archive/phabricator
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity
Files
267ff7fbc9c2ec7419b08262c219df454865f57d
phabricator/src/applications/mailinglists/controller/PhabricatorMailingListsController.php
epriestley 267ff7fbc9 Add a policy restricting mailing list management 
Summary:
Fixes T7291. There are a class of spam/annoyance attacks here that we should be more strict about preventing, since you can add an individual's address as a mailing list.

This application is likely on the way out so I didn't bother trying to do per-object policies.

Test Plan: Set policy restrictively and could no longer create or edit mailing lists.

Reviewers: joshuaspence, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7291

Differential Revision: https://secure.phabricator.com/D11783
2015-02-17 11:14:26 -08:00

46 lines
1.1 KiB
PHP
Raw Blame History

<?php
abstract class PhabricatorMailingListsController extends PhabricatorController {
public function buildSideNavView($for_app = false) {
$user = $this->getRequest()->getUser();
$nav = new AphrontSideNavFilterView();
$nav->setBaseURI(new PhutilURI($this->getApplicationURI()));
if ($for_app) {
$nav->addFilter('edit', pht('Create List'));
}
id(new PhabricatorMailingListSearchEngine())
->setViewer($user)
->addNavigationItems($nav->getMenu());
$nav->selectFilter(null);
return $nav;
}
public function buildApplicationMenu() {
return $this->buildSideNavView(true)->getMenu();
}
protected function buildApplicationCrumbs() {
$crumbs = parent::buildApplicationCrumbs();
$can_manage = $this->hasApplicationCapability(
PhabricatorMailingListsManageCapability::CAPABILITY);
$crumbs->addAction(
id(new PHUIListItemView())
->setName(pht('Create List'))
->setHref($this->getApplicationURI('edit/'))
->setIcon('fa-plus-square')
->setDisabled(!$can_manage)
->setWorkflow(!$can_manage));
return $crumbs;
}
}
Reference in New Issue View Git Blame Copy Permalink