1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-14 02:42:40 +01:00
Commit graph

9 commits

Author SHA1 Message Date
epriestley
ded641ae32 Add basic per-object privacy policies
Summary:
Provides a basic start for access policies. Objects expose various capabilities, like CAN_VIEW, CAN_EDIT, etc., and set a policy for each capability. We currently implement three policies, PUBLIC (anyone, including logged-out), USERS (any logged-in) and NOONE (nobody). There's also a way to provide automatic capability grants (e.g., the owner of an object can always see it, even if some capability is set to "NOONE"), but I'm not sure how great the implementation feels and it might change.

Most of the code here is providing a primitive for efficient policy-aware list queries. The problem with doing queries naively is that you have to do crazy amounts of filtering, e.g. to show the user page 6, you need to filter at least 600 objects (and likely more) before you can figure out which ones are 500-600 for them. You can't just do "LIMIT 500, 100" because that might have only 50 results, or no results. Instead, the query looks like "WHERE id > last_visible_id", and then we fetch additional pages as necessary to satisfy the request.

The general idea is that we move all data access to Query classes and have them do object filtering. The ID paging primitive allows efficient paging in most cases, and the executeOne() method provides a concise way to do policy checks for edit/view screens.

We'll probably end up with mostly broader policy UIs or configuration-based policies, but there are at least a few cases for per-object privacy (e.g., marking tasks as "Security", and restricting things to the members of projects) so I figured we'd start with a flexible primitive and the simplify it in the UI where we can.

Test Plan: Unit tests, played around in the UI with various policy settings.

Reviewers: btrahan, vrana, jungejason

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D2210
2012-04-14 10:13:29 -07:00
epriestley
62e41040f0 Improve exception behavior for storage engine failures
Summary: See T1021. Raise configuration or implementation exceptions immediately. When all engines fail, raise an aggregate exception with details.

Test Plan: Forced all engines to fail, received an aggregate exception. Forced an engine to fail with a config exception, recevied it immediately.

Reviewers: btrahan, vrana, jungejason

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T1021

Differential Revision: https://secure.phabricator.com/D2157
2012-04-08 15:07:34 -07:00
epriestley
966778c2bd Improve unhandled exception dialogs
Summary:
Make the unhandled exception dialogs slightly more useful:

  - Make them easier to read.
  - Link to files from Phabricator libraries.
  - Don't show traces by default.
  - Show traces in development mode.
  - Rename button from "Cancel" to "Close" and only show it for Ajax.

Test Plan: Rigged DirectoryHomeController to throw, loaded home page. Changed
stack trace setting in config. Clicked some files in the trace.
Reviewed By: aran
Reviewers: aran, jungejason, tuomaspelkonen, codeblock
CC: aran, epriestley
Differential Revision: 823
2011-08-17 16:23:11 -07:00
epriestley
eab768f705 Allow projects to be quickly added from the Maniphest task creation interface
Summary:
Provide a quick workflow for adding a new project. This ended up being sort of
complicated because we don't currently put forms in dialogs. I separated the
actual <form /> tag out of the display/layout of AphrontFormView to enable this
(the dialog is itself a form).

Limitations: if you create a new project and then remove it, it won't appear in
the tokenizer until you reload the page. We need to add the ability for the
datasource to drop its cache to enable this, which is super complicated.

Test Plan:
Used "Create new project" to add a new project when creating a task.

Reviewed By: aran
Reviewers: jungejason, tuomaspelkonen, aran
CC: anjali, aran, epriestley
Differential Revision: 422
2011-06-13 10:17:08 -07:00
tuomaspelkonen
6bc3f9ce6f Decreased the opacity on the mask for dialogs
Summary:
The transparent mask around the dialogs was too dark. Code was hard to
read. Now opacity has a value of 37, which makes the code easy to read,
but still clearly indicates that the dialog is present.

Test Plan:
I was able to read the code easily through the mask.

Reviewed By: epriestley
Reviewers: epriestley
CC: epriestley, tuomaspelkonen
Differential Revision: 139
2011-04-14 16:10:19 -07:00
epriestley
a04a88a843 Make subscribe/unsubscribe work properly on Revisions.
Summary:

Test Plan:

Reviewers:

CC:
2011-02-19 14:36:13 -08:00
epriestley
eec3e8e3aa Move object-selector closable to being usable.
Summary:

Test Plan:

Reviewers:

CC:
2011-02-18 15:12:15 -08:00
epriestley
9dac0ed9f1 Bring in JX.Workflow and the inline commenting behavior, plus sync Javelin. 2011-02-01 15:52:04 -08:00
epriestley
e284d5b5dc Distribute Celerity includes. 2011-01-25 11:32:46 -08:00