Have EditEngine API methods provide the correct application to Conduit
Summary: Fixes T9799. Currently, if you can't see an application like Paste, we fatal when trying to generate a result for `conduit.query`, because the new EditEngine-based `paste.edit` method doesn't "know" that it's a "Paste" method. Straighten this out, and use policies and queries a little more correctly/consistently. Test Plan: - Called `conduit.query` as a user who does not have permission to use Paste. - Before change: fatal. - After change: results, excluding "paste.*" methods. Reviewers: chad Reviewed By: chad Subscribers: cburroughs Maniphest Tasks: T9799 Differential Revision: https://secure.phabricator.com/D14492
This commit is contained in:
		| @@ -19,20 +19,20 @@ final class ConduitQueryConduitAPIMethod extends ConduitAPIMethod { | |||||||
|   } |   } | ||||||
|  |  | ||||||
|   protected function execute(ConduitAPIRequest $request) { |   protected function execute(ConduitAPIRequest $request) { | ||||||
|     $classes = id(new PhutilClassMapQuery()) |     $methods = id(new PhabricatorConduitMethodQuery()) | ||||||
|       ->setAncestorClass('ConduitAPIMethod') |       ->setViewer($request->getUser()) | ||||||
|       ->execute(); |       ->execute(); | ||||||
|  |  | ||||||
|     $names_to_params = array(); |     $map = array(); | ||||||
|     foreach ($classes as $class) { |     foreach ($methods as $method) { | ||||||
|       $names_to_params[$class->getAPIMethodName()] = array( |       $map[$method->getAPIMethodName()] = array( | ||||||
|         'description' => $class->getMethodDescription(), |         'description' => $method->getMethodDescription(), | ||||||
|         'params' => $class->getParamTypes(), |         'params' => $method->getParamTypes(), | ||||||
|         'return' => $class->getReturnType(), |         'return' => $method->getReturnType(), | ||||||
|       ); |       ); | ||||||
|     } |     } | ||||||
|  |  | ||||||
|     return $names_to_params; |     return $map; | ||||||
|   } |   } | ||||||
|  |  | ||||||
| } | } | ||||||
|   | |||||||
| @@ -115,6 +115,43 @@ final class PhabricatorConduitMethodQuery | |||||||
|     return $methods; |     return $methods; | ||||||
|   } |   } | ||||||
|  |  | ||||||
|  |   protected function willFilterPage(array $methods) { | ||||||
|  |     $application_phids = array(); | ||||||
|  |     foreach ($methods as $method) { | ||||||
|  |       $application = $method->getApplication(); | ||||||
|  |       if ($application === null) { | ||||||
|  |         continue; | ||||||
|  |       } | ||||||
|  |       $application_phids[] = $application->getPHID(); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     if ($application_phids) { | ||||||
|  |       $applications = id(new PhabricatorApplicationQuery()) | ||||||
|  |         ->setParentQuery($this) | ||||||
|  |         ->setViewer($this->getViewer()) | ||||||
|  |         ->withPHIDs($application_phids) | ||||||
|  |         ->execute(); | ||||||
|  |       $applications = mpull($applications, null, 'getPHID'); | ||||||
|  |     } else { | ||||||
|  |       $applications = array(); | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     // Remove methods which belong to an application the viewer can not see. | ||||||
|  |     foreach ($methods as $key => $method) { | ||||||
|  |       $application = $method->getApplication(); | ||||||
|  |       if ($application === null) { | ||||||
|  |         continue; | ||||||
|  |       } | ||||||
|  |  | ||||||
|  |       if (empty($applications[$application->getPHID()])) { | ||||||
|  |         $this->didRejectResult($method); | ||||||
|  |         unset($methods[$key]); | ||||||
|  |       } | ||||||
|  |     } | ||||||
|  |  | ||||||
|  |     return $methods; | ||||||
|  |   } | ||||||
|  |  | ||||||
|   public function getQueryApplicationClass() { |   public function getQueryApplicationClass() { | ||||||
|     return 'PhabricatorConduitApplication'; |     return 'PhabricatorConduitApplication'; | ||||||
|   } |   } | ||||||
|   | |||||||
| @@ -9,6 +9,10 @@ final class PhabricatorPasteEditEngine | |||||||
|     return pht('Pastes'); |     return pht('Pastes'); | ||||||
|   } |   } | ||||||
|  |  | ||||||
|  |   public function getEngineApplicationClass() { | ||||||
|  |     return 'PhabricatorPasteApplication'; | ||||||
|  |   } | ||||||
|  |  | ||||||
|   protected function newEditableObject() { |   protected function newEditableObject() { | ||||||
|     return PhabricatorPaste::initializeNewPaste($this->getViewer()); |     return PhabricatorPaste::initializeNewPaste($this->getViewer()); | ||||||
|   } |   } | ||||||
|   | |||||||
| @@ -50,6 +50,7 @@ abstract class PhabricatorEditEngine | |||||||
| /* -(  Managing Fields  )---------------------------------------------------- */ | /* -(  Managing Fields  )---------------------------------------------------- */ | ||||||
|  |  | ||||||
|  |  | ||||||
|  |   abstract public function getEngineApplicationClass(); | ||||||
|   abstract protected function buildCustomEditFields($object); |   abstract protected function buildCustomEditFields($object); | ||||||
|  |  | ||||||
|   final protected function buildEditFields($object) { |   final protected function buildEditFields($object) { | ||||||
|   | |||||||
| @@ -5,6 +5,12 @@ abstract class PhabricatorEditEngineAPIMethod | |||||||
|  |  | ||||||
|   abstract public function newEditEngine(); |   abstract public function newEditEngine(); | ||||||
|  |  | ||||||
|  |   public function getApplication() { | ||||||
|  |     $engine = $this->newEditEngine(); | ||||||
|  |     $class = $engine->getEngineApplicationClass(); | ||||||
|  |     return PhabricatorApplication::getByClass($class); | ||||||
|  |   } | ||||||
|  |  | ||||||
|   public function getMethodStatus() { |   public function getMethodStatus() { | ||||||
|     return self::METHOD_STATUS_UNSTABLE; |     return self::METHOD_STATUS_UNSTABLE; | ||||||
|   } |   } | ||||||
|   | |||||||
| @@ -20,6 +20,10 @@ final class PhabricatorEditEngineConfigurationEditEngine | |||||||
|     return pht('Edit Configurations'); |     return pht('Edit Configurations'); | ||||||
|   } |   } | ||||||
|  |  | ||||||
|  |   public function getEngineApplicationClass() { | ||||||
|  |     return 'PhabricatorTransactionsApplication'; | ||||||
|  |   } | ||||||
|  |  | ||||||
|   protected function newEditableObject() { |   protected function newEditableObject() { | ||||||
|     return PhabricatorEditEngineConfiguration::initializeNewConfiguration( |     return PhabricatorEditEngineConfiguration::initializeNewConfiguration( | ||||||
|       $this->getViewer(), |       $this->getViewer(), | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user
	 epriestley
					epriestley