recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Calendar events should have edit/view policies

Summary: Closes T7940, Calendar events should have edit/view policies.

Test Plan: Create new event and save, event should be only visible and editable by creator. Editing policies should correctly set the permissions of editing/viewing the event.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Maniphest Tasks: T7940

Differential Revision: https://secure.phabricator.com/D12632

lkassianik 11e8e602 f14e0bf2

+65 -3
+11
resources/sql/autopatches/20150430.calendar.1.policies.sql
··· 1 + ALTER TABLE {$NAMESPACE}_calendar.calendar_event 2 + ADD viewPolicy varbinary(64) NOT NULL; 3 + 4 + ALTER TABLE {$NAMESPACE}_calendar.calendar_event 5 + ADD editPolicy varbinary(64) NOT NULL; 6 + 7 + UPDATE {$NAMESPACE}_calendar.calendar_event 8 + SET viewPolicy = 'users' WHERE viewPolicy = ''; 9 + 10 + UPDATE {$NAMESPACE}_calendar.calendar_event 11 + SET editPolicy = userPHID;
+27
src/applications/calendar/controller/PhabricatorCalendarEventEditController.php
··· 138 138 PhabricatorCalendarEventTransaction::TYPE_DESCRIPTION) 139 139 ->setNewValue($description); 140 140 141 + $xactions[] = id(new PhabricatorCalendarEventTransaction()) 142 + ->setTransactionType(PhabricatorTransactions::TYPE_VIEW_POLICY) 143 + ->setNewValue($request->getStr('viewPolicy')); 144 + 145 + $xactions[] = id(new PhabricatorCalendarEventTransaction()) 146 + ->setTransactionType(PhabricatorTransactions::TYPE_EDIT_POLICY) 147 + ->setNewValue($request->getStr('editPolicy')); 148 + 141 149 $editor = id(new PhabricatorCalendarEventEditor()) 142 150 ->setActor($user) 143 151 ->setContentSourceFromRequest($request) ··· 179 187 ->setName('description') 180 188 ->setValue($event->getDescription()); 181 189 190 + $current_policies = id(new PhabricatorPolicyQuery()) 191 + ->setViewer($user) 192 + ->setObject($event) 193 + ->execute(); 194 + $view_policies = id(new AphrontFormPolicyControl()) 195 + ->setUser($user) 196 + ->setCapability(PhabricatorPolicyCapability::CAN_VIEW) 197 + ->setPolicyObject($event) 198 + ->setPolicies($current_policies) 199 + ->setName('viewPolicy'); 200 + $edit_policies = id(new AphrontFormPolicyControl()) 201 + ->setUser($user) 202 + ->setCapability(PhabricatorPolicyCapability::CAN_EDIT) 203 + ->setPolicyObject($event) 204 + ->setPolicies($current_policies) 205 + ->setName('editPolicy'); 206 + 182 207 $subscribers = id(new AphrontFormTokenizerControl()) 183 208 ->setLabel(pht('Subscribers')) 184 209 ->setName('subscribers') ··· 199 224 ->appendChild($status_select) 200 225 ->appendChild($start_time) 201 226 ->appendChild($end_time) 227 + ->appendControl($view_policies) 228 + ->appendControl($edit_policies) 202 229 ->appendControl($subscribers) 203 230 ->appendControl($invitees) 204 231 ->appendChild($description);
+27 -3
src/applications/calendar/storage/PhabricatorCalendarEvent.php
··· 18 18 protected $description; 19 19 protected $isCancelled; 20 20 21 + protected $viewPolicy; 22 + protected $editPolicy; 23 + 21 24 private $invitees = self::ATTACHABLE; 22 25 23 26 const STATUS_AWAY = 1; ··· 32 35 return id(new PhabricatorCalendarEvent()) 33 36 ->setUserPHID($actor->getPHID()) 34 37 ->setIsCancelled(0) 38 + ->setViewPolicy($actor->getPHID()) 39 + ->setEditPolicy($actor->getPHID()) 35 40 ->attachInvitees(array()); 36 41 } 37 42 ··· 224 229 public function getPolicy($capability) { 225 230 switch ($capability) { 226 231 case PhabricatorPolicyCapability::CAN_VIEW: 227 - return PhabricatorPolicies::getMostOpenPolicy(); 232 + return $this->getViewPolicy(); 228 233 case PhabricatorPolicyCapability::CAN_EDIT: 229 - return $this->getUserPHID(); 234 + return $this->getEditPolicy(); 230 235 } 231 236 } 232 237 233 238 public function hasAutomaticCapability($capability, PhabricatorUser $viewer) { 239 + // The owner of a task can always view and edit it. 240 + $user_phid = $this->getUserPHID(); 241 + if ($user_phid) { 242 + $viewer_phid = $viewer->getPHID(); 243 + if ($viewer_phid == $user_phid) { 244 + return true; 245 + } 246 + } 247 + 248 + if ($capability == PhabricatorPolicyCapability::CAN_VIEW) { 249 + $status = $this->getUserInviteStatus($viewer->getPHID()); 250 + if ($status == PhabricatorCalendarEventInvitee::STATUS_INVITED || 251 + $status == PhabricatorCalendarEventInvitee::STATUS_ATTENDING || 252 + $status == PhabricatorCalendarEventInvitee::STATUS_DECLINED) { 253 + return true; 254 + } 255 + } 256 + 234 257 return false; 235 258 } 236 259 237 260 public function describeAutomaticCapability($capability) { 238 - return null; 261 + return pht('The owner of an event can always view and edit it, 262 + and invitees can always view it.'); 239 263 } 240 264 241 265 /* -( PhabricatorApplicationTransactionInterface )------------------------- */