@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.)
hq.recaptime.dev/wiki/Phorge
phorge
phabricator
Save authorPHID on Passphrase Credentials to support "Credential Author" object policy
Summary:
Fixes T5135. Currently, when you create a credential, we default the policies to your PHID. This means we can't have an application-level configurable default because there's no way to select "the actor's PHID" as a policy.
Start tracking the credential author's PHID and add an object policy for it, so there is such a setting.
Then, add policy defaults.
This mostly unblocks T6787. This obsoletes T6860.
Test Plan:
- Created a credential with "Credential Author" policy.
- Verified I can see/edit it, but other users can not.
- Changed default policies to something else.
Reviewers: btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T5135
Differential Revision: https://secure.phabricator.com/D13385
+114
-2
+2
resources/sql/autopatches/20150621.phrase.1.sql
+2
resources/sql/autopatches/20150621.phrase.1.sql
+6
src/__phutil_library_map__.php
+6
src/__phutil_library_map__.php
···
1267
1267
'PassphraseConduitAPIMethod' => 'applications/passphrase/conduit/PassphraseConduitAPIMethod.php',
1268
1268
'PassphraseController' => 'applications/passphrase/controller/PassphraseController.php',
1269
1269
'PassphraseCredential' => 'applications/passphrase/storage/PassphraseCredential.php',
1270
+
'PassphraseCredentialAuthorPolicyRule' => 'applications/passphrase/policyrule/PassphraseCredentialAuthorPolicyRule.php',
1270
1271
'PassphraseCredentialConduitController' => 'applications/passphrase/controller/PassphraseCredentialConduitController.php',
1271
1272
'PassphraseCredentialControl' => 'applications/passphrase/view/PassphraseCredentialControl.php',
1272
1273
'PassphraseCredentialCreateController' => 'applications/passphrase/controller/PassphraseCredentialCreateController.php',
···
1286
1287
'PassphraseCredentialTypeTestCase' => 'applications/passphrase/credentialtype/__tests__/PassphraseCredentialTypeTestCase.php',
1287
1288
'PassphraseCredentialViewController' => 'applications/passphrase/controller/PassphraseCredentialViewController.php',
1288
1289
'PassphraseDAO' => 'applications/passphrase/storage/PassphraseDAO.php',
1290
+
'PassphraseDefaultEditCapability' => 'applications/passphrase/capability/PassphraseDefaultEditCapability.php',
1291
+
'PassphraseDefaultViewCapability' => 'applications/passphrase/capability/PassphraseDefaultViewCapability.php',
1289
1292
'PassphraseNoteCredentialType' => 'applications/passphrase/credentialtype/PassphraseNoteCredentialType.php',
1290
1293
'PassphrasePasswordCredentialType' => 'applications/passphrase/credentialtype/PassphrasePasswordCredentialType.php',
1291
1294
'PassphrasePasswordKey' => 'applications/passphrase/keys/PassphrasePasswordKey.php',
···
4779
4782
'PhabricatorPolicyInterface',
4780
4783
'PhabricatorDestructibleInterface',
4781
4784
),
4785
+
'PassphraseCredentialAuthorPolicyRule' => 'PhabricatorPolicyRule',
4782
4786
'PassphraseCredentialConduitController' => 'PassphraseController',
4783
4787
'PassphraseCredentialControl' => 'AphrontFormControl',
4784
4788
'PassphraseCredentialCreateController' => 'PassphraseController',
···
4798
4802
'PassphraseCredentialTypeTestCase' => 'PhabricatorTestCase',
4799
4803
'PassphraseCredentialViewController' => 'PassphraseController',
4800
4804
'PassphraseDAO' => 'PhabricatorLiskDAO',
4805
+
'PassphraseDefaultEditCapability' => 'PhabricatorPolicyCapability',
4806
+
'PassphraseDefaultViewCapability' => 'PhabricatorPolicyCapability',
4801
4807
'PassphraseNoteCredentialType' => 'PassphraseCredentialType',
4802
4808
'PassphrasePasswordCredentialType' => 'PassphraseCredentialType',
4803
4809
'PassphrasePasswordKey' => 'PassphraseAbstractKey',
+18
src/applications/passphrase/application/PhabricatorPassphraseApplication.php
+18
src/applications/passphrase/application/PhabricatorPassphraseApplication.php
···
63
63
);
64
64
}
65
65
66
+
protected function getCustomCapabilities() {
67
+
$policy_key = id(new PassphraseCredentialAuthorPolicyRule())
68
+
->getObjectPolicyFullKey();
69
+
70
+
return array(
71
+
PassphraseDefaultViewCapability::CAPABILITY => array(
72
+
'caption' => pht('Default view policy for newly created credentials.'),
73
+
'template' => PassphraseCredentialPHIDType::TYPECONST,
74
+
'default' => $policy_key,
75
+
),
76
+
PassphraseDefaultEditCapability::CAPABILITY => array(
77
+
'caption' => pht('Default edit policy for newly created credentials.'),
78
+
'template' => PassphraseCredentialPHIDType::TYPECONST,
79
+
'default' => $policy_key,
80
+
),
81
+
);
82
+
}
83
+
66
84
}
+12
src/applications/passphrase/capability/PassphraseDefaultEditCapability.php
+12
src/applications/passphrase/capability/PassphraseDefaultEditCapability.php
+16
src/applications/passphrase/capability/PassphraseDefaultViewCapability.php
+16
src/applications/passphrase/capability/PassphraseDefaultViewCapability.php
···
1
+
<?php
2
+
3
+
final class PassphraseDefaultViewCapability
4
+
extends PhabricatorPolicyCapability {
5
+
6
+
const CAPABILITY = 'passphrase.default.view';
7
+
8
+
public function getCapabilityName() {
9
+
return pht('Default View Policy');
10
+
}
11
+
12
+
public function shouldAllowPublicPolicySetting() {
13
+
return true;
14
+
}
15
+
16
+
}
+48
src/applications/passphrase/policyrule/PassphraseCredentialAuthorPolicyRule.php
+48
src/applications/passphrase/policyrule/PassphraseCredentialAuthorPolicyRule.php
···
1
+
<?php
2
+
3
+
final class PassphraseCredentialAuthorPolicyRule
4
+
extends PhabricatorPolicyRule {
5
+
6
+
public function getObjectPolicyKey() {
7
+
return 'passphrase.author';
8
+
}
9
+
10
+
public function getObjectPolicyName() {
11
+
return pht('Credential Author');
12
+
}
13
+
14
+
public function getPolicyExplanation() {
15
+
return pht('The author of this credential can take this action.');
16
+
}
17
+
18
+
public function getRuleDescription() {
19
+
return pht('credential author');
20
+
}
21
+
22
+
public function canApplyToObject(PhabricatorPolicyInterface $object) {
23
+
return ($object instanceof PassphraseCredential);
24
+
}
25
+
26
+
public function applyRule(
27
+
PhabricatorUser $viewer,
28
+
$value,
29
+
PhabricatorPolicyInterface $object) {
30
+
31
+
$author_phid = $object->getAuthorPHID();
32
+
if (!$author_phid) {
33
+
return false;
34
+
}
35
+
36
+
$viewer_phid = $viewer->getPHID();
37
+
if (!$viewer_phid) {
38
+
return false;
39
+
}
40
+
41
+
return ($viewer_phid == $author_phid);
42
+
}
43
+
44
+
public function getValueControlType() {
45
+
return self::CONTROL_TYPE_NONE;
46
+
}
47
+
48
+
}
+12
-2
src/applications/passphrase/storage/PassphraseCredential.php
+12
-2
src/applications/passphrase/storage/PassphraseCredential.php
···
17
17
protected $isDestroyed;
18
18
protected $isLocked = 0;
19
19
protected $allowConduit = 0;
20
+
protected $authorPHID;
20
21
21
22
private $secret = self::ATTACHABLE;
22
23
23
24
public static function initializeNewCredential(PhabricatorUser $actor) {
25
+
$app = id(new PhabricatorApplicationQuery())
26
+
->setViewer($actor)
27
+
->withClasses(array('PhabricatorPassphraseApplication'))
28
+
->executeOne();
29
+
30
+
$view_policy = $app->getPolicy(PassphraseDefaultViewCapability::CAPABILITY);
31
+
$edit_policy = $app->getPolicy(PassphraseDefaultEditCapability::CAPABILITY);
32
+
24
33
return id(new PassphraseCredential())
25
34
->setName('')
26
35
->setUsername('')
27
36
->setDescription('')
28
37
->setIsDestroyed(0)
29
-
->setViewPolicy($actor->getPHID())
30
-
->setEditPolicy($actor->getPHID());
38
+
->setAuthorPHID($actor->getPHID())
39
+
->setViewPolicy($view_policy)
40
+
->setEditPolicy($edit_policy);
31
41
}
32
42
33
43
public function getMonogram() {