Paste: Add edit policy
Summary: T5549 Test Plan: Set edit policy on paste, check that only users meeting the policy requirements can edit it. Reviewers: epriestley, #blessed_reviewers Reviewed By: epriestley, #blessed_reviewers Subscribers: Korvin, epriestley Maniphest Tasks: T5549 Differential Revision: https://secure.phabricator.com/D11097
This commit is contained in:
Alex Monk
@@ -0,0 +1,3 @@
|
||||
ALTER TABLE `{$NAMESPACE}_pastebin`.`pastebin_paste`
|
||||
ADD `editPolicy` VARBINARY(64) NOT NULL
|
||||
AFTER `viewPolicy`;
|
||||
@@ -0,0 +1,2 @@
|
||||
UPDATE `{$NAMESPACE}_pastebin`.`pastebin_paste` SET editPolicy = authorPHID
|
||||
WHERE editPolicy = '';
|
||||
@@ -1203,6 +1203,7 @@ phutil_register_library_map(array(
|
||||
'PasteConduitAPIMethod' => 'applications/paste/conduit/PasteConduitAPIMethod.php',
|
||||
'PasteCreateConduitAPIMethod' => 'applications/paste/conduit/PasteCreateConduitAPIMethod.php',
|
||||
'PasteCreateMailReceiver' => 'applications/paste/mail/PasteCreateMailReceiver.php',
|
||||
'PasteDefaultEditCapability' => 'applications/paste/capability/PasteDefaultEditCapability.php',
|
||||
'PasteDefaultViewCapability' => 'applications/paste/capability/PasteDefaultViewCapability.php',
|
||||
'PasteEmbedView' => 'applications/paste/view/PasteEmbedView.php',
|
||||
'PasteInfoConduitAPIMethod' => 'applications/paste/conduit/PasteInfoConduitAPIMethod.php',
|
||||
@@ -4326,6 +4327,7 @@ phutil_register_library_map(array(
|
||||
'PasteConduitAPIMethod' => 'ConduitAPIMethod',
|
||||
'PasteCreateConduitAPIMethod' => 'PasteConduitAPIMethod',
|
||||
'PasteCreateMailReceiver' => 'PhabricatorMailReceiver',
|
||||
'PasteDefaultEditCapability' => 'PhabricatorPolicyCapability',
|
||||
'PasteDefaultViewCapability' => 'PhabricatorPolicyCapability',
|
||||
'PasteEmbedView' => 'AphrontView',
|
||||
'PasteInfoConduitAPIMethod' => 'PasteConduitAPIMethod',
|
||||
|
||||
@@ -50,6 +50,9 @@ final class PhabricatorPasteApplication extends PhabricatorApplication {
|
||||
PasteDefaultViewCapability::CAPABILITY => array(
|
||||
'caption' => pht('Default view policy for newly created pastes.'),
|
||||
),
|
||||
PasteDefaultEditCapability::CAPABILITY => array(
|
||||
'caption' => pht('Default edit policy for newly created pastes.'),
|
||||
),
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
@@ -0,0 +1,11 @@
|
||||
<?php
|
||||
|
||||
final class PasteDefaultEditCapability extends PhabricatorPolicyCapability {
|
||||
|
||||
const CAPABILITY = 'paste.default.edit';
|
||||
|
||||
public function getCapabilityName() {
|
||||
return pht('Default Edit Policy');
|
||||
}
|
||||
|
||||
}
|
||||
@@ -69,7 +69,8 @@ final class PhabricatorPasteEditController extends PhabricatorPasteController {
|
||||
$v_language = $paste->getLanguage();
|
||||
$v_text = $paste->getRawContent();
|
||||
}
|
||||
$v_policy = $paste->getViewPolicy();
|
||||
$v_view_policy = $paste->getViewPolicy();
|
||||
$v_edit_policy = $paste->getEditPolicy();
|
||||
|
||||
if ($is_create) {
|
||||
$v_projects = array();
|
||||
@@ -93,7 +94,8 @@ final class PhabricatorPasteEditController extends PhabricatorPasteController {
|
||||
|
||||
$v_title = $request->getStr('title');
|
||||
$v_language = $request->getStr('language');
|
||||
$v_policy = $request->getStr('can_view');
|
||||
$v_view_policy = $request->getStr('can_view');
|
||||
$v_edit_policy = $request->getStr('can_edit');
|
||||
$v_projects = $request->getArr('projects');
|
||||
|
||||
// NOTE: The author is the only editor and can always view the paste,
|
||||
@@ -119,7 +121,10 @@ final class PhabricatorPasteEditController extends PhabricatorPasteController {
|
||||
->setNewValue($v_language);
|
||||
$xactions[] = id(new PhabricatorPasteTransaction())
|
||||
->setTransactionType(PhabricatorTransactions::TYPE_VIEW_POLICY)
|
||||
->setNewValue($v_policy);
|
||||
->setNewValue($v_view_policy);
|
||||
$xactions[] = id(new PhabricatorPasteTransaction())
|
||||
->setTransactionType(PhabricatorTransactions::TYPE_EDIT_POLICY)
|
||||
->setNewValue($v_edit_policy);
|
||||
|
||||
$proj_edge_type = PhabricatorProjectObjectHasProjectEdgeType::EDGECONST;
|
||||
$xactions[] = id(new PhabricatorPasteTransaction())
|
||||
@@ -136,7 +141,8 @@ final class PhabricatorPasteEditController extends PhabricatorPasteController {
|
||||
} else {
|
||||
// make sure we update policy so its correctly populated to what
|
||||
// the user chose
|
||||
$paste->setViewPolicy($v_policy);
|
||||
$paste->setViewPolicy($v_view_policy);
|
||||
$paste->setEditPolicy($v_edit_policy);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -174,6 +180,13 @@ final class PhabricatorPasteEditController extends PhabricatorPasteController {
|
||||
->setPolicies($policies)
|
||||
->setName('can_view'));
|
||||
|
||||
$form->appendChild(
|
||||
id(new AphrontFormPolicyControl())
|
||||
->setUser($user)
|
||||
->setCapability(PhabricatorPolicyCapability::CAN_EDIT)
|
||||
->setPolicyObject($paste)
|
||||
->setPolicies($policies)
|
||||
->setName('can_edit'));
|
||||
|
||||
if ($v_projects) {
|
||||
$project_handles = $this->loadViewerHandles($v_projects);
|
||||
|
||||
@@ -25,6 +25,7 @@ final class PhabricatorPasteEditor
|
||||
'mime-type' => 'text/plain; charset=utf-8',
|
||||
'authorPHID' => $actor->getPHID(),
|
||||
'viewPolicy' => PhabricatorPolicies::POLICY_NOONE,
|
||||
'editPolicy' => PhabricatorPolicies::POLICY_NOONE,
|
||||
));
|
||||
}
|
||||
|
||||
@@ -35,6 +36,7 @@ final class PhabricatorPasteEditor
|
||||
$types[] = PhabricatorPasteTransaction::TYPE_TITLE;
|
||||
$types[] = PhabricatorPasteTransaction::TYPE_LANGUAGE;
|
||||
$types[] = PhabricatorTransactions::TYPE_VIEW_POLICY;
|
||||
$types[] = PhabricatorTransactions::TYPE_EDIT_POLICY;
|
||||
$types[] = PhabricatorTransactions::TYPE_COMMENT;
|
||||
|
||||
return $types;
|
||||
@@ -83,6 +85,9 @@ final class PhabricatorPasteEditor
|
||||
case PhabricatorTransactions::TYPE_VIEW_POLICY:
|
||||
$object->setViewPolicy($xaction->getNewValue());
|
||||
return;
|
||||
case PhabricatorTransactions::TYPE_EDIT_POLICY:
|
||||
$object->setEditPolicy($xaction->getNewValue());
|
||||
return;
|
||||
case PhabricatorTransactions::TYPE_COMMENT:
|
||||
case PhabricatorTransactions::TYPE_SUBSCRIBERS:
|
||||
case PhabricatorTransactions::TYPE_EDGE:
|
||||
@@ -101,6 +106,7 @@ final class PhabricatorPasteEditor
|
||||
case PhabricatorPasteTransaction::TYPE_TITLE:
|
||||
case PhabricatorPasteTransaction::TYPE_LANGUAGE:
|
||||
case PhabricatorTransactions::TYPE_VIEW_POLICY:
|
||||
case PhabricatorTransactions::TYPE_EDIT_POLICY:
|
||||
case PhabricatorTransactions::TYPE_COMMENT:
|
||||
case PhabricatorTransactions::TYPE_SUBSCRIBERS:
|
||||
case PhabricatorTransactions::TYPE_EDGE:
|
||||
|
||||
@@ -17,6 +17,7 @@ final class PhabricatorPaste extends PhabricatorPasteDAO
|
||||
protected $language;
|
||||
protected $parentPHID;
|
||||
protected $viewPolicy;
|
||||
protected $editPolicy;
|
||||
protected $mailKey;
|
||||
|
||||
private $content = self::ATTACHABLE;
|
||||
@@ -29,11 +30,13 @@ final class PhabricatorPaste extends PhabricatorPasteDAO
|
||||
->executeOne();
|
||||
|
||||
$view_policy = $app->getPolicy(PasteDefaultViewCapability::CAPABILITY);
|
||||
$edit_policy = $app->getPolicy(PasteDefaultEditCapability::CAPABILITY);
|
||||
|
||||
return id(new PhabricatorPaste())
|
||||
->setTitle('')
|
||||
->setAuthorPHID($actor->getPHID())
|
||||
->setViewPolicy($view_policy);
|
||||
->setViewPolicy($view_policy)
|
||||
->setEditPolicy($edit_policy);
|
||||
}
|
||||
|
||||
public function getURI() {
|
||||
@@ -146,6 +149,8 @@ final class PhabricatorPaste extends PhabricatorPasteDAO
|
||||
public function getPolicy($capability) {
|
||||
if ($capability == PhabricatorPolicyCapability::CAN_VIEW) {
|
||||
return $this->viewPolicy;
|
||||
} else if ($capability == PhabricatorPolicyCapability::CAN_EDIT) {
|
||||
return $this->editPolicy;
|
||||
}
|
||||
return PhabricatorPolicies::POLICY_NOONE;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user