9181929ebc
Summary:
Fixes T4589. This implements much better policy behavior for files that aligns with user expectations.
Currently, all files have permissive visibility.
The new behavior is:
- Files uploaded via drag-and-drop to the home page or file upload page get permissive visibility, for ease of quickly sharing things like screenshots.
- Files uploaded via the manual file upload control get permissive visibility by default, but the user can select the policy they want at upload time in an explicit/obvious way.
- Files uploaded via drag-and-drop anywhere else (e.g., comments or Pholio) get restricted visibility (only the uploader).
- When the user applies a transaction to the object which uses the file, we attach the file to the object and punch a hole through the policies: if you can see the object, you can see the file.
- This rule requires things to use ApplicationTransactions, which is why this took so long to fix.
- The "attach stuff to the object" code has been in place for a long time and works correctly.
I'll land D8498 after this lands, too.
Test Plan:
- Uploaded via global homepage upload and file drag-and-drop upload, saw permissive visibility.
- Uploaded via comment area, saw restricted visibility.
- After commenting, verified links were established and the file became visible to users who could see the attached object.
- Verified Pholio (which is a bit of a special case) correctly attaches images.
Reviewers: btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T4589
Differential Revision: https://secure.phabricator.com/D10131
46 lines
1.2 KiB
PHP
46 lines
1.2 KiB
PHP
<?php
|
|
|
|
final class PhabricatorFileDropUploadController
|
|
extends PhabricatorFileController {
|
|
|
|
/**
|
|
* @phutil-external-symbol class PhabricatorStartup
|
|
*/
|
|
public function processRequest() {
|
|
$request = $this->getRequest();
|
|
$viewer = $request->getUser();
|
|
|
|
// NOTE: Throws if valid CSRF token is not present in the request.
|
|
$request->validateCSRF();
|
|
|
|
$data = PhabricatorStartup::getRawInput();
|
|
$name = $request->getStr('name');
|
|
|
|
// If there's no explicit view policy, make it very restrictive by default.
|
|
// This is the correct policy for files dropped onto objects during
|
|
// creation, comment and edit flows.
|
|
|
|
$view_policy = $request->getStr('viewPolicy');
|
|
if (!$view_policy) {
|
|
$view_policy = $viewer->getPHID();
|
|
}
|
|
|
|
$file = PhabricatorFile::newFromXHRUpload(
|
|
$data,
|
|
array(
|
|
'name' => $request->getStr('name'),
|
|
'authorPHID' => $viewer->getPHID(),
|
|
'viewPolicy' => $view_policy,
|
|
'isExplicitUpload' => true,
|
|
));
|
|
|
|
return id(new AphrontAjaxResponse())->setContent(
|
|
array(
|
|
'id' => $file->getID(),
|
|
'phid' => $file->getPHID(),
|
|
'uri' => $file->getBestURI(),
|
|
));
|
|
}
|
|
|
|
}
|