@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.)
hq.recaptime.dev/wiki/Phorge
phorge
phabricator
Update PhortunePaymentMethod for modern policy interfaces
Summary:
Depends on D20717. Ref T13366. Make PhortunePaymentMethod use an extended policy interface for consistency with modern approaches. Since Accounts have hard-coded policy behavior (and can't have object policies like "Subscribers") this should have no actual impact on program behavior.
This leaves one weird piece in the policy dialog UIs, see T13381.
Test Plan: Viewed and edited payment methods as a merchant and account member. Merchants can only view, not edit.
Maniphest Tasks: T13366
Differential Revision: https://secure.phabricator.com/D20718
+87
-20
+4
src/__phutil_library_map__.php
+4
src/__phutil_library_map__.php
···
5329
5329
'PhortunePaymentMethodDisableController' => 'applications/phortune/controller/payment/PhortunePaymentMethodDisableController.php',
5330
5330
'PhortunePaymentMethodEditController' => 'applications/phortune/controller/payment/PhortunePaymentMethodEditController.php',
5331
5331
'PhortunePaymentMethodPHIDType' => 'applications/phortune/phid/PhortunePaymentMethodPHIDType.php',
5332
+
'PhortunePaymentMethodPolicyCodex' => 'applications/phortune/codex/PhortunePaymentMethodPolicyCodex.php',
5332
5333
'PhortunePaymentMethodQuery' => 'applications/phortune/query/PhortunePaymentMethodQuery.php',
5333
5334
'PhortunePaymentProvider' => 'applications/phortune/provider/PhortunePaymentProvider.php',
5334
5335
'PhortunePaymentProviderConfig' => 'applications/phortune/storage/PhortunePaymentProviderConfig.php',
···
11893
11894
'PhortunePaymentMethod' => array(
11894
11895
'PhortuneDAO',
11895
11896
'PhabricatorPolicyInterface',
11897
+
'PhabricatorExtendedPolicyInterface',
11898
+
'PhabricatorPolicyCodexInterface',
11896
11899
),
11897
11900
'PhortunePaymentMethodCreateController' => 'PhortuneController',
11898
11901
'PhortunePaymentMethodDisableController' => 'PhortuneController',
11899
11902
'PhortunePaymentMethodEditController' => 'PhortuneController',
11900
11903
'PhortunePaymentMethodPHIDType' => 'PhabricatorPHIDType',
11904
+
'PhortunePaymentMethodPolicyCodex' => 'PhabricatorPolicyCodex',
11901
11905
'PhortunePaymentMethodQuery' => 'PhabricatorCursorPagedPolicyAwareQuery',
11902
11906
'PhortunePaymentProvider' => 'Phobject',
11903
11907
'PhortunePaymentProviderConfig' => array(
+35
src/applications/phortune/codex/PhortunePaymentMethodPolicyCodex.php
+35
src/applications/phortune/codex/PhortunePaymentMethodPolicyCodex.php
···
1
+
<?php
2
+
3
+
final class PhortunePaymentMethodPolicyCodex
4
+
extends PhabricatorPolicyCodex {
5
+
6
+
public function getPolicySpecialRuleDescriptions() {
7
+
$object = $this->getObject();
8
+
9
+
$rules = array();
10
+
11
+
$rules[] = $this->newRule()
12
+
->setCapabilities(
13
+
array(
14
+
PhabricatorPolicyCapability::CAN_VIEW,
15
+
))
16
+
->setIsActive(true)
17
+
->setDescription(
18
+
pht(
19
+
'Account members may view and edit payment methods.'));
20
+
21
+
$rules[] = $this->newRule()
22
+
->setCapabilities(
23
+
array(
24
+
PhabricatorPolicyCapability::CAN_VIEW,
25
+
))
26
+
->setIsActive(true)
27
+
->setDescription(
28
+
pht(
29
+
'Merchants you have a relationship with may view associated '.
30
+
'payment methods.'));
31
+
32
+
return $rules;
33
+
}
34
+
35
+
}
-1
src/applications/phortune/controller/account/PhortuneAccountPaymentMethodsController.php
-1
src/applications/phortune/controller/account/PhortuneAccountPaymentMethodsController.php
+3
src/applications/phortune/query/PhortunePaymentMethodQuery.php
+3
src/applications/phortune/query/PhortunePaymentMethodQuery.php
···
53
53
$account = idx($accounts, $method->getAccountPHID());
54
54
if (!$account) {
55
55
unset($methods[$key]);
56
+
$this->didRejectResult($method);
56
57
continue;
57
58
}
58
59
$method->attachAccount($account);
···
72
73
$merchant = idx($merchants, $method->getMerchantPHID());
73
74
if (!$merchant) {
74
75
unset($methods[$key]);
76
+
$this->didRejectResult($method);
75
77
continue;
76
78
}
77
79
$method->attachMerchant($merchant);
···
91
93
$provider_config = idx($provider_configs, $method->getProviderPHID());
92
94
if (!$provider_config) {
93
95
unset($methods[$key]);
96
+
$this->didRejectResult($method);
94
97
continue;
95
98
}
96
99
$method->attachProviderConfig($provider_config);
+45
-9
src/applications/phortune/storage/PhortunePaymentMethod.php
+45
-9
src/applications/phortune/storage/PhortunePaymentMethod.php
···
4
4
* A payment method is a credit card; it is associated with an account and
5
5
* charges can be made against it.
6
6
*/
7
-
final class PhortunePaymentMethod extends PhortuneDAO
8
-
implements PhabricatorPolicyInterface {
7
+
final class PhortunePaymentMethod
8
+
extends PhortuneDAO
9
+
implements
10
+
PhabricatorPolicyInterface,
11
+
PhabricatorExtendedPolicyInterface,
12
+
PhabricatorPolicyCodexInterface {
9
13
10
14
const STATUS_ACTIVE = 'payment:active';
11
15
const STATUS_DISABLED = 'payment:disabled';
···
148
152
}
149
153
150
154
public function getPolicy($capability) {
151
-
return $this->getAccount()->getPolicy($capability);
155
+
return PhabricatorPolicies::getMostOpenPolicy();
152
156
}
153
157
154
158
public function hasAutomaticCapability($capability, PhabricatorUser $viewer) {
155
-
return $this->getAccount()->hasAutomaticCapability(
156
-
$capability,
157
-
$viewer);
159
+
160
+
// See T13366. If you can edit the merchant associated with this payment
161
+
// method, you can view the payment method.
162
+
if ($capability === PhabricatorPolicyCapability::CAN_VIEW) {
163
+
$any_edit = PhortuneMerchantQuery::canViewersEditMerchants(
164
+
array($viewer->getPHID()),
165
+
array($this->getMerchantPHID()));
166
+
if ($any_edit) {
167
+
return true;
168
+
}
169
+
}
170
+
171
+
return false;
158
172
}
159
173
160
-
public function describeAutomaticCapability($capability) {
161
-
return pht(
162
-
'Members of an account can always view and edit its payment methods.');
174
+
175
+
/* -( PhabricatorExtendedPolicyInterface )--------------------------------- */
176
+
177
+
178
+
public function getExtendedPolicy($capability, PhabricatorUser $viewer) {
179
+
if ($this->hasAutomaticCapability($capability, $viewer)) {
180
+
return array();
181
+
}
182
+
183
+
// See T13366. For blanket view and edit permissions on all payment
184
+
// methods, you must be able to edit the associated account.
185
+
return array(
186
+
array(
187
+
$this->getAccount(),
188
+
PhabricatorPolicyCapability::CAN_EDIT,
189
+
),
190
+
);
191
+
}
192
+
193
+
194
+
/* -( PhabricatorPolicyCodexInterface )------------------------------------ */
195
+
196
+
197
+
public function newPolicyCodex() {
198
+
return new PhortunePaymentMethodPolicyCodex();
163
199
}
164
200
165
201
}
-10
src/applications/policy/codex/PhabricatorPolicyCodex.php
-10
src/applications/policy/codex/PhabricatorPolicyCodex.php
···
44
44
return null;
45
45
}
46
46
47
-
final public function getPolicySpecialRuleForCapability($capability) {
48
-
foreach ($this->getPolicySpecialRuleDescriptions() as $rule) {
49
-
if (in_array($capability, $rule->getCapabilities())) {
50
-
return $rule;
51
-
}
52
-
}
53
-
54
-
return null;
55
-
}
56
-
57
47
final protected function newRule() {
58
48
return new PhabricatorPolicyCodexRuleDescription();
59
49
}