archive/phabricator
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity
Files
460051c1d82aedaddebd398755fb397a58103929
phabricator/src/applications/differential/controller/DifferentialInlineCommentEditController.php
epriestley 9b3d7b0dba Make most Differential reads policy-aware 
Summary: Ref T603. Makes the majority of reads policy aware (and pretty much all the important ones).

Test Plan:
  - Created a comment with `differential.createcomment`.
  - Created a new revision with `arc diff` in order to exercise `differential.creatediff`.
  - Created an inline comment with `differential.createinline`.
  - Added a comment to a revision.
  - Edited an inline comment.
  - Edited a revision.
  - Wrote "Depends on ..." in a summary, saved, verified link was created.
  - Browsed a file in Diffusion.
  - Got past the code I changed in the Releeph request thing.
  - Edited a Releeph request.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D7136
2013-09-26 12:37:19 -07:00

77 lines
1.8 KiB
PHP
Raw Blame History

<?php
final class DifferentialInlineCommentEditController
extends PhabricatorInlineCommentController {
private $revisionID;
public function willProcessRequest(array $data) {
$this->revisionID = $data['id'];
}
protected function createComment() {
// Verify revision and changeset correspond to actual objects.
$revision_id = $this->revisionID;
$changeset_id = $this->getChangesetID();
$viewer = $this->getRequest()->getUser();
$revision = id(new DifferentialRevisionQuery())
->setViewer($viewer)
->withIDs(array($revision_id))
->executeOne();
if (!$revision) {
throw new Exception("Invalid revision ID!");
}
if (!id(new DifferentialChangeset())->load($changeset_id)) {
throw new Exception("Invalid changeset ID!");
}
return id(new DifferentialInlineComment())
->setRevisionID($revision_id)
->setChangesetID($changeset_id);
}
protected function loadComment($id) {
return id(new DifferentialInlineCommentQuery())
->withIDs(array($id))
->executeOne();
}
protected function loadCommentForEdit($id) {
$request = $this->getRequest();
$user = $request->getUser();
$inline = $this->loadComment($id);
if (!$this->canEditInlineComment($user, $inline)) {
throw new Exception("That comment is not editable!");
}
return $inline;
}
private function canEditInlineComment(
PhabricatorUser $user,
DifferentialInlineComment $inline) {
// Only the author may edit a comment.
if ($inline->getAuthorPHID() != $user->getPHID()) {
return false;
}
// Saved comments may not be edited.
if ($inline->getCommentID()) {
return false;
}
// Inline must be attached to the active revision.
if ($inline->getRevisionID() != $this->revisionID) {
return false;
}
return true;
}
}
Reference in New Issue View Git Blame Copy Permalink