archive/phabricator
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

Add basic support for editing project policies

Browse Source 
Summary:
This case is unusually complicated because there are more rules than most objects will have.

  - Edits are either "joins", "leaves" or "other edits".
  - "Joins" require "can join" or "can edit".
  - "Leaves" don't require any policy.
  - "Other edits" require "can edit".
  - You can't edit away your ability to edit.
  - You //can// leave a project that you wouldn't be able to rejoin.

Things I'm going to add:

  - Global log of policy changes.
  - `bin/policy` script for undoing policy changes.
  - Test coverage for these rules.

Test Plan: Made various project visibility edits with various users, joined / left projects, etc. I'll add more complete coverage in the next diff.

Reviewers: btrahan, vrana

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D3270
This commit is contained in:
epriestley
2012-08-15 10:44:58 -07:00
parent 51c5a9b067
commit 42461b5f06
7 changed files with 253 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
src/applications/project/controller/PhabricatorProjectProfileEditController.php
View File

@@ -28,10 +28,19 @@ final class PhabricatorProjectProfileEditController
$request = $this->getRequest();
$user = $request->getUser();
$project = id(new PhabricatorProject())->load($this->id);
$project = id(new PhabricatorProjectQuery())
->setViewer($user)
->withIDs(array($this->id))
->requireCapabilities(
array(
PhabricatorPolicyCapability::CAN_VIEW,
PhabricatorPolicyCapability::CAN_EDIT,
))
->executeOne();
if (!$project) {
return new Aphront404Response();
}
$profile = $project->loadProfile();
if (empty($profile)) {
$profile = new PhabricatorProjectProfile();
@@ -62,6 +71,24 @@ final class PhabricatorProjectProfileEditController
$xaction->setNewValue($request->getStr('status'));
$xactions[] = $xaction;
$xaction = new PhabricatorProjectTransaction();
$xaction->setTransactionType(
PhabricatorProjectTransactionType::TYPE_CAN_VIEW);
$xaction->setNewValue($request->getStr('can_view'));
$xactions[] = $xaction;
$xaction = new PhabricatorProjectTransaction();
$xaction->setTransactionType(
PhabricatorProjectTransactionType::TYPE_CAN_EDIT);
$xaction->setNewValue($request->getStr('can_edit'));
$xactions[] = $xaction;
$xaction = new PhabricatorProjectTransaction();
$xaction->setTransactionType(
PhabricatorProjectTransactionType::TYPE_CAN_JOIN);
$xaction->setNewValue($request->getStr('can_join'));
$xactions[] = $xaction;
$editor = new PhabricatorProjectEditor($project);
$editor->setUser($user);
$editor->applyTransactions($xactions);
@@ -150,6 +177,31 @@ final class PhabricatorProjectProfileEditController
->setLabel('Blurb')
->setName('blurb')
->setValue($profile->getBlurb()))
->appendChild(
'<p class="aphront-form-instructions">NOTE: Policy settings are not '.
'yet fully implemented. Some interfaces still ignore these settings, '.
'particularly "Visible To".</p>')
->appendChild(
id(new AphrontFormPolicyControl())
->setUser($user)
->setName('can_view')
->setCaption('Members can always view a project.')
->setPolicyObject($project)
->setCapability(PhabricatorPolicyCapability::CAN_VIEW))
->appendChild(
id(new AphrontFormPolicyControl())
->setUser($user)
->setName('can_edit')
->setPolicyObject($project)
->setCapability(PhabricatorPolicyCapability::CAN_EDIT))
->appendChild(
id(new AphrontFormPolicyControl())
->setUser($user)
->setName('can_join')
->setCaption(
'Users who can edit a project can always join a project.')
->setPolicyObject($project)
->setCapability(PhabricatorPolicyCapability::CAN_JOIN))
->appendChild(
id(new AphrontFormMarkupControl())
->setLabel('Profile Image')