@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.)
hq.recaptime.dev/wiki/Phorge
phorge
phabricator
Simplify custom policies before saving, and reject meaningless policies
Summary:
Ref T603. Do a little more sanity checking on custom policies, so policies like this:
[ Allow ] [ Users ] [ <no users> ]
...that don't specify anything and thus which aren't meaningful raise errors.
Test Plan: {F69570}
Reviewers: btrahan
Reviewed By: btrahan
CC: aran
Maniphest Tasks: T603
Differential Revision: https://secure.phabricator.com/D7314
+55
-13
+36
-13
src/applications/policy/controller/PhabricatorPolicyEditController.php
+36
-13
src/applications/policy/controller/PhabricatorPolicyEditController.php
···
49
49
$default_action = $policy->getDefaultAction();
50
50
$rule_data = $policy->getRules();
51
51
52
+
$errors = array();
52
53
if ($request->isFormPost()) {
53
54
$data = $request->getStr('rules');
54
55
$data = @json_decode($data, true);
···
83
84
);
84
85
}
85
86
87
+
// Filter out nonsense rules, like a "users" rule without any users
88
+
// actually specified.
89
+
$valid_rules = array();
90
+
foreach ($rule_data as $rule) {
91
+
$rule_class = $rule['rule'];
92
+
if ($rules[$rule_class]->ruleHasEffect($rule['value'])) {
93
+
$valid_rules[] = $rule;
94
+
}
95
+
}
96
+
97
+
if (!$valid_rules) {
98
+
$errors[] = pht('None of these policy rules have any effect.');
99
+
}
100
+
86
101
// NOTE: Policies are immutable once created, and we always create a new
87
102
// policy here. If we didn't, we would need to lock this endpoint down,
88
103
// as users could otherwise just go edit the policies of objects with
89
104
// custom policies.
90
105
91
-
$new_policy = new PhabricatorPolicy();
92
-
$new_policy->setRules($rule_data);
93
-
$new_policy->setDefaultAction($request->getStr('default'));
94
-
$new_policy->save();
106
+
if (!$errors) {
107
+
$new_policy = new PhabricatorPolicy();
108
+
$new_policy->setRules($valid_rules);
109
+
$new_policy->setDefaultAction($request->getStr('default'));
110
+
$new_policy->save();
95
111
96
-
$data = array(
97
-
'phid' => $new_policy->getPHID(),
98
-
'info' => array(
99
-
'name' => $new_policy->getName(),
100
-
'full' => $new_policy->getName(),
101
-
'icon' => $new_policy->getIcon(),
102
-
),
103
-
);
112
+
$data = array(
113
+
'phid' => $new_policy->getPHID(),
114
+
'info' => array(
115
+
'name' => $new_policy->getName(),
116
+
'full' => $new_policy->getName(),
117
+
'icon' => $new_policy->getIcon(),
118
+
),
119
+
);
104
120
105
-
return id(new AphrontAjaxResponse())->setContent($data);
121
+
return id(new AphrontAjaxResponse())->setContent($data);
122
+
}
106
123
}
107
124
108
125
// Convert rule values to display format (for example, expanding PHIDs
···
120
137
'name' => 'default',
121
138
));
122
139
140
+
if ($errors) {
141
+
$errors = id(new AphrontErrorView())
142
+
->setErrors($errors);
143
+
}
144
+
123
145
$form = id(new PHUIFormLayoutView())
146
+
->appendChild($errors)
124
147
->appendChild(
125
148
javelin_tag(
126
149
'input',
+11
src/applications/policy/rule/PhabricatorPolicyRule.php
+11
src/applications/policy/rule/PhabricatorPolicyRule.php
···
34
34
return $value;
35
35
}
36
36
37
+
/**
38
+
* Return true if the given value creates a rule with a meaningful effect.
39
+
* An example of a rule with no meaningful effect is a "users" rule with no
40
+
* users specified.
41
+
*
42
+
* @return bool True if the value creates a meaningful rule.
43
+
*/
44
+
public function ruleHasEffect($value) {
45
+
return true;
46
+
}
47
+
37
48
}
+4
src/applications/policy/rule/PhabricatorPolicyRuleProjects.php
+4
src/applications/policy/rule/PhabricatorPolicyRuleProjects.php