1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-15 19:32:40 +01:00
phorge-phorge/src/applications/passphrase/controller/PassphraseCredentialConduitController.php
James Rhodes 26f283fe21 Implement passphrase.query for querying credentials
Summary: Resolves T5868.  This implements `passphrase.query` and a mechanism for allowing Conduit access to credentials.

Test Plan: Tested locally.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: talshiri, epriestley, Korvin

Maniphest Tasks: T5868

Differential Revision: https://secure.phabricator.com/D10262
2014-08-16 22:41:03 +10:00

81 lines
2.5 KiB
PHP

<?php
final class PassphraseCredentialConduitController
extends PassphraseController {
private $id;
public function willProcessRequest(array $data) {
$this->id = $data['id'];
}
public function processRequest() {
$request = $this->getRequest();
$viewer = $request->getUser();
$credential = id(new PassphraseCredentialQuery())
->setViewer($viewer)
->withIDs(array($this->id))
->requireCapabilities(
array(
PhabricatorPolicyCapability::CAN_VIEW,
PhabricatorPolicyCapability::CAN_EDIT,
))
->executeOne();
if (!$credential) {
return new Aphront404Response();
}
$view_uri = '/K'.$credential->getID();
$token = id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession(
$viewer,
$request,
$view_uri);
$type = PassphraseCredentialType::getTypeByConstant(
$credential->getCredentialType());
if (!$type) {
throw new Exception(pht('Credential has invalid type "%s"!', $type));
}
if ($request->isFormPost()) {
$xactions = array();
$xactions[] = id(new PassphraseCredentialTransaction())
->setTransactionType(PassphraseCredentialTransaction::TYPE_CONDUIT)
->setNewValue(!$credential->getAllowConduit());
$editor = id(new PassphraseCredentialTransactionEditor())
->setActor($viewer)
->setContinueOnMissingFields(true)
->setContentSourceFromRequest($request)
->applyTransactions($credential, $xactions);
return id(new AphrontRedirectResponse())->setURI($view_uri);
}
if ($credential->getAllowConduit()) {
return $this->newDialog()
->setTitle(pht('Prevent Conduit access?'))
->appendChild(
pht(
'This credential and its secret will no longer be able '.
'to be retrieved using the `passphrase.query` method '.
'in Conduit.'))
->addSubmitButton(pht('Prevent Conduit Access'))
->addCancelButton($view_uri);
} else {
return $this->newDialog()
->setTitle(pht('Allow Conduit access?'))
->appendChild(
pht(
'This credential will be able to be retrieved via the Conduit '.
'API by users who have access to this credential. You should '.
'only enable this for credentials which need to be accessed '.
'programmatically (such as from build agents).'))
->addSubmitButton(pht('Allow Conduit Access'))
->addCancelButton($view_uri);
}
}
}