revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-15 11:22:40 +01:00
Code Issues Releases Wiki Activity
phorge-phorge/src/applications/herald/controller/delete/HeraldDeleteController.php
Jason Ge 42383214ea Enable admin to view and delete other users' herald rules 
Summary:
enable admin to delete user's herald rules. This is useful for
managing non-active users' rules. For example, ex-employees' rules. The
code change includes:

 - Added a 'All' tab which is only accessible to admin.
 - Refactor out a HeraldRuleListView which is used by both the home
   controller and the all rule controller

Test Plan:
delete an ex-employee rule as an admin; disable myself as
admin and verified that I don't have access to view other user's rules
and I'am not be able to delete them; also verified that as a non-admin,
I can still view, create and delete my own rules.

Reviewers: epriestley, nh

Reviewed By: epriestley

CC: aran, epriestley, jungejason

Differential Revision: 1064
2011-11-15 16:21:51 -08:00

64 lines
1.8 KiB
PHP
Raw Blame History

<?php
/*
* Copyright 2011 Facebook, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
class HeraldDeleteController extends HeraldController {
private $id;
public function willProcessRequest(array $data) {
$this->id = $data['id'];
}
public function processRequest() {
$rule = id(new HeraldRule())->load($this->id);
if (!$rule) {
return new Aphront404Response();
}
$request = $this->getRequest();
$user = $request->getUser();
if ($user->getPHID() != $rule->getAuthorPHID() && !$user->getIsAdmin()) {
return new Aphront400Response();
}
if ($request->isFormPost()) {
$rule->delete();
if ($request->isAjax()) {
return new AphrontRedirectResponse();
} else {
return id(new AphrontRedirectResponse())->setURI('/herald/');
}
}
$dialog = new AphrontDialogView();
$dialog->setUser($request->getUser());
$dialog->setTitle('Really delete this rule?');
$dialog->appendChild(
"Are you sure you want to delete the rule ".
"'<strong>".phutil_escape_html($rule->getName())."</strong>'?");
$dialog->addSubmitButton('Delete');
$dialog->addCancelButton('/herald/');
$dialog->setSubmitURI($request->getPath());
return id(new AphrontDialogResponse())->setDialog($dialog);
}
}
View git blame Copy permalink