Remove Join Policy from Phame
Summary: Drops Join Policy, uses Edit Policy where needed. Allows anyone with Blog Edit permissions to post and edit any post on that blog. Fixes T5371 Test Plan: Draft Post as chad, see post, log in with notchad, edit that post and publish it. Reviewers: epriestley Reviewed By: epriestley Subscribers: Korvin Maniphest Tasks: T5371 Differential Revision: https://secure.phabricator.com/D14444
This commit is contained in:
Chad Little
@@ -0,0 +1,2 @@
|
||||
ALTER TABLE {$NAMESPACE}_phame.phame_blog
|
||||
DROP joinPolicy;
|
||||
@@ -73,7 +73,8 @@ final class PhameCreatePostConduitAPIMethod extends PhameConduitAPIMethod {
|
||||
->withPHIDs(array($blog_phid))
|
||||
->requireCapabilities(
|
||||
array(
|
||||
PhabricatorPolicyCapability::CAN_JOIN,
|
||||
PhabricatorPolicyCapability::CAN_VIEW,
|
||||
PhabricatorPolicyCapability::CAN_EDIT,
|
||||
))
|
||||
->executeOne();
|
||||
|
||||
|
||||
@@ -49,7 +49,6 @@ final class PhameBlogEditController
|
||||
$skin = $blog->getSkin();
|
||||
$can_view = $blog->getViewPolicy();
|
||||
$can_edit = $blog->getEditPolicy();
|
||||
$can_join = $blog->getJoinPolicy();
|
||||
|
||||
$e_name = true;
|
||||
$e_custom_domain = null;
|
||||
@@ -62,7 +61,6 @@ final class PhameBlogEditController
|
||||
$skin = $request->getStr('skin');
|
||||
$can_view = $request->getStr('can_view');
|
||||
$can_edit = $request->getStr('can_edit');
|
||||
$can_join = $request->getStr('can_join');
|
||||
$v_projects = $request->getArr('projects');
|
||||
$v_cc = $request->getArr('cc');
|
||||
|
||||
@@ -85,9 +83,6 @@ final class PhameBlogEditController
|
||||
id(new PhameBlogTransaction())
|
||||
->setTransactionType(PhabricatorTransactions::TYPE_EDIT_POLICY)
|
||||
->setNewValue($can_edit),
|
||||
id(new PhameBlogTransaction())
|
||||
->setTransactionType(PhabricatorTransactions::TYPE_JOIN_POLICY)
|
||||
->setNewValue($can_join),
|
||||
id(new PhameBlogTransaction())
|
||||
->setTransactionType(PhabricatorTransactions::TYPE_SUBSCRIBERS)
|
||||
->setNewValue(array('=' => $v_cc)),
|
||||
@@ -170,14 +165,6 @@ final class PhameBlogEditController
|
||||
->setPolicies($policies)
|
||||
->setValue($can_edit)
|
||||
->setName('can_edit'))
|
||||
->appendChild(
|
||||
id(new AphrontFormPolicyControl())
|
||||
->setUser($viewer)
|
||||
->setCapability(PhabricatorPolicyCapability::CAN_JOIN)
|
||||
->setPolicyObject($blog)
|
||||
->setPolicies($policies)
|
||||
->setValue($can_join)
|
||||
->setName('can_join'))
|
||||
->appendControl(
|
||||
id(new AphrontFormTokenizerControl())
|
||||
->setLabel(pht('Projects'))
|
||||
|
||||
@@ -100,10 +100,6 @@ final class PhameBlogViewController extends PhameBlogController {
|
||||
pht('Editable By'),
|
||||
$descriptions[PhabricatorPolicyCapability::CAN_EDIT]);
|
||||
|
||||
$properties->addProperty(
|
||||
pht('Joinable By'),
|
||||
$descriptions[PhabricatorPolicyCapability::CAN_JOIN]);
|
||||
|
||||
$engine = id(new PhabricatorMarkupEngine())
|
||||
->setViewer($viewer)
|
||||
->addObject($blog, PhameBlog::MARKUP_FIELD_DESCRIPTION)
|
||||
@@ -136,18 +132,13 @@ final class PhameBlogViewController extends PhameBlogController {
|
||||
$blog,
|
||||
PhabricatorPolicyCapability::CAN_EDIT);
|
||||
|
||||
$can_join = PhabricatorPolicyFilter::hasCapability(
|
||||
$viewer,
|
||||
$blog,
|
||||
PhabricatorPolicyCapability::CAN_JOIN);
|
||||
|
||||
$actions->addAction(
|
||||
id(new PhabricatorActionView())
|
||||
->setIcon('fa-plus')
|
||||
->setHref($this->getApplicationURI('post/edit/?blog='.$blog->getID()))
|
||||
->setName(pht('Write Post'))
|
||||
->setDisabled(!$can_join)
|
||||
->setWorkflow(!$can_join));
|
||||
->setDisabled(!$can_edit)
|
||||
->setWorkflow(!$can_edit));
|
||||
|
||||
$actions->addAction(
|
||||
id(new PhabricatorActionView())
|
||||
|
||||
@@ -36,7 +36,7 @@ final class PhamePostEditController extends PhamePostController {
|
||||
->requireCapabilities(
|
||||
array(
|
||||
PhabricatorPolicyCapability::CAN_VIEW,
|
||||
PhabricatorPolicyCapability::CAN_JOIN,
|
||||
PhabricatorPolicyCapability::CAN_EDIT,
|
||||
))
|
||||
->executeOne();
|
||||
if (!$blog) {
|
||||
|
||||
@@ -30,7 +30,7 @@ final class PhamePostNewController extends PhamePostController {
|
||||
->withIDs(array($request->getInt('blog')))
|
||||
->requireCapabilities(
|
||||
array(
|
||||
PhabricatorPolicyCapability::CAN_JOIN,
|
||||
PhabricatorPolicyCapability::CAN_EDIT,
|
||||
))
|
||||
->executeOne();
|
||||
|
||||
@@ -52,7 +52,7 @@ final class PhamePostNewController extends PhamePostController {
|
||||
->setViewer($viewer)
|
||||
->requireCapabilities(
|
||||
array(
|
||||
PhabricatorPolicyCapability::CAN_JOIN,
|
||||
PhabricatorPolicyCapability::CAN_EDIT,
|
||||
))
|
||||
->execute();
|
||||
|
||||
@@ -65,7 +65,7 @@ final class PhamePostNewController extends PhamePostController {
|
||||
$notification = id(new PHUIInfoView())
|
||||
->setSeverity(PHUIInfoView::SEVERITY_NODATA)
|
||||
->appendChild(
|
||||
pht('You do not have permission to join any blogs. Create a blog '.
|
||||
pht('You do not have permission to post to any blogs. Create a blog '.
|
||||
'first, then you can post to it.'));
|
||||
|
||||
} else {
|
||||
|
||||
@@ -123,6 +123,7 @@ final class PhamePostViewController extends PhamePostController {
|
||||
id(new PhabricatorActionView())
|
||||
->setIcon('fa-eye')
|
||||
->setHref($this->getApplicationURI('post/publish/'.$id.'/'))
|
||||
->setDisabled(!$can_edit)
|
||||
->setName(pht('Preview / Publish')));
|
||||
} else {
|
||||
$actions->addAction(
|
||||
@@ -130,6 +131,7 @@ final class PhamePostViewController extends PhamePostController {
|
||||
->setIcon('fa-eye-slash')
|
||||
->setHref($this->getApplicationURI('post/unpublish/'.$id.'/'))
|
||||
->setName(pht('Unpublish'))
|
||||
->setDisabled(!$can_edit)
|
||||
->setWorkflow(true));
|
||||
}
|
||||
|
||||
|
||||
@@ -20,7 +20,6 @@ final class PhameBlogEditor
|
||||
$types[] = PhameBlogTransaction::TYPE_SKIN;
|
||||
$types[] = PhabricatorTransactions::TYPE_VIEW_POLICY;
|
||||
$types[] = PhabricatorTransactions::TYPE_EDIT_POLICY;
|
||||
$types[] = PhabricatorTransactions::TYPE_JOIN_POLICY;
|
||||
|
||||
return $types;
|
||||
}
|
||||
|
||||
@@ -20,7 +20,6 @@ final class PhameBlog extends PhameDAO
|
||||
protected $creatorPHID;
|
||||
protected $viewPolicy;
|
||||
protected $editPolicy;
|
||||
protected $joinPolicy;
|
||||
protected $mailKey;
|
||||
|
||||
private static $requestBlog;
|
||||
@@ -39,7 +38,6 @@ final class PhameBlog extends PhameDAO
|
||||
|
||||
// T6203/NULLABILITY
|
||||
// These policies should always be non-null.
|
||||
'joinPolicy' => 'policy?',
|
||||
'editPolicy' => 'policy?',
|
||||
'viewPolicy' => 'policy?',
|
||||
),
|
||||
@@ -73,8 +71,7 @@ final class PhameBlog extends PhameDAO
|
||||
$blog = id(new PhameBlog())
|
||||
->setCreatorPHID($actor->getPHID())
|
||||
->setViewPolicy(PhabricatorPolicies::getMostOpenPolicy())
|
||||
->setEditPolicy(PhabricatorPolicies::POLICY_USER)
|
||||
->setJoinPolicy(PhabricatorPolicies::POLICY_USER);
|
||||
->setEditPolicy(PhabricatorPolicies::POLICY_USER);
|
||||
return $blog;
|
||||
}
|
||||
|
||||
@@ -236,7 +233,6 @@ final class PhameBlog extends PhameDAO
|
||||
return array(
|
||||
PhabricatorPolicyCapability::CAN_VIEW,
|
||||
PhabricatorPolicyCapability::CAN_EDIT,
|
||||
PhabricatorPolicyCapability::CAN_JOIN,
|
||||
);
|
||||
}
|
||||
|
||||
@@ -247,14 +243,11 @@ final class PhameBlog extends PhameDAO
|
||||
return $this->getViewPolicy();
|
||||
case PhabricatorPolicyCapability::CAN_EDIT:
|
||||
return $this->getEditPolicy();
|
||||
case PhabricatorPolicyCapability::CAN_JOIN:
|
||||
return $this->getJoinPolicy();
|
||||
}
|
||||
}
|
||||
|
||||
public function hasAutomaticCapability($capability, PhabricatorUser $user) {
|
||||
$can_edit = PhabricatorPolicyCapability::CAN_EDIT;
|
||||
$can_join = PhabricatorPolicyCapability::CAN_JOIN;
|
||||
|
||||
switch ($capability) {
|
||||
case PhabricatorPolicyCapability::CAN_VIEW:
|
||||
@@ -262,15 +255,6 @@ final class PhameBlog extends PhameDAO
|
||||
if (PhabricatorPolicyFilter::hasCapability($user, $this, $can_edit)) {
|
||||
return true;
|
||||
}
|
||||
if (PhabricatorPolicyFilter::hasCapability($user, $this, $can_join)) {
|
||||
return true;
|
||||
}
|
||||
break;
|
||||
case PhabricatorPolicyCapability::CAN_JOIN:
|
||||
// Users who can edit a blog can always post to it.
|
||||
if (PhabricatorPolicyFilter::hasCapability($user, $this, $can_edit)) {
|
||||
return true;
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
||||
@@ -282,10 +266,7 @@ final class PhameBlog extends PhameDAO
|
||||
switch ($capability) {
|
||||
case PhabricatorPolicyCapability::CAN_VIEW:
|
||||
return pht(
|
||||
'Users who can edit or post on a blog can always view it.');
|
||||
case PhabricatorPolicyCapability::CAN_JOIN:
|
||||
return pht(
|
||||
'Users who can edit a blog can always post on it.');
|
||||
'Users who can edit a blog can always view it.');
|
||||
}
|
||||
|
||||
return null;
|
||||
|
||||
@@ -198,18 +198,21 @@ final class PhamePost extends PhameDAO
|
||||
case PhabricatorPolicyCapability::CAN_VIEW:
|
||||
if (!$this->isDraft() && $this->getBlog()) {
|
||||
return $this->getBlog()->getViewPolicy();
|
||||
} else {
|
||||
return PhabricatorPolicies::POLICY_NOONE;
|
||||
} else if ($this->getBlog()) {
|
||||
return $this->getBlog()->getEditPolicy();
|
||||
}
|
||||
break;
|
||||
case PhabricatorPolicyCapability::CAN_EDIT:
|
||||
return PhabricatorPolicies::POLICY_NOONE;
|
||||
if ($this->getBlog()) {
|
||||
return $this->getBlog()->getEditPolicy();
|
||||
} else {
|
||||
return PhabricatorPolicies::POLICY_NOONE;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public function hasAutomaticCapability($capability, PhabricatorUser $user) {
|
||||
// A blog post's author can always view it, and is the only user allowed
|
||||
// to edit it.
|
||||
// A blog post's author can always view it.
|
||||
|
||||
switch ($capability) {
|
||||
case PhabricatorPolicyCapability::CAN_VIEW:
|
||||
|
||||
Reference in New Issue
Block a user