+3

src/applications/config/check/PhabricatorSetupCheckExtraConfig.php

reviewed

··· 164 164 'differential.custom-remarkup-block-rules' => $markup_reason, 165 165 'auth.sshkeys.enabled' => pht( 166 166 'SSH keys are now actually useful, so they are always enabled.'), 167 167 + 'differential.anonymous-access' => pht( 168 168 + 'Phabricator now has meaningful global access controls. See '. 169 169 + '`policy.allow-public`.'), 167 170 ); 168 171 169 172 return $ancient_config;

+4 -4

src/applications/differential/conduit/ConduitAPI_differential_getdiff_Method.php

reviewed

··· 6 6 final class ConduitAPI_differential_getdiff_Method 7 7 extends ConduitAPIMethod { 8 8 9 9 + public function shouldAllowPublic() { 10 10 + return true; 11 11 + } 12 12 + 9 13 public function getMethodStatus() { 10 14 return self::METHOD_STATUS_DEPRECATED; 11 15 } ··· 36 40 return array( 37 41 'ERR_BAD_DIFF' => 'No such diff exists.', 38 42 ); 39 39 - } 40 40 - 41 41 - public function shouldRequireAuthentication() { 42 42 - return !PhabricatorEnv::getEnvConfig('differential.anonymous-access'); 43 43 } 44 44 45 45 protected function execute(ConduitAPIRequest $request) {

-12

src/applications/differential/config/PhabricatorDifferentialConfigOptions.php

reviewed

··· 96 96 'sketchy and implies the revision may not actually be receiving '. 97 97 'thorough review. You can enable "!accept" by setting this '. 98 98 'option to true.')), 99 99 - $this->newOption('differential.anonymous-access', 'bool', false) 100 100 - ->setBoolOptions( 101 101 - array( 102 102 - pht('Allow guests to view revisions'), 103 103 - pht('Require authentication to view revisions'), 104 104 - )) 105 105 - ->setSummary(pht('Anonymous access to Differential revisions.')) 106 106 - ->setDescription( 107 107 - pht( 108 108 - "If you set this to true, users won't need to login to view ". 109 109 - "Differential revisions. Anonymous users will have read-only ". 110 110 - "access and won't be able to interact with the revisions.")), 111 99 $this->newOption('differential.generated-paths', 'list<regex>', array()) 112 100 ->setSummary(pht("File regexps to treat as automatically generated.")) 113 101 ->setDescription(

-8

src/applications/differential/controller/DifferentialChangesetViewController.php

reviewed

··· 2 2 3 3 final class DifferentialChangesetViewController extends DifferentialController { 4 4 5 5 - public function shouldRequireLogin() { 6 6 - if ($this->allowsAnonymousAccess()) { 7 7 - return false; 8 8 - } 9 9 - 10 10 - return parent::shouldRequireLogin(); 11 11 - } 12 12 - 13 5 public function shouldAllowPublic() { 14 6 return true; 15 7 }

-4

src/applications/differential/controller/DifferentialController.php

reviewed

··· 2 2 3 3 abstract class DifferentialController extends PhabricatorController { 4 4 5 5 - protected function allowsAnonymousAccess() { 6 6 - return PhabricatorEnv::getEnvConfig('differential.anonymous-access'); 7 7 - } 8 8 - 9 5 public function buildApplicationCrumbs() { 10 6 $crumbs = parent::buildApplicationCrumbs(); 11 7

-7

src/applications/differential/controller/DifferentialRevisionListController.php

reviewed

··· 5 5 6 6 private $queryKey; 7 7 8 8 - public function shouldRequireLogin() { 9 9 - if ($this->allowsAnonymousAccess()) { 10 10 - return false; 11 11 - } 12 12 - return parent::shouldRequireLogin(); 13 13 - } 14 14 - 15 8 public function shouldAllowPublic() { 16 9 return true; 17 10 }

-7

src/applications/differential/controller/DifferentialRevisionViewController.php

reviewed

··· 4 4 5 5 private $revisionID; 6 6 7 7 - public function shouldRequireLogin() { 8 8 - if ($this->allowsAnonymousAccess()) { 9 9 - return false; 10 10 - } 11 11 - return parent::shouldRequireLogin(); 12 12 - } 13 13 - 14 7 public function shouldAllowPublic() { 15 8 return true; 16 9 }