archive/phabricator
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

Improve consistency of policy enforcement on new repository edit UI

Browse Source 
Summary: Ref T2231. The policy rules are a little murky right now: the "Edit Repository" link requires CAN_EDIT, but the actualy page doesn't. Instead, require CAN_EDIT for the edit page.

Test Plan: As a user without CAN_EDIT, viewed a repository and clicked the edit link.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2231

Differential Revision: https://secure.phabricator.com/D7406
This commit is contained in:
epriestley
2013-10-25 15:58:02 -07:00
parent b57b72368c
commit e81bad9ba2
2 changed files with 29 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/applications/diffusion/controller/DiffusionRepositoryCreateController.php
View File

@@ -22,15 +22,10 @@ final class DiffusionRepositoryCreateController extends DiffusionController {
$repository = $this->getDiffusionRequest()->getRepository(); $repository = $this->getDiffusionRequest()->getRepository();
// Make sure we have CAN_EDIT. // Make sure we have CAN_EDIT.
id(new PhabricatorRepositoryQuery()) PhabricatorPolicyFilter::requireCapability(
->setViewer($viewer) $viewer,
->withIDs(array($repository->getID())) $repository,
->requireCapabilities( PhabricatorPolicyCapability::CAN_EDIT);
array(
PhabricatorPolicyCapability::CAN_VIEW,
PhabricatorPolicyCapability::CAN_EDIT,
))
->executeOne();
$this->setRepository($repository); $this->setRepository($repository);

95
src/applications/diffusion/controller/DiffusionRepositoryEditController.php
View File

@@ -4,10 +4,15 @@ final class DiffusionRepositoryEditController extends DiffusionController {
public function processRequest() { public function processRequest() {
$request = $this->getRequest(); $request = $this->getRequest();
$user = $request->getUser(); $viewer = $request->getUser();
$drequest = $this->diffusionRequest; $drequest = $this->diffusionRequest;
$repository = $drequest->getRepository(); $repository = $drequest->getRepository();
PhabricatorPolicyFilter::requireCapability(
$viewer,
$repository,
PhabricatorPolicyCapability::CAN_EDIT);
$is_svn = false; $is_svn = false;
$is_git = false; $is_git = false;
$is_hg = false; $is_hg = false;
@@ -77,12 +82,12 @@ final class DiffusionRepositoryEditController extends DiffusionController {
$this->buildActionsActions($repository)); $this->buildActionsActions($repository));
$xactions = id(new PhabricatorRepositoryTransactionQuery()) $xactions = id(new PhabricatorRepositoryTransactionQuery())
->setViewer($user) ->setViewer($viewer)
->withObjectPHIDs(array($repository->getPHID())) ->withObjectPHIDs(array($repository->getPHID()))
->execute(); ->execute();
$engine = id(new PhabricatorMarkupEngine()) $engine = id(new PhabricatorMarkupEngine())
->setViewer($user); ->setViewer($viewer);
foreach ($xactions as $xaction) { foreach ($xactions as $xaction) {
if ($xaction->getComment()) { if ($xaction->getComment()) {
$engine->addObject( $engine->addObject(
@@ -93,7 +98,7 @@ final class DiffusionRepositoryEditController extends DiffusionController {
$engine->process(); $engine->process();
$xaction_view = id(new PhabricatorApplicationTransactionView()) $xaction_view = id(new PhabricatorApplicationTransactionView())
->setUser($user) ->setUser($viewer)
->setObjectPHID($repository->getPHID()) ->setObjectPHID($repository->getPHID())
->setTransactions($xactions) ->setTransactions($xactions)
->setMarkupEngine($engine); ->setMarkupEngine($engine);
@@ -128,29 +133,21 @@ final class DiffusionRepositoryEditController extends DiffusionController {
} }
private function buildBasicActions(PhabricatorRepository $repository) { private function buildBasicActions(PhabricatorRepository $repository) {
$user = $this->getRequest()->getUser(); $viewer = $this->getRequest()->getUser();
$view = id(new PhabricatorActionListView()) $view = id(new PhabricatorActionListView())
->setObjectURI($this->getRequest()->getRequestURI()) ->setObjectURI($this->getRequest()->getRequestURI())
->setUser($user); ->setUser($viewer);
$can_edit = PhabricatorPolicyFilter::hasCapability(
$user,
$repository,
PhabricatorPolicyCapability::CAN_EDIT);
$edit = id(new PhabricatorActionView()) $edit = id(new PhabricatorActionView())
->setIcon('edit') ->setIcon('edit')
->setName(pht('Edit Basic Information')) ->setName(pht('Edit Basic Information'))
->setHref($this->getRepositoryControllerURI($repository, 'edit/basic/')) ->setHref($this->getRepositoryControllerURI($repository, 'edit/basic/'));
->setDisabled(!$can_edit)
->setWorkflow(!$can_edit);
$view->addAction($edit); $view->addAction($edit);
$activate = id(new PhabricatorActionView()) $activate = id(new PhabricatorActionView())
->setHref( ->setHref(
$this->getRepositoryControllerURI($repository, 'edit/activate/')) $this->getRepositoryControllerURI($repository, 'edit/activate/'))
->setDisabled(!$can_edit)
->setWorkflow(true); ->setWorkflow(true);
if ($repository->isTracked()) { if ($repository->isTracked()) {
@@ -172,10 +169,10 @@ final class DiffusionRepositoryEditController extends DiffusionController {
PhabricatorRepository $repository, PhabricatorRepository $repository,
PhabricatorActionListView $actions) { PhabricatorActionListView $actions) {
$user = $this->getRequest()->getUser(); $viewer = $this->getRequest()->getUser();
$view = id(new PHUIPropertyListView()) $view = id(new PHUIPropertyListView())
->setUser($user) ->setUser($viewer)
->setActionList($actions); ->setActionList($actions);
$view->addProperty(pht('Name'), $repository->getName()); $view->addProperty(pht('Name'), $repository->getName());
@@ -196,7 +193,7 @@ final class DiffusionRepositoryEditController extends DiffusionController {
$description = PhabricatorMarkupEngine::renderOneObject( $description = PhabricatorMarkupEngine::renderOneObject(
$repository, $repository,
'description', 'description',
$user); $viewer);
} }
$view->addTextContent($description); $view->addTextContent($description);
@@ -204,24 +201,17 @@ final class DiffusionRepositoryEditController extends DiffusionController {
} }
private function buildEncodingActions(PhabricatorRepository $repository) { private function buildEncodingActions(PhabricatorRepository $repository) {
$user = $this->getRequest()->getUser(); $viewer = $this->getRequest()->getUser();
$view = id(new PhabricatorActionListView()) $view = id(new PhabricatorActionListView())
->setObjectURI($this->getRequest()->getRequestURI()) ->setObjectURI($this->getRequest()->getRequestURI())
->setUser($user); ->setUser($viewer);
$can_edit = PhabricatorPolicyFilter::hasCapability(
$user,
$repository,
PhabricatorPolicyCapability::CAN_EDIT);
$edit = id(new PhabricatorActionView()) $edit = id(new PhabricatorActionView())
->setIcon('edit') ->setIcon('edit')
->setName(pht('Edit Text Encoding')) ->setName(pht('Edit Text Encoding'))
->setHref( ->setHref(
$this->getRepositoryControllerURI($repository, 'edit/encoding/')) $this->getRepositoryControllerURI($repository, 'edit/encoding/'));
->setWorkflow(!$can_edit)
->setDisabled(!$can_edit);
$view->addAction($edit); $view->addAction($edit);
return $view; return $view;
@@ -231,10 +221,10 @@ final class DiffusionRepositoryEditController extends DiffusionController {
PhabricatorRepository $repository, PhabricatorRepository $repository,
PhabricatorActionListView $actions) { PhabricatorActionListView $actions) {
$user = $this->getRequest()->getUser(); $viewer = $this->getRequest()->getUser();
$view = id(new PHUIPropertyListView()) $view = id(new PHUIPropertyListView())
->setUser($user) ->setUser($viewer)
->setActionList($actions) ->setActionList($actions)
->addSectionHeader(pht('Text Encoding')); ->addSectionHeader(pht('Text Encoding'));
@@ -255,18 +245,11 @@ final class DiffusionRepositoryEditController extends DiffusionController {
->setObjectURI($this->getRequest()->getRequestURI()) ->setObjectURI($this->getRequest()->getRequestURI())
->setUser($viewer); ->setUser($viewer);
$can_edit = PhabricatorPolicyFilter::hasCapability(
$viewer,
$repository,
PhabricatorPolicyCapability::CAN_EDIT);
$edit = id(new PhabricatorActionView()) $edit = id(new PhabricatorActionView())
->setIcon('edit') ->setIcon('edit')
->setName(pht('Edit Policies')) ->setName(pht('Edit Policies'))
->setHref( ->setHref(
$this->getRepositoryControllerURI($repository, 'edit/policy/')) $this->getRepositoryControllerURI($repository, 'edit/policy/'));
->setWorkflow(!$can_edit)
->setDisabled(!$can_edit);
$view->addAction($edit); $view->addAction($edit);
return $view; return $view;
@@ -306,18 +289,11 @@ final class DiffusionRepositoryEditController extends DiffusionController {
->setObjectURI($this->getRequest()->getRequestURI()) ->setObjectURI($this->getRequest()->getRequestURI())
->setUser($viewer); ->setUser($viewer);
$can_edit = PhabricatorPolicyFilter::hasCapability(
$viewer,
$repository,
PhabricatorPolicyCapability::CAN_EDIT);
$edit = id(new PhabricatorActionView()) $edit = id(new PhabricatorActionView())
->setIcon('edit') ->setIcon('edit')
->setName(pht('Edit Branches')) ->setName(pht('Edit Branches'))
->setHref( ->setHref(
$this->getRepositoryControllerURI($repository, 'edit/branches/')) $this->getRepositoryControllerURI($repository, 'edit/branches/'));
->setWorkflow(!$can_edit)
->setDisabled(!$can_edit);
$view->addAction($edit); $view->addAction($edit);
return $view; return $view;
@@ -359,18 +335,11 @@ final class DiffusionRepositoryEditController extends DiffusionController {
->setObjectURI($this->getRequest()->getRequestURI()) ->setObjectURI($this->getRequest()->getRequestURI())
->setUser($viewer); ->setUser($viewer);
$can_edit = PhabricatorPolicyFilter::hasCapability(
$viewer,
$repository,
PhabricatorPolicyCapability::CAN_EDIT);
$edit = id(new PhabricatorActionView()) $edit = id(new PhabricatorActionView())
->setIcon('edit') ->setIcon('edit')
->setName(pht('Edit Subversion Info')) ->setName(pht('Edit Subversion Info'))
->setHref( ->setHref(
$this->getRepositoryControllerURI($repository, 'edit/subversion/')) $this->getRepositoryControllerURI($repository, 'edit/subversion/'));
->setWorkflow(!$can_edit)
->setDisabled(!$can_edit);
$view->addAction($edit); $view->addAction($edit);
return $view; return $view;
@@ -407,18 +376,11 @@ final class DiffusionRepositoryEditController extends DiffusionController {
->setObjectURI($this->getRequest()->getRequestURI()) ->setObjectURI($this->getRequest()->getRequestURI())
->setUser($viewer); ->setUser($viewer);
$can_edit = PhabricatorPolicyFilter::hasCapability(
$viewer,
$repository,
PhabricatorPolicyCapability::CAN_EDIT);
$edit = id(new PhabricatorActionView()) $edit = id(new PhabricatorActionView())
->setIcon('edit') ->setIcon('edit')
->setName(pht('Edit Actions')) ->setName(pht('Edit Actions'))
->setHref( ->setHref(
$this->getRepositoryControllerURI($repository, 'edit/actions/')) $this->getRepositoryControllerURI($repository, 'edit/actions/'));
->setWorkflow(!$can_edit)
->setDisabled(!$can_edit);
$view->addAction($edit); $view->addAction($edit);
return $view; return $view;
@@ -457,18 +419,11 @@ final class DiffusionRepositoryEditController extends DiffusionController {
->setObjectURI($this->getRequest()->getRequestURI()) ->setObjectURI($this->getRequest()->getRequestURI())
->setUser($viewer); ->setUser($viewer);
$can_edit = PhabricatorPolicyFilter::hasCapability(
$viewer,
$repository,
PhabricatorPolicyCapability::CAN_EDIT);
$edit = id(new PhabricatorActionView()) $edit = id(new PhabricatorActionView())
->setIcon('edit') ->setIcon('edit')
->setName(pht('Edit Remote')) ->setName(pht('Edit Remote'))
->setHref( ->setHref(
$this->getRepositoryControllerURI($repository, 'edit/remote/')) $this->getRepositoryControllerURI($repository, 'edit/remote/'));
->setWorkflow(!$can_edit)
->setDisabled(!$can_edit);
$view->addAction($edit); $view->addAction($edit);
return $view; return $view;