mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-01 03:02:43 +01:00
0e7a5623e3
Summary: Ref T12335. See that task for discussion. Here are the behavioral changes: - Statuses can be flagged with `locked`, which means that tasks in that status are locked to further discussion and interaction. - A new "CAN_INTERACT" permission facilitates this. For most objects, "CAN_INTERACT" is just the same as "CAN_VIEW". - For tasks, "CAN_INTERACT" is everyone if the status is a normal status, and no one if the status is a locked status. - If a user doesn't have "Interact" permission: - They can not submit the comment form. - The comment form is replaced with text indicating "This thing is locked.". - The "Edit" workflow prompts them. This is a mixture of advisory and hard policy checks but sholuld represent a reasonable starting point. Test Plan: Created a new "Locked" status, locked a task. Couldn't comment, saw lock warning, saw lock prompt on edit. Unlocked a task. Reviewers: chad Reviewed By: chad Maniphest Tasks: T12335 Differential Revision: https://secure.phabricator.com/D17453
67 lines
1.8 KiB
PHP
67 lines
1.8 KiB
PHP
<?php
|
|
|
|
abstract class PhabricatorPolicyCapability extends Phobject {
|
|
|
|
const CAN_VIEW = 'view';
|
|
const CAN_EDIT = 'edit';
|
|
const CAN_JOIN = 'join';
|
|
const CAN_INTERACT = 'interact';
|
|
|
|
/**
|
|
* Get the unique key identifying this capability. This key must be globally
|
|
* unique. Application capabilities should be namespaced. For example:
|
|
*
|
|
* application.create
|
|
*
|
|
* @return string Globally unique capability key.
|
|
*/
|
|
final public function getCapabilityKey() {
|
|
return $this->getPhobjectClassConstant('CAPABILITY');
|
|
}
|
|
|
|
|
|
/**
|
|
* Return a human-readable descriptive name for this capability, like
|
|
* "Can View".
|
|
*
|
|
* @return string Human-readable name describing the capability.
|
|
*/
|
|
abstract public function getCapabilityName();
|
|
|
|
|
|
/**
|
|
* Return a human-readable string describing what not having this capability
|
|
* prevents the user from doing. For example:
|
|
*
|
|
* - You do not have permission to edit this object.
|
|
* - You do not have permission to create new tasks.
|
|
*
|
|
* @return string Human-readable name describing what failing a check for this
|
|
* capability prevents the user from doing.
|
|
*/
|
|
public function describeCapabilityRejection() {
|
|
return null;
|
|
}
|
|
|
|
/**
|
|
* Can this capability be set to "public"? Broadly, this is only appropriate
|
|
* for view and view-related policies.
|
|
*
|
|
* @return bool True to allow the "public" policy. Returns false by default.
|
|
*/
|
|
public function shouldAllowPublicPolicySetting() {
|
|
return false;
|
|
}
|
|
|
|
final public static function getCapabilityByKey($key) {
|
|
return idx(self::getCapabilityMap(), $key);
|
|
}
|
|
|
|
final public static function getCapabilityMap() {
|
|
return id(new PhutilClassMapQuery())
|
|
->setAncestorClass(__CLASS__)
|
|
->setUniqueMethod('getCapabilityKey')
|
|
->execute();
|
|
}
|
|
|
|
}
|