diff --git a/src/applications/conduit/method/remarkup/ConduitAPI_remarkup_process_Method.php b/src/applications/conduit/method/remarkup/ConduitAPI_remarkup_process_Method.php index 6d8d975a79..892776ad51 100644 --- a/src/applications/conduit/method/remarkup/ConduitAPI_remarkup_process_Method.php +++ b/src/applications/conduit/method/remarkup/ConduitAPI_remarkup_process_Method.php @@ -57,6 +57,7 @@ final class ConduitAPI_remarkup_process_Method extends ConduitAPIMethod { } $engine = PhabricatorMarkupEngine::$engine_class(); + $engine->setConfig('viewer', $request->getUser()); $result = array( 'content' => $engine->markupText($content), diff --git a/src/applications/maniphest/controller/ManiphestTaskDescriptionChangeController.php b/src/applications/maniphest/controller/ManiphestTaskDescriptionChangeController.php index eda546d22b..d28f209ab6 100644 --- a/src/applications/maniphest/controller/ManiphestTaskDescriptionChangeController.php +++ b/src/applications/maniphest/controller/ManiphestTaskDescriptionChangeController.php @@ -64,6 +64,7 @@ final class ManiphestTaskDescriptionChangeController $handles = $this->loadViewerHandles($phids); $engine = new PhabricatorMarkupEngine(); + $engine->setViewer($user); $engine->addObject($transaction, ManiphestTransaction::MARKUP_FIELD_BODY); $engine->process(); diff --git a/src/applications/maniphest/controller/ManiphestTaskDescriptionPreviewController.php b/src/applications/maniphest/controller/ManiphestTaskDescriptionPreviewController.php index 17a89f6991..35989c9e57 100644 --- a/src/applications/maniphest/controller/ManiphestTaskDescriptionPreviewController.php +++ b/src/applications/maniphest/controller/ManiphestTaskDescriptionPreviewController.php @@ -23,7 +23,6 @@ final class ManiphestTaskDescriptionPreviewController extends ManiphestController { public function processRequest() { - $request = $this->getRequest(); $description = $request->getStr('description'); @@ -32,7 +31,8 @@ final class ManiphestTaskDescriptionPreviewController $output = PhabricatorMarkupEngine::renderOneObject( $task, - ManiphestTask::MARKUP_FIELD_DESCRIPTION); + ManiphestTask::MARKUP_FIELD_DESCRIPTION, + $request->getUser()); $content = '
'. diff --git a/src/applications/maniphest/controller/ManiphestTaskDetailController.php b/src/applications/maniphest/controller/ManiphestTaskDetailController.php index cf1f15165a..12615caac5 100644 --- a/src/applications/maniphest/controller/ManiphestTaskDetailController.php +++ b/src/applications/maniphest/controller/ManiphestTaskDetailController.php @@ -314,6 +314,7 @@ final class ManiphestTaskDetailController extends ManiphestController { $headsup_panel->setProperties($dict); $engine = new PhabricatorMarkupEngine(); + $engine->setViewer($user); $engine->addObject($task, ManiphestTask::MARKUP_FIELD_DESCRIPTION); foreach ($transactions as $xaction) { if ($xaction->hasComments()) { diff --git a/src/applications/maniphest/controller/ManiphestTransactionPreviewController.php b/src/applications/maniphest/controller/ManiphestTransactionPreviewController.php index 82c41f6ea4..2206933e78 100644 --- a/src/applications/maniphest/controller/ManiphestTransactionPreviewController.php +++ b/src/applications/maniphest/controller/ManiphestTransactionPreviewController.php @@ -119,6 +119,7 @@ final class ManiphestTransactionPreviewController extends ManiphestController { $transactions[] = $transaction; $engine = new PhabricatorMarkupEngine(); + $engine->setViewer($user); $engine->addObject($transaction, ManiphestTransaction::MARKUP_FIELD_BODY); $engine->process(); diff --git a/src/applications/phriction/controller/PhrictionDocumentController.php b/src/applications/phriction/controller/PhrictionDocumentController.php index 5f3253d44e..3ff4ea3b60 100644 --- a/src/applications/phriction/controller/PhrictionDocumentController.php +++ b/src/applications/phriction/controller/PhrictionDocumentController.php @@ -158,7 +158,7 @@ final class PhrictionDocumentController $doc_status = $document->getStatus(); if ($doc_status == PhrictionDocumentStatus::STATUS_EXISTS) { - $core_content = $content->renderContent(); + $core_content = $content->renderContent($user); } else if ($doc_status == PhrictionDocumentStatus::STATUS_DELETED) { $notice = new AphrontErrorView(); $notice->setSeverity(AphrontErrorView::SEVERITY_NOTICE); diff --git a/src/applications/phriction/controller/PhrictionDocumentPreviewController.php b/src/applications/phriction/controller/PhrictionDocumentPreviewController.php index 3790a67cf2..e5583cc890 100644 --- a/src/applications/phriction/controller/PhrictionDocumentPreviewController.php +++ b/src/applications/phriction/controller/PhrictionDocumentPreviewController.php @@ -42,9 +42,7 @@ final class PhrictionDocumentPreviewController $content_obj = new PhrictionContent(); $content_obj->setContent($document); - - $engine = PhabricatorMarkupEngine::newPhrictionMarkupEngine(); - $content = $content_obj->renderContent(); + $content = $content_obj->renderContent($request->getUser()); return id(new AphrontAjaxResponse())->setContent($content); } diff --git a/src/applications/phriction/storage/PhrictionContent.php b/src/applications/phriction/storage/PhrictionContent.php index da84fb1ce0..18d907db69 100644 --- a/src/applications/phriction/storage/PhrictionContent.php +++ b/src/applications/phriction/storage/PhrictionContent.php @@ -39,10 +39,11 @@ final class PhrictionContent extends PhrictionDAO protected $changeType; protected $changeRef; - public function renderContent() { + public function renderContent(PhabricatorUser $viewer) { return PhabricatorMarkupEngine::renderOneObject( $this, - self::MARKUP_FIELD_BODY); + self::MARKUP_FIELD_BODY, + $viewer); } diff --git a/src/applications/ponder/view/PonderCommentBodyView.php b/src/applications/ponder/view/PonderCommentBodyView.php index 4bf0a57ad3..b35407414f 100644 --- a/src/applications/ponder/view/PonderCommentBodyView.php +++ b/src/applications/ponder/view/PonderCommentBodyView.php @@ -75,7 +75,8 @@ final class PonderCommentBodyView extends AphrontView { $content = PhabricatorMarkupEngine::renderOneObject( $target, - $target->getMarkupField()); + $target->getMarkupField(), + $this->user); $content = '
'. diff --git a/src/infrastructure/markup/PhabricatorMarkupEngine.php b/src/infrastructure/markup/PhabricatorMarkupEngine.php index f9e11d520d..3a3c297d1e 100644 --- a/src/infrastructure/markup/PhabricatorMarkupEngine.php +++ b/src/infrastructure/markup/PhabricatorMarkupEngine.php @@ -56,6 +56,7 @@ final class PhabricatorMarkupEngine { private $objects = array(); + private $viewer; /* -( Markup Pipeline )---------------------------------------------------- */ @@ -67,13 +68,16 @@ final class PhabricatorMarkupEngine { * * @param PhabricatorMarkupInterface The object to render. * @param string The field to render. + * @param PhabricatorUser User viewing the markup. * @return string Marked up output. * @task markup */ public static function renderOneObject( PhabricatorMarkupInterface $object, - $field) { + $field, + PhabricatorUser $viewer) { return id(new PhabricatorMarkupEngine()) + ->setViewer($viewer) ->addObject($object, $field) ->process() ->getOutput($object, $field); @@ -126,6 +130,7 @@ final class PhabricatorMarkupEngine { $engines = array(); foreach ($objects as $key => $info) { $engines[$key] = $info['object']->newMarkupEngine($info['field']); + $engines[$key]->setConfig('viewer', $this->viewer); } // Load or build the preprocessor caches. @@ -243,9 +248,23 @@ final class PhabricatorMarkupEngine { } + /** + * Set the viewing user. Used to implement object permissions. + * + * @param PhabricatorUser The viewing user. + * @return this + * @task markup + */ + public function setViewer(PhabricatorUser $viewer) { + $this->viewer = $viewer; + return $this; + } + + /* -( Engine Construction )------------------------------------------------ */ + /** * @task engine */