Fix an issue with darkconsole.always-on and logged-out users
Summary: Fixes T3796. When this got split out into tabs, the data endpoints were accidentally locked down. Open them up again if the setting is on. Also, when you open/close the console we try to save the preference. Just no-op if you're logged out. Previously, you'd see the requests in DarkConsole since they failed. Test Plan: Enabled `darkconsole.always-on` and toggled the console on and off as a logged-out user. Disabled the preference and verified it was no longer accessible. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T3796 Differential Revision: https://secure.phabricator.com/D6886
This commit is contained in:
epriestley
@@ -8,22 +8,31 @@ final class DarkConsoleController extends PhabricatorController {
|
|||||||
protected $op;
|
protected $op;
|
||||||
protected $data;
|
protected $data;
|
||||||
|
|
||||||
|
public function shouldRequireLogin() {
|
||||||
|
return !PhabricatorEnv::getEnvConfig('darkconsole.always-on');
|
||||||
|
}
|
||||||
|
|
||||||
public function processRequest() {
|
public function processRequest() {
|
||||||
$request = $this->getRequest();
|
$request = $this->getRequest();
|
||||||
$user = $request->getUser();
|
$user = $request->getUser();
|
||||||
|
$response = id(new AphrontAjaxResponse())->setDisableConsole(true);
|
||||||
|
|
||||||
|
if (!$user->isLoggedIn()) {
|
||||||
|
return $response;
|
||||||
|
}
|
||||||
|
|
||||||
$visible = $request->getStr('visible');
|
$visible = $request->getStr('visible');
|
||||||
if (strlen($visible)) {
|
if (strlen($visible)) {
|
||||||
$user->setConsoleVisible((int)$visible);
|
$user->setConsoleVisible((int)$visible);
|
||||||
$user->save();
|
$user->save();
|
||||||
return id(new AphrontAjaxResponse())->setDisableConsole(true);
|
return $response;
|
||||||
}
|
}
|
||||||
|
|
||||||
$tab = $request->getStr('tab');
|
$tab = $request->getStr('tab');
|
||||||
if (strlen($tab)) {
|
if (strlen($tab)) {
|
||||||
$user->setConsoleTab($tab);
|
$user->setConsoleTab($tab);
|
||||||
$user->save();
|
$user->save();
|
||||||
return id(new AphrontAjaxResponse())->setDisableConsole(true);
|
return $response;
|
||||||
}
|
}
|
||||||
|
|
||||||
return new Aphront404Response();
|
return new Aphront404Response();
|
||||||
|
|||||||
@@ -7,6 +7,10 @@ final class DarkConsoleDataController extends PhabricatorController {
|
|||||||
|
|
||||||
private $key;
|
private $key;
|
||||||
|
|
||||||
|
public function shouldRequireLogin() {
|
||||||
|
return !PhabricatorEnv::getEnvConfig('darkconsole.always-on');
|
||||||
|
}
|
||||||
|
|
||||||
public function willProcessRequest(array $data) {
|
public function willProcessRequest(array $data) {
|
||||||
$this->key = $data['key'];
|
$this->key = $data['key'];
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user