recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Make document signatures visible to only document owners and signers

Summary:
Ref T3116. Currently signatures are visible to anyone, but they should be more private than that. Instead, you can see a signature if:

- It's a signature on a document you can edit; or
- it's your signature.

I'm going to lock down the signatures page a bit in general, but this makes sure that the root policy is correct.

Test Plan:
- Signed a document.
- Viewed signatures of a document.

Reviewers: chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T3116

Differential Revision: https://secure.phabricator.com/D9764

epriestley 45d61b71 0398559c

+48 -10
+30 -7
src/applications/legalpad/query/LegalpadDocumentSignatureQuery.php
··· 46 46 $this->buildOrderClause($conn_r), 47 47 $this->buildLimitClause($conn_r)); 48 48 49 - $documents = $table->loadAllFromArray($data); 49 + $signatures = $table->loadAllFromArray($data); 50 + 51 + return $signatures; 52 + } 53 + 54 + protected function willFilterPage(array $signatures) { 55 + $document_phids = mpull($signatures, 'getDocumentPHID'); 56 + 57 + $documents = id(new LegalpadDocumentQuery()) 58 + ->setParentQuery($this) 59 + ->setViewer($this->getViewer()) 60 + ->withPHIDs($document_phids) 61 + ->execute(); 62 + $documents = mpull($documents, null, 'getPHID'); 63 + 64 + foreach ($signatures as $key => $signature) { 65 + $document_phid = $signature->getDocumentPHID(); 66 + $document = idx($documents, $document_phid); 67 + if ($document) { 68 + $signature->attachDocument($document); 69 + } else { 70 + unset($signatures[$key]); 71 + } 72 + } 50 73 51 - return $documents; 74 + return $signatures; 52 75 } 53 76 54 77 protected function buildWhereClause($conn_r) { ··· 56 79 57 80 $where[] = $this->buildPagingClause($conn_r); 58 81 59 - if ($this->ids) { 82 + if ($this->ids !== null) { 60 83 $where[] = qsprintf( 61 84 $conn_r, 62 85 'id IN (%Ld)', 63 86 $this->ids); 64 87 } 65 88 66 - if ($this->documentPHIDs) { 89 + if ($this->documentPHIDs !== null) { 67 90 $where[] = qsprintf( 68 91 $conn_r, 69 92 'documentPHID IN (%Ls)', 70 93 $this->documentPHIDs); 71 94 } 72 95 73 - if ($this->signerPHIDs) { 96 + if ($this->signerPHIDs !== null) { 74 97 $where[] = qsprintf( 75 98 $conn_r, 76 99 'signerPHID IN (%Ls)', 77 100 $this->signerPHIDs); 78 101 } 79 102 80 - if ($this->documentVersions) { 103 + if ($this->documentVersions !== null) { 81 104 $where[] = qsprintf( 82 105 $conn_r, 83 106 'documentVersion IN (%Ld)', 84 107 $this->documentVersions); 85 108 } 86 109 87 - if ($this->secretKeys) { 110 + if ($this->secretKeys !== null) { 88 111 $where[] = qsprintf( 89 112 $conn_r, 90 113 'secretKey IN (%Ls)',
+18 -3
src/applications/legalpad/storage/LegalpadDocumentSignature.php
··· 14 14 protected $verified; 15 15 protected $secretKey; 16 16 17 + private $document = self::ATTACHABLE; 18 + 17 19 public function getConfiguration() { 18 20 return array( 19 21 self::CONFIG_SERIALIZATION => array( ··· 30 32 } 31 33 32 34 public function isVerified() { 33 - return $this->getVerified() != self::UNVERIFIED; 35 + return ($this->getVerified() != self::UNVERIFIED); 36 + } 37 + 38 + public function getDocument() { 39 + return $this->assertAttached($this->document); 40 + } 41 + 42 + public function attachDocument(LegalpadDocument $document) { 43 + $this->document = $document; 44 + return $this; 34 45 } 46 + 47 + 35 48 /* -( PhabricatorPolicyInterface )----------------------------------------- */ 49 + 36 50 37 51 public function getCapabilities() { 38 52 return array( ··· 43 57 public function getPolicy($capability) { 44 58 switch ($capability) { 45 59 case PhabricatorPolicyCapability::CAN_VIEW: 46 - return PhabricatorPolicies::POLICY_USER; 60 + return $this->getDocument()->getPolicy( 61 + PhabricatorPolicyCapability::CAN_EDIT); 47 62 } 48 63 } 49 64 50 65 public function hasAutomaticCapability($capability, PhabricatorUser $viewer) { 51 - return false; 66 + return ($viewer->getPHID() == $this->getSignerPHID()); 52 67 } 53 68 54 69 public function describeAutomaticCapability($capability) {