@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.)
hq.recaptime.dev/wiki/Phorge
phorge
phabricator
Fix member edit transaction validation so it works for both implicit and explicit account creation
Summary:
Ref T12451. Ref T12484. This should deal with all the `+` / `-` / `=` cases correctly, I think.
Also makes sure that members are real users, not commits or tokens or whatever. And expands the creation test case to make some other basic sanity checks.
Test Plan:
- Went through implicit first-time creation flow.
- Went through explicit second-time creation flow.
- Unit test now passes.
Reviewers: chad
Reviewed By: chad
Maniphest Tasks: T12484, T12451
Differential Revision: https://secure.phabricator.com/D17692
+44
-26
+17
src/applications/phortune/__tests__/PhabricatorPhortuneTestCase.php
+17
src/applications/phortune/__tests__/PhabricatorPhortuneTestCase.php
···
21
21
1,
22
22
count($accounts),
23
23
pht('Creation of default account for users with no accounts.'));
24
+
25
+
// Reload the account. The user should be able to view and edit it, and
26
+
// should be a member.
27
+
28
+
$account = head($accounts);
29
+
$account = id(new PhortuneAccountQuery())
30
+
->setViewer($user)
31
+
->withPHIDs(array($account->getPHID()))
32
+
->requireCapabilities(
33
+
array(
34
+
PhabricatorPolicyCapability::CAN_VIEW,
35
+
PhabricatorPolicyCapability::CAN_EDIT,
36
+
))
37
+
->executeOne();
38
+
39
+
$this->assertEqual(true, ($account instanceof PhortuneAccount));
40
+
$this->assertEqual(array($user->getPHID()), $account->getMemberPHIDs());
24
41
}
25
42
26
43
}
+27
-26
src/applications/phortune/editor/PhortuneAccountEditor.php
+27
-26
src/applications/phortune/editor/PhortuneAccountEditor.php
···
28
28
29
29
$errors = parent::validateTransaction($object, $type, $xactions);
30
30
31
+
$viewer = $this->requireActor();
32
+
31
33
switch ($type) {
32
34
case PhabricatorTransactions::TYPE_EDGE:
33
35
foreach ($xactions as $xaction) {
34
36
switch ($xaction->getMetadataValue('edge:type')) {
35
37
case PhortuneAccountHasMemberEdgeType::EDGECONST:
36
-
$actor_phid = $this->requireActor()->getPHID();
37
-
$new = $xaction->getNewValue();
38
38
$old = $object->getMemberPHIDs();
39
+
$new = $this->getPHIDTransactionNewValue($xaction, $old);
39
40
40
-
// Check if user is trying to not set themselves on creation
41
-
if (!$old) {
42
-
$set = idx($new, '+', array());
43
-
$actor_set = false;
44
-
foreach ($set as $phid) {
45
-
if ($actor_phid == $phid) {
46
-
$actor_set = true;
47
-
}
41
+
$old = array_fuse($old);
42
+
$new = array_fuse($new);
43
+
44
+
foreach ($new as $new_phid) {
45
+
if (isset($old[$new_phid])) {
46
+
continue;
48
47
}
49
-
if (!$actor_set) {
48
+
49
+
$user = id(new PhabricatorPeopleQuery())
50
+
->setViewer($viewer)
51
+
->withPHIDs(array($new_phid))
52
+
->executeOne();
53
+
if (!$user) {
50
54
$error = new PhabricatorApplicationTransactionValidationError(
51
55
$type,
52
56
pht('Invalid'),
53
-
pht('You can not remove yourself as an account manager.'),
54
-
$xaction);
57
+
pht(
58
+
'Account managers must be valid users, "%s" is not.',
59
+
$new_phid));
55
60
$errors[] = $error;
56
-
61
+
continue;
57
62
}
58
63
}
59
64
60
-
// Check if user is trying to remove themselves on edit
61
-
$set = idx($new, '-', array());
62
-
foreach ($set as $phid) {
63
-
if ($actor_phid == $phid) {
64
-
$error = new PhabricatorApplicationTransactionValidationError(
65
-
$type,
66
-
pht('Invalid'),
67
-
pht('You can not remove yourself as an account manager.'),
68
-
$xaction);
69
-
$errors[] = $error;
70
-
71
-
}
65
+
$actor_phid = $this->getActingAsPHID();
66
+
if (!isset($new[$actor_phid])) {
67
+
$error = new PhabricatorApplicationTransactionValidationError(
68
+
$type,
69
+
pht('Invalid'),
70
+
pht('You can not remove yourself as an account manager.'),
71
+
$xaction);
72
+
$errors[] = $error;
72
73
}
73
74
break;
74
75
}