recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Test for "CAN_INTERACT" on comment edits in a way that survives objects which only implement "CAN_VIEW"

Summary:
Ref T13289. See D20551. In D20551, I implemented some "CAN_INTERACT" checks against certain edits, but these checks end up testing "CAN_INTERACT" against objects like Conpherence threads which do not support a distinct "CAN_INTERACT" permission. I misrembered how the "CAN_INTERACT" fallback to "CAN_VIEW" actually works: it's not fully automatic, and needs some explicit "interact, or view if interact is not available" checks.

Use the "interact" wrappers to test these policies so they fall back to "CAN_VIEW" if an object does not support "CAN_INTERACT". Generally, objects which have a "locked" state have a separate "CAN_INTERACT" permission; objects which don't have a "locked" state do not.

Test Plan: Created and edited comments in Conpherence (or most applications other than Maniphest).

Reviewers: amckinley

Maniphest Tasks: T13289

Differential Revision: https://secure.phabricator.com/D20558

epriestley 53b9acfb ce6fc5be

+31 -16
+24 -7
src/applications/policy/filter/PhabricatorPolicyFilter.php
··· 90 90 PhabricatorUser $user, 91 91 PhabricatorPolicyInterface $object) { 92 92 93 + $capabilities = self::getRequiredInteractCapabilities($object); 94 + 95 + foreach ($capabilities as $capability) { 96 + if (!self::hasCapability($user, $object, $capability)) { 97 + return false; 98 + } 99 + } 100 + 101 + return true; 102 + } 103 + 104 + public static function requireCanInteract( 105 + PhabricatorUser $user, 106 + PhabricatorPolicyInterface $object) { 107 + 108 + $capabilities = self::getRequiredInteractCapabilities($object); 109 + foreach ($capabilities as $capability) { 110 + self::requireCapability($user, $object, $capability); 111 + } 112 + } 113 + 114 + private static function getRequiredInteractCapabilities( 115 + PhabricatorPolicyInterface $object) { 93 116 $capabilities = $object->getCapabilities(); 94 117 $capabilities = array_fuse($capabilities); 95 118 ··· 107 130 $require[] = $can_interact; 108 131 } 109 132 110 - foreach ($require as $capability) { 111 - if (!self::hasCapability($user, $object, $capability)) { 112 - return false; 113 - } 114 - } 115 - 116 - return true; 133 + return $require; 117 134 } 118 135 119 136 public function setViewer(PhabricatorUser $user) {
+2 -3
src/applications/transactions/controller/PhabricatorApplicationTransactionCommentEditController.php
··· 36 36 // auditing, and editing comments serves neither goal. 37 37 38 38 $object = $xaction->getObject(); 39 - $can_interact = PhabricatorPolicyFilter::hasCapability( 39 + $can_interact = PhabricatorPolicyFilter::canInteract( 40 40 $viewer, 41 - $object, 42 - PhabricatorPolicyCapability::CAN_INTERACT); 41 + $object); 43 42 if (!$can_interact) { 44 43 return $this->newDialog() 45 44 ->setTitle(pht('Conversation Locked'))
+3 -3
src/applications/transactions/editor/PhabricatorApplicationTransactionCommentEditor.php
··· 189 189 $actor, 190 190 $xaction, 191 191 PhabricatorPolicyCapability::CAN_EDIT); 192 - PhabricatorPolicyFilter::requireCapability( 192 + 193 + PhabricatorPolicyFilter::requireCanInteract( 193 194 $actor, 194 - $xaction->getObject(), 195 - PhabricatorPolicyCapability::CAN_INTERACT); 195 + $xaction->getObject()); 196 196 } 197 197 } 198 198
+2 -3
src/applications/transactions/view/PhabricatorApplicationTransactionView.php
··· 513 513 } 514 514 } 515 515 516 - $can_interact = PhabricatorPolicyFilter::hasCapability( 516 + $can_interact = PhabricatorPolicyFilter::canInteract( 517 517 $viewer, 518 - $xaction->getObject(), 519 - PhabricatorPolicyCapability::CAN_INTERACT); 518 + $xaction->getObject()); 520 519 $event->setCanInteract($can_interact); 521 520 } 522 521