1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-01 03:02:43 +01:00
Commit graph

16 commits

Author SHA1 Message Date
Joshua Spence
6270114767 Various linter fixes.
Summary:
- Removed trailing newlines.
- Added newline at EOF.
- Removed leading newlines.
- Trimmed trailing whitespace.
- Spelling fix.
- Added newline at EOF

Test Plan: N/A

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley

CC: hach-que, chad, Korvin, epriestley, aran

Differential Revision: https://secure.phabricator.com/D8344
2014-02-26 12:44:58 -08:00
epriestley
db89883447 Always include the current user as a selectable policy
Summary: Ref T4136. After Passphrase, user policies work correctly in this dropdown. Providing this option improves consistency and makes it easier to create, e.g., a private repository (where "no one" does not include the viewer, because they don't own the resulting object).

Test Plan: Set an object's policy to my user policy.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T4136

Differential Revision: https://secure.phabricator.com/D7858
2013-12-30 16:48:36 -08:00
epriestley
2a5c987c71 Lock policy queries to their applications
Summary:
While we mostly have reasonable effective object accessibility when you lock a user out of an application, it's primarily enforced at the controller level. Users can still, e.g., load the handles of objects they can't actually see. Instead, lock the queries to the applications so that you can, e.g., never load a revision if you don't have access to Differential.

This has several parts:

  - For PolicyAware queries, provide an application class name method.
  - If the query specifies a class name and the user doesn't have permission to use it, fail the entire query unconditionally.
  - For handles, simplify query construction and count all the PHIDs as "restricted" so we get a UI full of "restricted" instead of "unknown" handles.

Test Plan:
  - Added a unit test to verify I got all the class names right.
  - Browsed around, logged in/out as a normal user with public policies on and off.
  - Browsed around, logged in/out as a restricted user with public policies on and off. With restrictions, saw all traces of restricted apps removed or restricted.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D7367
2013-10-21 17:20:27 -07:00
epriestley
502c6f2d48 Render public content as "Public" in headers, not "Public (No Login Required)"
Summary:
Ref T603. Although I think the parenthetical is valuable when //setting// policies to make sure no one accidentally opens content up, it's super annoying in headers.

This makes headers say "Public". Everything else still says "Public (No Login Required)".

Test Plan: {F69469}

Reviewers: chad, btrahan

Reviewed By: chad

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D7310
2013-10-14 14:17:25 -07:00
epriestley
5e5b7576a6 Make PhabricatorPolicyQuery a CursorPagedPolicyAwareQuery
Summary:
Ref T603. Make these actually implement policy interfaces, so shared infrastructure (like handle loading) works as expected. They don't actually have meaningful policies, and we short circuit all the checks.

(I don't plan to let you set policy controls on policies themselves)

Test Plan: Loaded handles for Policy objects via common infrastructure.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D7298
2013-10-14 12:06:52 -07:00
epriestley
67b17239b8 Allow custom policies to be loaded and exeucuted by the policy filter
Summary: Ref T603. Adds code to actually execute custom policies. (There's still no way to select them in the UI.)

Test Plan:
  - Added and executed unit tests.
  - Edited policies in existing applications.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D7292
2013-10-14 11:46:14 -07:00
epriestley
5899ae08b3 Add storage for custom policies
Summary: Ref T603. Allows custom policies to be saved. No integration with policy controls yet.

Test Plan:
  mysql> select * from policy where id = 3\G
  *************************** 1. row ***************************
             id: 3
           phid: PHID-PLCY-e4v2fnbyuibi4supl5tn
          rules: [{"action":"allow","rule":"PhabricatorPolicyRuleAdministrators","value":null},{"action":"allow","rule":"PhabricatorPolicyRuleProjects","value":["PHID-PROJ-cwovm5gn2ilubjehcdgd"]},{"action":"allow","rule":"PhabricatorPolicyRuleLunarPhase","value":"new"}]
  defaultAction: deny
    dateCreated: 1381437466
   dateModified: 1381437466
  1 row in set (0.00 sec)

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D7282
2013-10-10 16:09:51 -07:00
epriestley
2e5ac128b3 Explain policy exception rules to users
Summary:
Ref T603. Adds clarifying text which expands on policies and explains exceptions and rules. The goal is to provide an easy way for users to learn about special policy rules, like "task owners can always see a task".

This presentation might be a little aggressive. That's probably OK as we introduce policies, but something a little more tempered might be better down the road.

Test Plan: See screenshot.

Reviewers: btrahan, chad

Reviewed By: chad

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D7150
2013-09-27 08:43:41 -07:00
Chad Little
e8bb24fd60 Policy, Status in PHUIHeaderView
Summary: The adds the ability to set 'properties' such as state, privacy, due date to the header of objects.

Test Plan: Implemented in Paste, Pholio. Tested various states.

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: Korvin, aran

Differential Revision: https://secure.phabricator.com/D7016
2013-09-17 09:12:37 -07:00
Bob Trahan
b902005bed Kill PhabricatorObjectDataHandle
Summary: Ref T603. Killing this class is cool because the classes that replace it are policy-aware. Tried to keep my wits about me as I did this and fixed a few random things along the way. (Ones I remember right now are pulling a query outside of a foreach loop in Releeph and fixing the text in UIExample to note that the ace of hearts if "a powerful" card and not the "most powerful" card (Q of spades gets that honor IMO))

Test Plan: tested the first few changes (execute, executeOne X handle, object) then got real mechanical / careful with the other changes.

Reviewers: epriestley

Reviewed By: epriestley

CC: Korvin, aran, FacebookPOC

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D6941
2013-09-11 12:27:28 -07:00
epriestley
9cf26e5e3b Improve policy description strings in ApplicationTransactions
Summary: Ref T3184. See discussion in D6042.

Test Plan: {F44265}

Reviewers: garoevans, btrahan, chad

Reviewed By: chad

CC: aran

Maniphest Tasks: T3184

Differential Revision: https://secure.phabricator.com/D6047
2013-05-26 09:51:14 -07:00
Gareth Evans
d853388944 Render handles in View and Edit Policies
Summary:
Fixes T3184
We make sure that we're not working with a global policy that just sets the title correctly. Otherwise we have a PHID to work with and set the handle as required.

Test Plan: Change policies on a mock and see the title render correctly.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T3184

Differential Revision: https://secure.phabricator.com/D6042
2013-05-26 08:43:09 -07:00
vrana
ef85f49adc Delete license headers from files
Summary:
This commit doesn't change license of any file. It just makes the license implicit (inherited from LICENSE file in the root directory).

We are removing the headers for these reasons:

- It wastes space in editors, less code is visible in editor upon opening a file.
- It brings noise to diff of the first change of any file every year.
- It confuses Git file copy detection when creating small files.
- We don't have an explicit license header in other files (JS, CSS, images, documentation).
- Using license header in every file is not obligatory: http://www.apache.org/dev/apply-license.html#new.

This change is approved by Alma Chao (Lead Open Source and IP Counsel at Facebook).

Test Plan: Verified that the license survived only in LICENSE file and that it didn't modify externals.

Reviewers: epriestley, davidrecordon

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2035

Differential Revision: https://secure.phabricator.com/D3886
2012-11-05 11:16:51 -08:00
Wez Furlong
f29804a62a Fix fatal with some pastes
Summary: Avoid a BadMethodCallException for some pastes

Test Plan: Call up a paste from a day or so ago (in the FB environment)

Reviewers: nh, vrana

Reviewed By: nh

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D3560
2012-09-27 17:16:01 -07:00
epriestley
a52af0b3ae Make it more clear that "Public" really means "Public"
Summary: In the long term I think we can probably just explain this feature better, but for now I want to make sure no one makes a mistake with "Public". This seems like a reasonable way to do it.

Test Plan: Looked at the policy selector dropdown.

Reviewers: vrana, btrahan

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D3486
2012-09-17 10:17:25 -07:00
epriestley
a1df1f2b70 Allow projects to be set as policies
Summary:
  - Renames `PhabricatorPolicyQuery` to `PhabricatorPolicyAwareQuery` (a query which respects policy settings).
  - Introduces `PhabricatorPolicyQuery`, which loads available policies (e.g., "member of project X").
  - Introduces `PhabricatorPolicy`, which describes a policy.
  - Allows projects to be set as policies.
  - Allows Paste policies to be edited.
  - Covers crazy cases where you make projects depend on themselves or each other because you are a dastardly villan.

Test Plan: Set paste and project policies, including crazy policies like A -> B -> A, A -> A, etc.

Reviewers: vrana, btrahan

Reviewed By: vrana

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D3476
2012-09-13 10:15:08 -07:00