recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Make Maniphest detail page react to viewer capabilities

Summary:
Ref T603. Disable things the user can't use, allow logged-out users to get a reasonable version of the page.

Also allow logged-out users to view edit history of comments if they're able to see the object.

Test Plan: Viewed Maniphest detail as a logged-out user, got a largely sensible page.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D7124

epriestley 800f6971 c7f105ac

+56 -23
+52 -23
src/applications/maniphest/controller/ManiphestTaskDetailController.php
··· 1 1 <?php 2 2 3 - /** 4 - * @group maniphest 5 - */ 6 3 final class ManiphestTaskDetailController extends ManiphestController { 7 4 8 5 private $id; 6 + 7 + public function shouldAllowPublic() { 8 + return true; 9 + } 9 10 10 11 public function willProcessRequest(array $data) { 11 12 $this->id = $data['id']; ··· 306 307 ), 307 308 ); 308 309 309 - Javelin::initBehavior('maniphest-transaction-controls', array( 310 - 'select' => 'transaction-action', 311 - 'controlMap' => $control_map, 312 - 'tokenizers' => $tokenizer_map, 313 - )); 310 + // TODO: Initializing these behaviors for logged out users fatals things. 311 + if ($user->isLoggedIn()) { 312 + Javelin::initBehavior('maniphest-transaction-controls', array( 313 + 'select' => 'transaction-action', 314 + 'controlMap' => $control_map, 315 + 'tokenizers' => $tokenizer_map, 316 + )); 314 317 315 - Javelin::initBehavior('maniphest-transaction-preview', array( 316 - 'uri' => '/maniphest/transaction/preview/'.$task->getID().'/', 317 - 'preview' => 'transaction-preview', 318 - 'comments' => 'transaction-comments', 319 - 'action' => 'transaction-action', 320 - 'map' => $control_map, 321 - 'tokenizers' => $tokenizer_map, 322 - )); 318 + Javelin::initBehavior('maniphest-transaction-preview', array( 319 + 'uri' => '/maniphest/transaction/preview/'.$task->getID().'/', 320 + 'preview' => 'transaction-preview', 321 + 'comments' => 'transaction-comments', 322 + 'action' => 'transaction-action', 323 + 'map' => $control_map, 324 + 'tokenizers' => $tokenizer_map, 325 + )); 326 + } 323 327 324 328 $comment_header = id(new PHUIHeaderView()) 325 329 ->setHeader($is_serious ? pht('Add Comment') : pht('Weigh In')); ··· 351 355 $header = $this->buildHeaderView($task); 352 356 $properties = $this->buildPropertyView($task, $field_list, $edges, $engine); 353 357 358 + if (!$user->isLoggedIn()) { 359 + // TODO: Eventually, everything should run through this. For now, we're 360 + // only using it to get a consistent "Login to Comment" button. 361 + $comment_form = id(new PhabricatorApplicationTransactionCommentView()) 362 + ->setUser($user) 363 + ->setRequestURI($request->getRequestURI()); 364 + $preview_panel = null; 365 + } 366 + 354 367 return $this->buildApplicationPage( 355 368 array( 356 369 $crumbs, ··· 393 406 $id = $task->getID(); 394 407 $phid = $task->getPHID(); 395 408 409 + $can_edit = PhabricatorPolicyFilter::hasCapability( 410 + $viewer, 411 + $task, 412 + PhabricatorPolicyCapability::CAN_EDIT); 413 + 396 414 $view = id(new PhabricatorActionListView()) 397 415 ->setUser($viewer) 398 416 ->setObject($task) 399 - ->setObjectURI($this->getRequest()->getRequestURI()) 400 - ->addAction( 417 + ->setObjectURI($this->getRequest()->getRequestURI()); 418 + 419 + $view->addAction( 401 420 id(new PhabricatorActionView()) 402 421 ->setName(pht('Edit Task')) 403 422 ->setIcon('edit') 404 - ->setHref($this->getApplicationURI("/task/edit/{$id}/"))); 423 + ->setHref($this->getApplicationURI("/task/edit/{$id}/")) 424 + ->setDisabled(!$can_edit) 425 + ->setWorkflow(!$can_edit)); 405 426 406 427 if ($task->getOwnerPHID() === $viewer_phid) { 407 428 $view->addAction( ··· 428 449 ->setName(pht('Merge Duplicates In')) 429 450 ->setHref("/search/attach/{$phid}/TASK/merge/") 430 451 ->setWorkflow(true) 431 - ->setIcon('merge')); 452 + ->setIcon('merge') 453 + ->setDisabled(!$can_edit) 454 + ->setWorkflow(!$can_edit)); 432 455 433 456 $view->addAction( 434 457 id(new PhabricatorActionView()) ··· 441 464 ->setName(pht('Edit Dependencies')) 442 465 ->setHref("/search/attach/{$phid}/TASK/dependencies/") 443 466 ->setWorkflow(true) 444 - ->setIcon('link')); 467 + ->setIcon('link') 468 + ->setDisabled(!$can_edit) 469 + ->setWorkflow(!$can_edit)); 445 470 446 471 $view->addAction( 447 472 id(new PhabricatorActionView()) 448 473 ->setName(pht('Edit Differential Revisions')) 449 474 ->setHref("/search/attach/{$phid}/DREV/") 450 475 ->setWorkflow(true) 451 - ->setIcon('attach')); 476 + ->setIcon('attach') 477 + ->setDisabled(!$can_edit) 478 + ->setWorkflow(!$can_edit)); 452 479 453 480 $pholio_app = 454 481 PhabricatorApplication::getByClass('PhabricatorApplicationPholio'); ··· 458 485 ->setName(pht('Edit Pholio Mocks')) 459 486 ->setHref("/search/attach/{$phid}/MOCK/edge/") 460 487 ->setWorkflow(true) 461 - ->setIcon('attach')); 488 + ->setIcon('attach') 489 + ->setDisabled(!$can_edit) 490 + ->setWorkflow(!$can_edit)); 462 491 } 463 492 464 493 return $view;
+4
src/applications/transactions/controller/PhabricatorApplicationTransactionCommentHistoryController.php
··· 5 5 6 6 private $phid; 7 7 8 + public function shouldAllowPublic() { 9 + return true; 10 + } 11 + 8 12 public function willProcessRequest(array $data) { 9 13 $this->phid = $data['phid']; 10 14 }