@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.)
hq.recaptime.dev/wiki/Phorge
phorge
phabricator
Allow repository policies to be edited
Summary: Ref T603. Allows permitted users to set view and edit policies for repositories. So far the repository list, repository detail, repository edit, and browse interfaces respect these settings. Most other interfaces will respect stricter settings, but "Public" won't work. Lots of rough edges in the integration still. None of this makes policies any looser than they were already without explicit user intervention, so I just put a warning about it in the UI.
Test Plan: Set a repository to public and browsed it. Verified I could not access non-public repositories.
Reviewers: btrahan
Reviewed By: btrahan
CC: aran, davidressman
Maniphest Tasks: T603
Differential Revision: https://secure.phabricator.com/D7061
+179
-2
+2
src/__phutil_library_map__.php
+2
src/__phutil_library_map__.php
···
498
498
'DiffusionRepositoryEditBasicController' => 'applications/diffusion/controller/DiffusionRepositoryEditBasicController.php',
499
499
'DiffusionRepositoryEditController' => 'applications/diffusion/controller/DiffusionRepositoryEditController.php',
500
500
'DiffusionRepositoryEditEncodingController' => 'applications/diffusion/controller/DiffusionRepositoryEditEncodingController.php',
501
+
'DiffusionRepositoryEditPolicyController' => 'applications/diffusion/controller/DiffusionRepositoryEditPolicyController.php',
501
502
'DiffusionRepositoryListController' => 'applications/diffusion/controller/DiffusionRepositoryListController.php',
502
503
'DiffusionRepositoryPath' => 'applications/diffusion/data/DiffusionRepositoryPath.php',
503
504
'DiffusionRepositoryTag' => 'applications/diffusion/data/DiffusionRepositoryTag.php',
···
2559
2560
'DiffusionRepositoryEditBasicController' => 'DiffusionController',
2560
2561
'DiffusionRepositoryEditController' => 'DiffusionController',
2561
2562
'DiffusionRepositoryEditEncodingController' => 'DiffusionController',
2563
+
'DiffusionRepositoryEditPolicyController' => 'DiffusionController',
2562
2564
'DiffusionRepositoryListController' =>
2563
2565
array(
2564
2566
0 => 'DiffusionController',
+1
src/applications/diffusion/application/PhabricatorApplicationDiffusion.php
+1
src/applications/diffusion/application/PhabricatorApplicationDiffusion.php
···
68
68
'basic/' => 'DiffusionRepositoryEditBasicController',
69
69
'encoding/' => 'DiffusionRepositoryEditEncodingController',
70
70
'activate/' => 'DiffusionRepositoryEditActivateController',
71
+
'policy/' => 'DiffusionRepositoryEditPolicyController',
71
72
),
72
73
),
73
74
'inline/' => array(
+4
src/applications/diffusion/controller/DiffusionBrowseController.php
+4
src/applications/diffusion/controller/DiffusionBrowseController.php
+4
src/applications/diffusion/controller/DiffusionRepositoryController.php
+4
src/applications/diffusion/controller/DiffusionRepositoryController.php
+51
src/applications/diffusion/controller/DiffusionRepositoryEditController.php
+51
src/applications/diffusion/controller/DiffusionRepositoryEditController.php
···
34
34
$content[] = $this->buildBasicProperties($repository);
35
35
36
36
$content[] = id(new PHUIHeaderView())
37
+
->setHeader(pht('Policies'));
38
+
39
+
$content[] = $this->buildPolicyActions($repository);
40
+
$content[] = $this->buildPolicyProperties($repository);
41
+
42
+
$content[] = id(new PHUIHeaderView())
37
43
->setHeader(pht('Text Encoding'));
38
44
39
45
$content[] = $this->buildEncodingActions($repository);
···
164
170
->setName(pht('Edit Text Encoding'))
165
171
->setHref(
166
172
$this->getRepositoryControllerURI($repository, 'edit/encoding/'))
173
+
->setWorkflow(!$can_edit)
167
174
->setDisabled(!$can_edit);
168
175
$view->addAction($edit);
169
176
···
186
193
return $view;
187
194
}
188
195
196
+
private function buildPolicyActions(PhabricatorRepository $repository) {
197
+
$viewer = $this->getRequest()->getUser();
198
+
199
+
$view = id(new PhabricatorActionListView())
200
+
->setObjectURI($this->getRequest()->getRequestURI())
201
+
->setUser($viewer);
202
+
203
+
$can_edit = PhabricatorPolicyFilter::hasCapability(
204
+
$viewer,
205
+
$repository,
206
+
PhabricatorPolicyCapability::CAN_EDIT);
189
207
208
+
$edit = id(new PhabricatorActionView())
209
+
->setIcon('edit')
210
+
->setName(pht('Edit Policies'))
211
+
->setHref(
212
+
$this->getRepositoryControllerURI($repository, 'edit/policy/'))
213
+
->setWorkflow(!$can_edit)
214
+
->setDisabled(!$can_edit);
215
+
$view->addAction($edit);
216
+
217
+
return $view;
218
+
}
219
+
220
+
private function buildPolicyProperties(PhabricatorRepository $repository) {
221
+
$viewer = $this->getRequest()->getUser();
222
+
223
+
$view = id(new PhabricatorPropertyListView())
224
+
->setUser($viewer);
225
+
226
+
$descriptions = PhabricatorPolicyQuery::renderPolicyDescriptions(
227
+
$viewer,
228
+
$repository);
229
+
230
+
$view->addProperty(
231
+
pht('Visible To'),
232
+
$descriptions[PhabricatorPolicyCapability::CAN_VIEW]);
233
+
234
+
$view->addProperty(
235
+
pht('Editable By'),
236
+
$descriptions[PhabricatorPolicyCapability::CAN_EDIT]);
237
+
238
+
239
+
return $view;
240
+
}
190
241
191
242
}
+113
src/applications/diffusion/controller/DiffusionRepositoryEditPolicyController.php
+113
src/applications/diffusion/controller/DiffusionRepositoryEditPolicyController.php
···
1
+
<?php
2
+
3
+
final class DiffusionRepositoryEditPolicyController
4
+
extends DiffusionController {
5
+
6
+
public function processRequest() {
7
+
$request = $this->getRequest();
8
+
$viewer = $request->getUser();
9
+
$drequest = $this->diffusionRequest;
10
+
$repository = $drequest->getRepository();
11
+
12
+
$repository = id(new PhabricatorRepositoryQuery())
13
+
->setViewer($viewer)
14
+
->requireCapabilities(
15
+
array(
16
+
PhabricatorPolicyCapability::CAN_VIEW,
17
+
PhabricatorPolicyCapability::CAN_EDIT,
18
+
))
19
+
->withIDs(array($repository->getID()))
20
+
->executeOne();
21
+
22
+
if (!$repository) {
23
+
return new Aphront404Response();
24
+
}
25
+
26
+
$edit_uri = $this->getRepositoryControllerURI($repository, 'edit/');
27
+
28
+
$v_view = $repository->getViewPolicy();
29
+
$v_edit = $repository->getEditPolicy();
30
+
31
+
if ($request->isFormPost()) {
32
+
$v_view = $request->getStr('viewPolicy');
33
+
$v_edit = $request->getStr('editPolicy');
34
+
35
+
$xactions = array();
36
+
$template = id(new PhabricatorRepositoryTransaction());
37
+
38
+
$type_view = PhabricatorTransactions::TYPE_VIEW_POLICY;
39
+
$type_edit = PhabricatorTransactions::TYPE_EDIT_POLICY;
40
+
41
+
$xactions[] = id(clone $template)
42
+
->setTransactionType($type_view)
43
+
->setNewValue($v_view);
44
+
45
+
$xactions[] = id(clone $template)
46
+
->setTransactionType($type_edit)
47
+
->setNewValue($v_edit);
48
+
49
+
id(new PhabricatorRepositoryEditor())
50
+
->setContinueOnNoEffect(true)
51
+
->setContentSourceFromRequest($request)
52
+
->setActor($viewer)
53
+
->applyTransactions($repository, $xactions);
54
+
55
+
return id(new AphrontRedirectResponse())->setURI($edit_uri);
56
+
}
57
+
58
+
$content = array();
59
+
60
+
$crumbs = $this->buildCrumbs();
61
+
$crumbs->addCrumb(
62
+
id(new PhabricatorCrumbView())
63
+
->setName(pht('Edit Policies')));
64
+
65
+
$title = pht('Edit %s', $repository->getName());
66
+
67
+
$policies = id(new PhabricatorPolicyQuery())
68
+
->setViewer($viewer)
69
+
->setObject($repository)
70
+
->execute();
71
+
72
+
$form = id(new AphrontFormView())
73
+
->setUser($viewer)
74
+
->appendRemarkupInstructions(
75
+
pht(
76
+
'NOTE: The "Visible To" control is not yet fully functional. It '.
77
+
'applies to some interfaces, but some interfaces will bypass this '.
78
+
'setting and act as though it were set to "all users" for now.'))
79
+
->appendChild(
80
+
id(new AphrontFormPolicyControl())
81
+
->setUser($viewer)
82
+
->setCapability(PhabricatorPolicyCapability::CAN_VIEW)
83
+
->setPolicyObject($repository)
84
+
->setPolicies($policies)
85
+
->setName('viewPolicy'))
86
+
->appendChild(
87
+
id(new AphrontFormPolicyControl())
88
+
->setUser($viewer)
89
+
->setCapability(PhabricatorPolicyCapability::CAN_EDIT)
90
+
->setPolicyObject($repository)
91
+
->setPolicies($policies)
92
+
->setName('editPolicy'))
93
+
->appendChild(
94
+
id(new AphrontFormSubmitControl())
95
+
->setValue(pht('Save Policies'))
96
+
->addCancelButton($edit_uri));
97
+
98
+
$form_box = id(new PHUIFormBoxView())
99
+
->setHeaderText($title)
100
+
->setForm($form);
101
+
102
+
return $this->buildApplicationPage(
103
+
array(
104
+
$crumbs,
105
+
$form_box,
106
+
),
107
+
array(
108
+
'title' => $title,
109
+
'device' => true,
110
+
));
111
+
}
112
+
113
+
}
+2
src/applications/repository/editor/PhabricatorRepositoryEditor.php
+2
src/applications/repository/editor/PhabricatorRepositoryEditor.php
···
10
10
$types[] = PhabricatorRepositoryTransaction::TYPE_NAME;
11
11
$types[] = PhabricatorRepositoryTransaction::TYPE_DESCRIPTION;
12
12
$types[] = PhabricatorRepositoryTransaction::TYPE_ENCODING;
13
+
$types[] = PhabricatorTransactions::TYPE_VIEW_POLICY;
14
+
$types[] = PhabricatorTransactions::TYPE_EDIT_POLICY;
13
15
14
16
return $types;
15
17
}
+2
-2
src/applications/repository/storage/PhabricatorRepository.php
+2
-2
src/applications/repository/storage/PhabricatorRepository.php
···
707
707
public function getPolicy($capability) {
708
708
switch ($capability) {
709
709
case PhabricatorPolicyCapability::CAN_VIEW:
710
-
return PhabricatorPolicies::POLICY_USER;
710
+
return $this->getViewPolicy();
711
711
case PhabricatorPolicyCapability::CAN_EDIT:
712
-
return PhabricatorPolicies::POLICY_ADMIN;
712
+
return $this->getEditPolicy();
713
713
}
714
714
}
715
715