mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-15 11:22:40 +01:00
ee4bdb501b
Summary: Ref T603. Herald transcripts potentially leak a bunch of content (task text, revision/commit content). Don't let users see them if they can't see the actual objects. This is a little messy but ends up mostly reasonable-ish. Test Plan: - Verified that transcripts for objects I couldn't see no longer appear in the list, and reject access. - Verified that transcripts for objects in applications I can't see reject access, albeit less gracefully. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T603 Differential Revision: https://secure.phabricator.com/D7221
88 lines
2.2 KiB
PHP
88 lines
2.2 KiB
PHP
<?php
|
|
|
|
final class HeraldTranscriptListController extends HeraldController {
|
|
|
|
public function processRequest() {
|
|
|
|
$request = $this->getRequest();
|
|
$user = $request->getUser();
|
|
|
|
$pager = new AphrontCursorPagerView();
|
|
$pager->readFromRequest($request);
|
|
|
|
$transcripts = id(new HeraldTranscriptQuery())
|
|
->setViewer($user)
|
|
->needPartialRecords(true)
|
|
->executeWithCursorPager($pager);
|
|
|
|
// Render the table.
|
|
$handles = array();
|
|
if ($transcripts) {
|
|
$phids = mpull($transcripts, 'getObjectPHID', 'getObjectPHID');
|
|
$handles = $this->loadViewerHandles($phids);
|
|
}
|
|
|
|
$rows = array();
|
|
foreach ($transcripts as $xscript) {
|
|
$rows[] = array(
|
|
phabricator_date($xscript->getTime(), $user),
|
|
phabricator_time($xscript->getTime(), $user),
|
|
$handles[$xscript->getObjectPHID()]->renderLink(),
|
|
$xscript->getDryRun() ? pht('Yes') : '',
|
|
number_format((int)(1000 * $xscript->getDuration())).' ms',
|
|
phutil_tag(
|
|
'a',
|
|
array(
|
|
'href' => '/herald/transcript/'.$xscript->getID().'/',
|
|
'class' => 'button small grey',
|
|
),
|
|
pht('View Transcript')),
|
|
);
|
|
}
|
|
|
|
$table = new AphrontTableView($rows);
|
|
$table->setHeaders(
|
|
array(
|
|
pht('Date'),
|
|
pht('Time'),
|
|
pht('Object'),
|
|
pht('Dry Run'),
|
|
pht('Duration'),
|
|
pht('View'),
|
|
));
|
|
$table->setColumnClasses(
|
|
array(
|
|
'',
|
|
'right',
|
|
'wide wrap',
|
|
'',
|
|
'',
|
|
'action',
|
|
));
|
|
|
|
// Render the whole page.
|
|
$panel = new AphrontPanelView();
|
|
$panel->setHeader(pht('Herald Transcripts'));
|
|
$panel->appendChild($table);
|
|
$panel->appendChild($pager);
|
|
$panel->setNoBackground();
|
|
|
|
$nav = $this->buildSideNavView();
|
|
$nav->selectFilter('transcript');
|
|
$nav->appendChild($panel);
|
|
|
|
$crumbs = id($this->buildApplicationCrumbs())
|
|
->addCrumb(
|
|
id(new PhabricatorCrumbView())
|
|
->setName(pht('Transcripts')));
|
|
$nav->setCrumbs($crumbs);
|
|
|
|
return $this->buildApplicationPage(
|
|
$nav,
|
|
array(
|
|
'title' => pht('Herald Transcripts'),
|
|
'device' => true,
|
|
));
|
|
}
|
|
|
|
}
|