mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-19 05:12:41 +01:00
Lockdown tool directory editing to administrators
Summary: Someone has "defaced" secure.phabricator.com with a helpful suggestion that I actually do this; fair enough. :P Test Plan: Logged in as myself, unable to edit directory information. Logged out, logged in as admin, was able to edit directory information. I need to fix some more CSS stuff since some of these tabs render out hideous in the admin background, but I can followup with that. Reviewed By: tuomaspelkonen Reviewers: aran, jungejason, tuomaspelkonen Commenters: aran CC: aran, tuomaspelkonen, epriestley Differential Revision: 296
This commit is contained in:
parent
84731e8f00
commit
f72c1acc63
7 changed files with 134 additions and 68 deletions
|
@ -18,18 +18,27 @@
|
||||||
|
|
||||||
abstract class PhabricatorDirectoryController extends PhabricatorController {
|
abstract class PhabricatorDirectoryController extends PhabricatorController {
|
||||||
|
|
||||||
|
public function shouldRequireAdmin() {
|
||||||
|
// Most controllers here are admin-only, so default to locking them down.
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
public function buildStandardPageResponse($view, array $data) {
|
public function buildStandardPageResponse($view, array $data) {
|
||||||
$page = $this->buildStandardPageView();
|
$page = $this->buildStandardPageView();
|
||||||
|
|
||||||
$page->setApplicationName('Directory');
|
$page->setApplicationName('Directory');
|
||||||
$page->setBaseURI('/');
|
$page->setBaseURI('/');
|
||||||
$page->setTitle(idx($data, 'title'));
|
$page->setTitle(idx($data, 'title'));
|
||||||
$page->setTabs(
|
|
||||||
array(
|
$tabs = array(
|
||||||
'directory' => array(
|
'directory' => array(
|
||||||
'href' => '/',
|
'href' => '/',
|
||||||
'name' => 'Directory',
|
'name' => 'Directory',
|
||||||
),
|
),
|
||||||
|
);
|
||||||
|
|
||||||
|
if ($this->getRequest()->getUser()->getIsAdmin()) {
|
||||||
|
$tabs += array(
|
||||||
'categories' => array(
|
'categories' => array(
|
||||||
'href' => '/directory/category/',
|
'href' => '/directory/category/',
|
||||||
'name' => 'Categories',
|
'name' => 'Categories',
|
||||||
|
@ -38,7 +47,11 @@ abstract class PhabricatorDirectoryController extends PhabricatorController {
|
||||||
'href' => '/directory/item/',
|
'href' => '/directory/item/',
|
||||||
'name' => 'Items',
|
'name' => 'Items',
|
||||||
),
|
),
|
||||||
),
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
$page->setTabs(
|
||||||
|
$tabs,
|
||||||
idx($data, 'tab'));
|
idx($data, 'tab'));
|
||||||
$page->setGlyph("\xE2\x9A\x92");
|
$page->setGlyph("\xE2\x9A\x92");
|
||||||
$page->appendChild($view);
|
$page->appendChild($view);
|
||||||
|
|
|
@ -19,6 +19,12 @@
|
||||||
class PhabricatorDirectoryMainController
|
class PhabricatorDirectoryMainController
|
||||||
extends PhabricatorDirectoryController {
|
extends PhabricatorDirectoryController {
|
||||||
|
|
||||||
|
public function shouldRequireAdmin() {
|
||||||
|
// These controllers are admin-only by default, but this one is public,
|
||||||
|
// so allow non-admin users to view it.
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
public function processRequest() {
|
public function processRequest() {
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -42,75 +42,65 @@ class PhabricatorPeopleListController extends PhabricatorPeopleController {
|
||||||
|
|
||||||
$rows = array();
|
$rows = array();
|
||||||
foreach ($users as $user) {
|
foreach ($users as $user) {
|
||||||
$cols = array();
|
|
||||||
$cols[] = date('M jS, Y', $user->getDateCreated());
|
|
||||||
$cols[] = date('g:i:s A', $user->getDateCreated());
|
|
||||||
$cols[] = phutil_render_tag(
|
|
||||||
'a',
|
|
||||||
array(
|
|
||||||
'href' => '/p/'.$user->getUsername().'/',
|
|
||||||
),
|
|
||||||
phutil_escape_html($user->getUserName()));
|
|
||||||
$cols[] = phutil_escape_html($user->getRealName());
|
|
||||||
|
|
||||||
if ($is_admin) {
|
$status = '';
|
||||||
$status = '';
|
if ($user->getIsDisabled()) {
|
||||||
if ($user->getIsDisabled()) {
|
$status = 'Disabled';
|
||||||
$status = 'Disabled';
|
} else if ($user->getIsAdmin()) {
|
||||||
} else if ($user->getIsAdmin()) {
|
$status = 'Admin';
|
||||||
$status = 'Admin';
|
} else {
|
||||||
} else {
|
$status = '-';
|
||||||
$status = '-';
|
}
|
||||||
}
|
|
||||||
$cols[] = $status;
|
$rows[] = array(
|
||||||
$cols[] = phutil_render_tag(
|
date('M jS, Y', $user->getDateCreated()),
|
||||||
|
date('g:i:s A', $user->getDateCreated()),
|
||||||
|
phutil_render_tag(
|
||||||
|
'a',
|
||||||
|
array(
|
||||||
|
'href' => '/p/'.$user->getUsername().'/',
|
||||||
|
),
|
||||||
|
phutil_escape_html($user->getUserName())),
|
||||||
|
phutil_escape_html($user->getRealName()),
|
||||||
|
$status,
|
||||||
|
phutil_render_tag(
|
||||||
'a',
|
'a',
|
||||||
array(
|
array(
|
||||||
'class' => 'button grey small',
|
'class' => 'button grey small',
|
||||||
'href' => '/people/edit/'.$user->getID().'/',
|
'href' => '/people/edit/'.$user->getID().'/',
|
||||||
),
|
),
|
||||||
'Administrate User');
|
'Administrate User'),
|
||||||
}
|
);
|
||||||
|
|
||||||
$rows[] = $cols;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$table = new AphrontTableView($rows);
|
$table = new AphrontTableView($rows);
|
||||||
if ($is_admin) {
|
$table->setHeaders(
|
||||||
$table->setHeaders(
|
array(
|
||||||
array(
|
'Join Date',
|
||||||
'Join Date',
|
'Time',
|
||||||
'Time',
|
'Username',
|
||||||
'Username',
|
'Real Name',
|
||||||
'Real Name',
|
'Status',
|
||||||
'Status',
|
'',
|
||||||
'',
|
));
|
||||||
));
|
$table->setColumnClasses(
|
||||||
$table->setColumnClasses(
|
array(
|
||||||
array(
|
null,
|
||||||
null,
|
'right',
|
||||||
'right',
|
'pri',
|
||||||
'pri',
|
'wide',
|
||||||
'wide',
|
null,
|
||||||
null,
|
'action',
|
||||||
'action',
|
));
|
||||||
));
|
$table->setColumnVisibility(
|
||||||
} else {
|
array(
|
||||||
$table->setHeaders(
|
true,
|
||||||
array(
|
true,
|
||||||
'Join Date',
|
true,
|
||||||
'Time',
|
true,
|
||||||
'Username',
|
$is_admin,
|
||||||
'Real Name',
|
$is_admin,
|
||||||
));
|
));
|
||||||
$table->setColumnClasses(
|
|
||||||
array(
|
|
||||||
null,
|
|
||||||
'right',
|
|
||||||
'pri',
|
|
||||||
'wide',
|
|
||||||
));
|
|
||||||
}
|
|
||||||
|
|
||||||
$panel = new AphrontPanelView();
|
$panel = new AphrontPanelView();
|
||||||
$panel->setHeader('People ('.number_format($count).')');
|
$panel->setHeader('People ('.number_format($count).')');
|
||||||
|
|
|
@ -18,6 +18,11 @@
|
||||||
|
|
||||||
abstract class PhabricatorRepositoryController extends PhabricatorController {
|
abstract class PhabricatorRepositoryController extends PhabricatorController {
|
||||||
|
|
||||||
|
public function shouldRequireAdmin() {
|
||||||
|
// Most of these controllers are admin-only.
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
public function buildStandardPageResponse($view, array $data) {
|
public function buildStandardPageResponse($view, array $data) {
|
||||||
$page = $this->buildStandardPageView();
|
$page = $this->buildStandardPageView();
|
||||||
|
|
||||||
|
|
|
@ -20,6 +20,10 @@
|
||||||
class PhabricatorRepositoryGitHubPostReceiveController
|
class PhabricatorRepositoryGitHubPostReceiveController
|
||||||
extends PhabricatorRepositoryController {
|
extends PhabricatorRepositoryController {
|
||||||
|
|
||||||
|
public function shouldRequireAdmin() {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
public function shouldRequireLogin() {
|
public function shouldRequireLogin() {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
|
@ -19,9 +19,16 @@
|
||||||
class PhabricatorRepositoryListController
|
class PhabricatorRepositoryListController
|
||||||
extends PhabricatorRepositoryController {
|
extends PhabricatorRepositoryController {
|
||||||
|
|
||||||
|
public function shouldRequireAdmin() {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
public function processRequest() {
|
public function processRequest() {
|
||||||
|
|
||||||
|
$request = $this->getRequest();
|
||||||
|
$user = $request->getUser();
|
||||||
|
$is_admin = $user->getIsAdmin();
|
||||||
|
|
||||||
$repos = id(new PhabricatorRepository())->loadAll();
|
$repos = id(new PhabricatorRepository())->loadAll();
|
||||||
|
|
||||||
$rows = array();
|
$rows = array();
|
||||||
|
@ -82,9 +89,21 @@ class PhabricatorRepositoryListController
|
||||||
'action',
|
'action',
|
||||||
));
|
));
|
||||||
|
|
||||||
|
$table->setColumnVisibility(
|
||||||
|
array(
|
||||||
|
true,
|
||||||
|
true,
|
||||||
|
true,
|
||||||
|
true,
|
||||||
|
$is_admin,
|
||||||
|
$is_admin,
|
||||||
|
));
|
||||||
|
|
||||||
$panel = new AphrontPanelView();
|
$panel = new AphrontPanelView();
|
||||||
$panel->setHeader('Repositories');
|
$panel->setHeader('Repositories');
|
||||||
$panel->setCreateButton('Create New Repository', '/repository/create/');
|
if ($is_admin) {
|
||||||
|
$panel->setCreateButton('Create New Repository', '/repository/create/');
|
||||||
|
}
|
||||||
$panel->appendChild($table);
|
$panel->appendChild($table);
|
||||||
|
|
||||||
$projects = id(new PhabricatorRepositoryArcanistProject())->loadAll();
|
$projects = id(new PhabricatorRepositoryArcanistProject())->loadAll();
|
||||||
|
@ -125,6 +144,13 @@ class PhabricatorRepositoryListController
|
||||||
'action',
|
'action',
|
||||||
));
|
));
|
||||||
|
|
||||||
|
$project_table->setColumnVisibility(
|
||||||
|
array(
|
||||||
|
true,
|
||||||
|
true,
|
||||||
|
$is_admin,
|
||||||
|
));
|
||||||
|
|
||||||
$project_panel = new AphrontPanelView();
|
$project_panel = new AphrontPanelView();
|
||||||
$project_panel->setHeader('Arcanist Projects');
|
$project_panel->setHeader('Arcanist Projects');
|
||||||
$project_panel->appendChild($project_table);
|
$project_panel->appendChild($project_table);
|
||||||
|
|
|
@ -25,6 +25,7 @@ class AphrontTableView extends AphrontView {
|
||||||
protected $zebraStripes = true;
|
protected $zebraStripes = true;
|
||||||
protected $noDataString;
|
protected $noDataString;
|
||||||
protected $className;
|
protected $className;
|
||||||
|
protected $columnVisibility = array();
|
||||||
|
|
||||||
public function __construct(array $data) {
|
public function __construct(array $data) {
|
||||||
$this->data = $data;
|
$this->data = $data;
|
||||||
|
@ -60,6 +61,11 @@ class AphrontTableView extends AphrontView {
|
||||||
return $this;
|
return $this;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function setColumnVisibility(array $visibility) {
|
||||||
|
$this->columnVisibility = $visibility;
|
||||||
|
return $this;
|
||||||
|
}
|
||||||
|
|
||||||
public function render() {
|
public function render() {
|
||||||
require_celerity_resource('aphront-table-view-css');
|
require_celerity_resource('aphront-table-view-css');
|
||||||
|
|
||||||
|
@ -80,10 +86,17 @@ class AphrontTableView extends AphrontView {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$visibility = array_values($this->columnVisibility);
|
||||||
$headers = $this->headers;
|
$headers = $this->headers;
|
||||||
if ($headers) {
|
if ($headers) {
|
||||||
|
while (count($headers) > count($visibility)) {
|
||||||
|
$visibility[] = true;
|
||||||
|
}
|
||||||
$table[] = '<tr>';
|
$table[] = '<tr>';
|
||||||
foreach ($headers as $col_num => $header) {
|
foreach ($headers as $col_num => $header) {
|
||||||
|
if (!$visibility[$col_num]) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
$class = idx($col_classes, $col_num);
|
$class = idx($col_classes, $col_num);
|
||||||
$table[] = '<th'.$class.'>'.$header.'</th>';
|
$table[] = '<th'.$class.'>'.$header.'</th>';
|
||||||
}
|
}
|
||||||
|
@ -97,6 +110,9 @@ class AphrontTableView extends AphrontView {
|
||||||
while (count($row) > count($col_classes)) {
|
while (count($row) > count($col_classes)) {
|
||||||
$col_classes[] = null;
|
$col_classes[] = null;
|
||||||
}
|
}
|
||||||
|
while (count($row) > count($visibility)) {
|
||||||
|
$visibility[] = true;
|
||||||
|
}
|
||||||
$class = idx($this->rowClasses, $row_num);
|
$class = idx($this->rowClasses, $row_num);
|
||||||
if ($this->zebraStripes && ($row_num % 2)) {
|
if ($this->zebraStripes && ($row_num % 2)) {
|
||||||
if ($class !== null) {
|
if ($class !== null) {
|
||||||
|
@ -109,8 +125,14 @@ class AphrontTableView extends AphrontView {
|
||||||
$class = ' class="'.$class.'"';
|
$class = ' class="'.$class.'"';
|
||||||
}
|
}
|
||||||
$table[] = '<tr'.$class.'>';
|
$table[] = '<tr'.$class.'>';
|
||||||
|
// NOTE: Use of a separate column counter is to allow this to work
|
||||||
|
// correctly if the row data has string or non-sequential keys.
|
||||||
$col_num = 0;
|
$col_num = 0;
|
||||||
foreach ($row as $value) {
|
foreach ($row as $value) {
|
||||||
|
if (!$visibility[$col_num]) {
|
||||||
|
++$col_num;
|
||||||
|
continue;
|
||||||
|
}
|
||||||
$class = $col_classes[$col_num];
|
$class = $col_classes[$col_num];
|
||||||
if ($class !== null) {
|
if ($class !== null) {
|
||||||
$table[] = '<td'.$class.'>';
|
$table[] = '<td'.$class.'>';
|
||||||
|
|
Loading…
Reference in a new issue