1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-19 05:12:41 +01:00

Lockdown tool directory editing to administrators

Summary:
Someone has "defaced" secure.phabricator.com with a helpful suggestion that I
actually do this; fair enough. :P

Test Plan:
Logged in as myself, unable to edit directory information. Logged out, logged in
as admin, was able to edit directory information.

I need to fix some more CSS stuff since some of these tabs render out hideous in
the admin background, but I can followup with that.

Reviewed By: tuomaspelkonen
Reviewers: aran, jungejason, tuomaspelkonen
Commenters: aran
CC: aran, tuomaspelkonen, epriestley
Differential Revision: 296
This commit is contained in:
epriestley 2011-05-17 10:59:26 -07:00
parent 84731e8f00
commit f72c1acc63
7 changed files with 134 additions and 68 deletions

View file

@ -18,18 +18,27 @@
abstract class PhabricatorDirectoryController extends PhabricatorController { abstract class PhabricatorDirectoryController extends PhabricatorController {
public function shouldRequireAdmin() {
// Most controllers here are admin-only, so default to locking them down.
return true;
}
public function buildStandardPageResponse($view, array $data) { public function buildStandardPageResponse($view, array $data) {
$page = $this->buildStandardPageView(); $page = $this->buildStandardPageView();
$page->setApplicationName('Directory'); $page->setApplicationName('Directory');
$page->setBaseURI('/'); $page->setBaseURI('/');
$page->setTitle(idx($data, 'title')); $page->setTitle(idx($data, 'title'));
$page->setTabs(
array( $tabs = array(
'directory' => array( 'directory' => array(
'href' => '/', 'href' => '/',
'name' => 'Directory', 'name' => 'Directory',
), ),
);
if ($this->getRequest()->getUser()->getIsAdmin()) {
$tabs += array(
'categories' => array( 'categories' => array(
'href' => '/directory/category/', 'href' => '/directory/category/',
'name' => 'Categories', 'name' => 'Categories',
@ -38,7 +47,11 @@ abstract class PhabricatorDirectoryController extends PhabricatorController {
'href' => '/directory/item/', 'href' => '/directory/item/',
'name' => 'Items', 'name' => 'Items',
), ),
), );
}
$page->setTabs(
$tabs,
idx($data, 'tab')); idx($data, 'tab'));
$page->setGlyph("\xE2\x9A\x92"); $page->setGlyph("\xE2\x9A\x92");
$page->appendChild($view); $page->appendChild($view);

View file

@ -19,6 +19,12 @@
class PhabricatorDirectoryMainController class PhabricatorDirectoryMainController
extends PhabricatorDirectoryController { extends PhabricatorDirectoryController {
public function shouldRequireAdmin() {
// These controllers are admin-only by default, but this one is public,
// so allow non-admin users to view it.
return false;
}
public function processRequest() { public function processRequest() {

View file

@ -42,75 +42,65 @@ class PhabricatorPeopleListController extends PhabricatorPeopleController {
$rows = array(); $rows = array();
foreach ($users as $user) { foreach ($users as $user) {
$cols = array();
$cols[] = date('M jS, Y', $user->getDateCreated());
$cols[] = date('g:i:s A', $user->getDateCreated());
$cols[] = phutil_render_tag(
'a',
array(
'href' => '/p/'.$user->getUsername().'/',
),
phutil_escape_html($user->getUserName()));
$cols[] = phutil_escape_html($user->getRealName());
if ($is_admin) { $status = '';
$status = ''; if ($user->getIsDisabled()) {
if ($user->getIsDisabled()) { $status = 'Disabled';
$status = 'Disabled'; } else if ($user->getIsAdmin()) {
} else if ($user->getIsAdmin()) { $status = 'Admin';
$status = 'Admin'; } else {
} else { $status = '-';
$status = '-'; }
}
$cols[] = $status; $rows[] = array(
$cols[] = phutil_render_tag( date('M jS, Y', $user->getDateCreated()),
date('g:i:s A', $user->getDateCreated()),
phutil_render_tag(
'a',
array(
'href' => '/p/'.$user->getUsername().'/',
),
phutil_escape_html($user->getUserName())),
phutil_escape_html($user->getRealName()),
$status,
phutil_render_tag(
'a', 'a',
array( array(
'class' => 'button grey small', 'class' => 'button grey small',
'href' => '/people/edit/'.$user->getID().'/', 'href' => '/people/edit/'.$user->getID().'/',
), ),
'Administrate User'); 'Administrate User'),
} );
$rows[] = $cols;
} }
$table = new AphrontTableView($rows); $table = new AphrontTableView($rows);
if ($is_admin) { $table->setHeaders(
$table->setHeaders( array(
array( 'Join Date',
'Join Date', 'Time',
'Time', 'Username',
'Username', 'Real Name',
'Real Name', 'Status',
'Status', '',
'', ));
)); $table->setColumnClasses(
$table->setColumnClasses( array(
array( null,
null, 'right',
'right', 'pri',
'pri', 'wide',
'wide', null,
null, 'action',
'action', ));
)); $table->setColumnVisibility(
} else { array(
$table->setHeaders( true,
array( true,
'Join Date', true,
'Time', true,
'Username', $is_admin,
'Real Name', $is_admin,
)); ));
$table->setColumnClasses(
array(
null,
'right',
'pri',
'wide',
));
}
$panel = new AphrontPanelView(); $panel = new AphrontPanelView();
$panel->setHeader('People ('.number_format($count).')'); $panel->setHeader('People ('.number_format($count).')');

View file

@ -18,6 +18,11 @@
abstract class PhabricatorRepositoryController extends PhabricatorController { abstract class PhabricatorRepositoryController extends PhabricatorController {
public function shouldRequireAdmin() {
// Most of these controllers are admin-only.
return true;
}
public function buildStandardPageResponse($view, array $data) { public function buildStandardPageResponse($view, array $data) {
$page = $this->buildStandardPageView(); $page = $this->buildStandardPageView();

View file

@ -20,6 +20,10 @@
class PhabricatorRepositoryGitHubPostReceiveController class PhabricatorRepositoryGitHubPostReceiveController
extends PhabricatorRepositoryController { extends PhabricatorRepositoryController {
public function shouldRequireAdmin() {
return false;
}
public function shouldRequireLogin() { public function shouldRequireLogin() {
return false; return false;
} }

View file

@ -19,9 +19,16 @@
class PhabricatorRepositoryListController class PhabricatorRepositoryListController
extends PhabricatorRepositoryController { extends PhabricatorRepositoryController {
public function shouldRequireAdmin() {
return false;
}
public function processRequest() { public function processRequest() {
$request = $this->getRequest();
$user = $request->getUser();
$is_admin = $user->getIsAdmin();
$repos = id(new PhabricatorRepository())->loadAll(); $repos = id(new PhabricatorRepository())->loadAll();
$rows = array(); $rows = array();
@ -82,9 +89,21 @@ class PhabricatorRepositoryListController
'action', 'action',
)); ));
$table->setColumnVisibility(
array(
true,
true,
true,
true,
$is_admin,
$is_admin,
));
$panel = new AphrontPanelView(); $panel = new AphrontPanelView();
$panel->setHeader('Repositories'); $panel->setHeader('Repositories');
$panel->setCreateButton('Create New Repository', '/repository/create/'); if ($is_admin) {
$panel->setCreateButton('Create New Repository', '/repository/create/');
}
$panel->appendChild($table); $panel->appendChild($table);
$projects = id(new PhabricatorRepositoryArcanistProject())->loadAll(); $projects = id(new PhabricatorRepositoryArcanistProject())->loadAll();
@ -125,6 +144,13 @@ class PhabricatorRepositoryListController
'action', 'action',
)); ));
$project_table->setColumnVisibility(
array(
true,
true,
$is_admin,
));
$project_panel = new AphrontPanelView(); $project_panel = new AphrontPanelView();
$project_panel->setHeader('Arcanist Projects'); $project_panel->setHeader('Arcanist Projects');
$project_panel->appendChild($project_table); $project_panel->appendChild($project_table);

View file

@ -25,6 +25,7 @@ class AphrontTableView extends AphrontView {
protected $zebraStripes = true; protected $zebraStripes = true;
protected $noDataString; protected $noDataString;
protected $className; protected $className;
protected $columnVisibility = array();
public function __construct(array $data) { public function __construct(array $data) {
$this->data = $data; $this->data = $data;
@ -60,6 +61,11 @@ class AphrontTableView extends AphrontView {
return $this; return $this;
} }
public function setColumnVisibility(array $visibility) {
$this->columnVisibility = $visibility;
return $this;
}
public function render() { public function render() {
require_celerity_resource('aphront-table-view-css'); require_celerity_resource('aphront-table-view-css');
@ -80,10 +86,17 @@ class AphrontTableView extends AphrontView {
} }
} }
$visibility = array_values($this->columnVisibility);
$headers = $this->headers; $headers = $this->headers;
if ($headers) { if ($headers) {
while (count($headers) > count($visibility)) {
$visibility[] = true;
}
$table[] = '<tr>'; $table[] = '<tr>';
foreach ($headers as $col_num => $header) { foreach ($headers as $col_num => $header) {
if (!$visibility[$col_num]) {
continue;
}
$class = idx($col_classes, $col_num); $class = idx($col_classes, $col_num);
$table[] = '<th'.$class.'>'.$header.'</th>'; $table[] = '<th'.$class.'>'.$header.'</th>';
} }
@ -97,6 +110,9 @@ class AphrontTableView extends AphrontView {
while (count($row) > count($col_classes)) { while (count($row) > count($col_classes)) {
$col_classes[] = null; $col_classes[] = null;
} }
while (count($row) > count($visibility)) {
$visibility[] = true;
}
$class = idx($this->rowClasses, $row_num); $class = idx($this->rowClasses, $row_num);
if ($this->zebraStripes && ($row_num % 2)) { if ($this->zebraStripes && ($row_num % 2)) {
if ($class !== null) { if ($class !== null) {
@ -109,8 +125,14 @@ class AphrontTableView extends AphrontView {
$class = ' class="'.$class.'"'; $class = ' class="'.$class.'"';
} }
$table[] = '<tr'.$class.'>'; $table[] = '<tr'.$class.'>';
// NOTE: Use of a separate column counter is to allow this to work
// correctly if the row data has string or non-sequential keys.
$col_num = 0; $col_num = 0;
foreach ($row as $value) { foreach ($row as $value) {
if (!$visibility[$col_num]) {
++$col_num;
continue;
}
$class = $col_classes[$col_num]; $class = $col_classes[$col_num];
if ($class !== null) { if ($class !== null) {
$table[] = '<td'.$class.'>'; $table[] = '<td'.$class.'>';