@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.)
hq.recaptime.dev/wiki/Phorge
phorge
phabricator
Make PhabricatorPolicyQuery a CursorPagedPolicyAwareQuery
Summary:
Ref T603. Make these actually implement policy interfaces, so shared infrastructure (like handle loading) works as expected. They don't actually have meaningful policies, and we short circuit all the checks.
(I don't plan to let you set policy controls on policies themselves)
Test Plan: Loaded handles for Policy objects via common infrastructure.
Reviewers: btrahan
Reviewed By: btrahan
CC: aran
Maniphest Tasks: T603
Differential Revision: https://secure.phabricator.com/D7298
+41
-17
+14
-16
src/applications/policy/query/PhabricatorPolicyQuery.php
+14
-16
src/applications/policy/query/PhabricatorPolicyQuery.php
···
1
1
<?php
2
2
3
-
final class PhabricatorPolicyQuery extends PhabricatorQuery {
3
+
final class PhabricatorPolicyQuery
4
+
extends PhabricatorCursorPagedPolicyAwareQuery {
4
5
5
-
private $viewer;
6
6
private $object;
7
7
private $phids;
8
-
9
-
public function setViewer(PhabricatorUser $viewer) {
10
-
$this->viewer = $viewer;
11
-
return $this;
12
-
}
13
8
14
9
public function setObject(PhabricatorPolicyInterface $object) {
15
10
$this->object = $object;
···
58
53
return $policies;
59
54
}
60
55
61
-
public function execute() {
62
-
if (!$this->viewer) {
63
-
throw new Exception('Call setViewer() before execute()!');
64
-
}
65
-
56
+
public function loadPage() {
66
57
if ($this->object && $this->phids) {
67
58
throw new Exception(
68
59
"You can not issue a policy query with both setObject() and ".
···
102
93
103
94
if ($handle_policies) {
104
95
$handles = id(new PhabricatorHandleQuery())
105
-
->setViewer($this->viewer)
96
+
->setViewer($this->getViewer())
106
97
->withPHIDs($handle_policies)
107
98
->execute();
108
99
foreach ($handle_policies as $phid) {
···
179
170
180
171
private function loadObjectPolicyPHIDs() {
181
172
$phids = array();
173
+
$viewer = $this->getViewer();
182
174
183
-
if ($this->viewer->getPHID()) {
175
+
if ($viewer->getPHID()) {
184
176
$projects = id(new PhabricatorProjectQuery())
185
-
->setViewer($this->viewer)
186
-
->withMemberPHIDs(array($this->viewer->getPHID()))
177
+
->setViewer($viewer)
178
+
->withMemberPHIDs(array($viewer->getPHID()))
187
179
->execute();
188
180
foreach ($projects as $project) {
189
181
$phids[] = $project->getPHID();
···
213
205
}
214
206
215
207
return $phids;
208
+
}
209
+
210
+
protected function shouldDisablePolicyFiltering() {
211
+
// Policy filtering of policies is currently perilous and not required by
212
+
// the application.
213
+
return true;
216
214
}
217
215
218
216
}
+27
-1
src/applications/policy/storage/PhabricatorPolicy.php
+27
-1
src/applications/policy/storage/PhabricatorPolicy.php
···
1
1
<?php
2
2
3
3
final class PhabricatorPolicy
4
-
extends PhabricatorPolicyDAO {
4
+
extends PhabricatorPolicyDAO
5
+
implements PhabricatorPolicyInterface {
5
6
6
7
const ACTION_ALLOW = 'allow';
7
8
const ACTION_DENY = 'deny';
···
298
299
299
300
public function getRuleObjects() {
300
301
return $this->assertAttached($this->ruleObjects);
302
+
}
303
+
304
+
305
+
/* -( PhabricatorPolicyInterface )----------------------------------------- */
306
+
307
+
308
+
public function getCapabilities() {
309
+
return array(
310
+
PhabricatorPolicyCapability::CAN_VIEW,
311
+
);
312
+
}
313
+
314
+
public function getPolicy($capability) {
315
+
// NOTE: We implement policies only so we can comply with the interface.
316
+
// The actual query skips them, as enforcing policies on policies seems
317
+
// perilous and isn't currently required by the application.
318
+
return PhabricatorPolicies::POLICY_PUBLIC;
319
+
}
320
+
321
+
public function hasAutomaticCapability($capability, PhabricatorUser $viewer) {
322
+
return false;
323
+
}
324
+
325
+
public function describeAutomaticCapability($capability) {
326
+
return null;
301
327
}
302
328
303
329
}