recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Make more Diffusion controllers/views capability-sensitive

Summary:
Ref T603. I got most of this earlier, but finish it up.

- Make a couple of controllers public; pretty much everything in Diffusion has implicit policy checks as a result of building a `DiffusionRequest`.
- Add an "Edit" capability to commits.
- Swap out the comment thing for commits.
- Disable actions if the user can't take them.

Test Plan: Viewed a bunch of interfaces while logged out, got appropriate results or roadblocks.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D7152

epriestley 7f0d0e4e 5799e8e2

+52 -6
+4
src/applications/diffusion/controller/DiffusionCommitBranchesController.php
··· 2 2 3 3 final class DiffusionCommitBranchesController extends DiffusionController { 4 4 5 + public function shouldAllowPublic() { 6 + return true; 7 + } 8 + 5 9 public function willProcessRequest(array $data) { 6 10 $data['user'] = $this->getRequest()->getUser(); 7 11 $this->diffusionRequest = DiffusionRequest::newFromDictionary($data);
+24 -5
src/applications/diffusion/controller/DiffusionCommitController.php
··· 7 7 private $auditAuthorityPHIDs; 8 8 private $highlightedAudits; 9 9 10 + public function shouldAllowPublic() { 11 + return true; 12 + } 13 + 10 14 public function willProcessRequest(array $data) { 11 15 // This controller doesn't use blob/path stuff, just pass the dictionary 12 16 // in directly instead of using the AphrontRequest parsing mechanism. ··· 609 613 PhabricatorRepositoryCommit $commit, 610 614 array $audit_requests) { 611 615 assert_instances_of($audit_requests, 'PhabricatorRepositoryAuditRequest'); 612 - $user = $this->getRequest()->getUser(); 616 + 617 + $request = $this->getRequest(); 618 + $user = $request->getUser(); 619 + 620 + if (!$user->isLoggedIn()) { 621 + return id(new PhabricatorApplicationTransactionCommentView()) 622 + ->setUser($user) 623 + ->setRequestURI($request->getRequestURI()); 624 + } 613 625 614 626 $is_serious = PhabricatorEnv::getEnvConfig('phabricator.serious-business'); 615 627 ··· 881 893 ->setObject($commit) 882 894 ->setObjectURI($request->getRequestURI()); 883 895 884 - // TODO -- integrate permissions into whether or not this action is shown 885 - $uri = '/diffusion/'.$repository->getCallSign().'/commit/'. 896 + $can_edit = PhabricatorPolicyFilter::hasCapability( 897 + $user, 898 + $commit, 899 + PhabricatorPolicyCapability::CAN_EDIT); 900 + 901 + $uri = '/diffusion/'.$repository->getCallsign().'/commit/'. 886 902 $commit->getCommitIdentifier().'/edit/'; 887 903 888 904 $action = id(new PhabricatorActionView()) 889 905 ->setName(pht('Edit Commit')) 890 906 ->setHref($uri) 891 - ->setIcon('edit'); 907 + ->setIcon('edit') 908 + ->setDisabled(!$can_edit) 909 + ->setWorkflow(!$can_edit); 892 910 $actions->addAction($action); 893 911 894 912 require_celerity_resource('phabricator-object-selector-css'); ··· 900 918 ->setName(pht('Edit Maniphest Tasks')) 901 919 ->setIcon('attach') 902 920 ->setHref('/search/attach/'.$commit->getPHID().'/TASK/edge/') 903 - ->setWorkflow(true); 921 + ->setWorkflow(true) 922 + ->setDisabled(!$can_edit); 904 923 $actions->addAction($action); 905 924 } 906 925
+4
src/applications/diffusion/controller/DiffusionCommitTagsController.php
··· 2 2 3 3 final class DiffusionCommitTagsController extends DiffusionController { 4 4 5 + public function shouldAllowPublic() { 6 + return true; 7 + } 8 + 5 9 public function willProcessRequest(array $data) { 6 10 $data['user'] = $this->getRequest()->getUser(); 7 11 $this->diffusionRequest = DiffusionRequest::newFromDictionary($data);
+4
src/applications/diffusion/controller/DiffusionExternalController.php
··· 6 6 // Don't build a DiffusionRequest. 7 7 } 8 8 9 + public function shouldAllowPublic() { 10 + return true; 11 + } 12 + 9 13 public function processRequest() { 10 14 $request = $this->getRequest(); 11 15
+4
src/applications/diffusion/controller/DiffusionLastModifiedController.php
··· 2 2 3 3 final class DiffusionLastModifiedController extends DiffusionController { 4 4 5 + public function shouldAllowPublic() { 6 + return true; 7 + } 8 + 5 9 public function processRequest() { 6 10 $drequest = $this->getDiffusionRequest(); 7 11 $request = $this->getRequest();
+3
src/applications/diffusion/request/DiffusionRequest.php
··· 271 271 if (empty($this->repositoryCommit)) { 272 272 $repository = $this->getRepository(); 273 273 274 + // TODO: (T603) This should be a real query, but we need to sort out 275 + // the viewer. 274 276 $commit = id(new PhabricatorRepositoryCommit())->loadOneWhere( 275 277 'repositoryID = %d AND commitIdentifier = %s', 276 278 $repository->getID(), 277 279 $this->getCommit()); 280 + $commit->attachRepository($repository); 278 281 $this->repositoryCommit = $commit; 279 282 } 280 283 return $this->repositoryCommit;
+9 -1
src/applications/repository/storage/PhabricatorRepositoryCommit.php
··· 156 156 public function getCapabilities() { 157 157 return array( 158 158 PhabricatorPolicyCapability::CAN_VIEW, 159 + PhabricatorPolicyCapability::CAN_EDIT, 159 160 ); 160 161 } 161 162 162 163 public function getPolicy($capability) { 163 - return $this->getRepository()->getPolicy($capability); 164 + switch ($capability) { 165 + case PhabricatorPolicyCapability::CAN_VIEW: 166 + return $this->getRepository()->getPolicy($capability); 167 + case PhabricatorPolicyCapability::CAN_EDIT: 168 + // TODO: (T603) Who should be able to edit a commit? For now, retain 169 + // the existing policy. 170 + return PhabricatorPolicies::POLICY_USER; 171 + } 164 172 } 165 173 166 174 public function hasAutomaticCapability($capability, PhabricatorUser $viewer) {