue;
|
||||
}
|
||||
$class = idx($col_classes, $col_num);
|
||||
$table[] = '<th'.$class.'>'.$header.'</th>';
|
||||
}
|
||||
|
|
@ -97,6 +110,9 @@ class AphrontTableView extends AphrontView {
|
|||
while (count($row) > count($col_classes)) {
|
||||
$col_classes[] = null;
|
||||
}
|
||||
while (count($row) > count($visibility)) {
|
||||
$visibility[] = true;
|
||||
}
|
||||
$class = idx($this->rowClasses, $row_num);
|
||||
if ($this->zebraStripes && ($row_num % 2)) {
|
||||
if ($class !== null) {
|
||||
|
|
@ -109,8 +125,14 @@ class AphrontTableView extends AphrontView {
|
|||
$class = ' class="'.$class.'"';
|
||||
}
|
||||
$table[] = '<tr'.$class.'>';
|
||||
// NOTE: Use of a separate column counter is to allow this to work
|
||||
// correctly if the row data has string or non-sequential keys.
|
||||
$col_num = 0;
|
||||
foreach ($row as $value) {
|
||||
if (!$visibility[$col_num]) {
|
||||
++$col_num;
|
||||
continue;
|
||||
}
|
||||
$class = $col_classes[$col_num];
|
||||
if ($class !== null) {
|
||||
$table[] = '<td'.$class.'>';
|
||||
|
|
|
|||
Loading…
Reference in a new issue