@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.)
hq.recaptime.dev/wiki/Phorge
phorge
phabricator
Improve consistency of policy enforcement on new repository edit UI
Summary: Ref T2231. The policy rules are a little murky right now: the "Edit Repository" link requires CAN_EDIT, but the actualy page doesn't. Instead, require CAN_EDIT for the edit page.
Test Plan: As a user without CAN_EDIT, viewed a repository and clicked the edit link.
Reviewers: btrahan
Reviewed By: btrahan
CC: aran
Maniphest Tasks: T2231
Differential Revision: https://secure.phabricator.com/D7406
+29
-79
+4
-9
src/applications/diffusion/controller/DiffusionRepositoryCreateController.php
+4
-9
src/applications/diffusion/controller/DiffusionRepositoryCreateController.php
···
22
22
$repository = $this->getDiffusionRequest()->getRepository();
23
23
24
24
// Make sure we have CAN_EDIT.
25
-
id(new PhabricatorRepositoryQuery())
26
-
->setViewer($viewer)
27
-
->withIDs(array($repository->getID()))
28
-
->requireCapabilities(
29
-
array(
30
-
PhabricatorPolicyCapability::CAN_VIEW,
31
-
PhabricatorPolicyCapability::CAN_EDIT,
32
-
))
33
-
->executeOne();
25
+
PhabricatorPolicyFilter::requireCapability(
26
+
$viewer,
27
+
$repository,
28
+
PhabricatorPolicyCapability::CAN_EDIT);
34
29
35
30
$this->setRepository($repository);
36
31
+25
-70
src/applications/diffusion/controller/DiffusionRepositoryEditController.php
+25
-70
src/applications/diffusion/controller/DiffusionRepositoryEditController.php
···
4
4
5
5
public function processRequest() {
6
6
$request = $this->getRequest();
7
-
$user = $request->getUser();
7
+
$viewer = $request->getUser();
8
8
$drequest = $this->diffusionRequest;
9
9
$repository = $drequest->getRepository();
10
+
11
+
PhabricatorPolicyFilter::requireCapability(
12
+
$viewer,
13
+
$repository,
14
+
PhabricatorPolicyCapability::CAN_EDIT);
10
15
11
16
$is_svn = false;
12
17
$is_git = false;
···
77
82
$this->buildActionsActions($repository));
78
83
79
84
$xactions = id(new PhabricatorRepositoryTransactionQuery())
80
-
->setViewer($user)
85
+
->setViewer($viewer)
81
86
->withObjectPHIDs(array($repository->getPHID()))
82
87
->execute();
83
88
84
89
$engine = id(new PhabricatorMarkupEngine())
85
-
->setViewer($user);
90
+
->setViewer($viewer);
86
91
foreach ($xactions as $xaction) {
87
92
if ($xaction->getComment()) {
88
93
$engine->addObject(
···
93
98
$engine->process();
94
99
95
100
$xaction_view = id(new PhabricatorApplicationTransactionView())
96
-
->setUser($user)
101
+
->setUser($viewer)
97
102
->setObjectPHID($repository->getPHID())
98
103
->setTransactions($xactions)
99
104
->setMarkupEngine($engine);
···
128
133
}
129
134
130
135
private function buildBasicActions(PhabricatorRepository $repository) {
131
-
$user = $this->getRequest()->getUser();
136
+
$viewer = $this->getRequest()->getUser();
132
137
133
138
$view = id(new PhabricatorActionListView())
134
139
->setObjectURI($this->getRequest()->getRequestURI())
135
-
->setUser($user);
136
-
137
-
$can_edit = PhabricatorPolicyFilter::hasCapability(
138
-
$user,
139
-
$repository,
140
-
PhabricatorPolicyCapability::CAN_EDIT);
140
+
->setUser($viewer);
141
141
142
142
$edit = id(new PhabricatorActionView())
143
143
->setIcon('edit')
144
144
->setName(pht('Edit Basic Information'))
145
-
->setHref($this->getRepositoryControllerURI($repository, 'edit/basic/'))
146
-
->setDisabled(!$can_edit)
147
-
->setWorkflow(!$can_edit);
145
+
->setHref($this->getRepositoryControllerURI($repository, 'edit/basic/'));
148
146
$view->addAction($edit);
149
147
150
148
$activate = id(new PhabricatorActionView())
151
149
->setHref(
152
150
$this->getRepositoryControllerURI($repository, 'edit/activate/'))
153
-
->setDisabled(!$can_edit)
154
151
->setWorkflow(true);
155
152
156
153
if ($repository->isTracked()) {
···
172
169
PhabricatorRepository $repository,
173
170
PhabricatorActionListView $actions) {
174
171
175
-
$user = $this->getRequest()->getUser();
172
+
$viewer = $this->getRequest()->getUser();
176
173
177
174
$view = id(new PHUIPropertyListView())
178
-
->setUser($user)
175
+
->setUser($viewer)
179
176
->setActionList($actions);
180
177
181
178
$view->addProperty(pht('Name'), $repository->getName());
···
196
193
$description = PhabricatorMarkupEngine::renderOneObject(
197
194
$repository,
198
195
'description',
199
-
$user);
196
+
$viewer);
200
197
}
201
198
$view->addTextContent($description);
202
199
···
204
201
}
205
202
206
203
private function buildEncodingActions(PhabricatorRepository $repository) {
207
-
$user = $this->getRequest()->getUser();
204
+
$viewer = $this->getRequest()->getUser();
208
205
209
206
$view = id(new PhabricatorActionListView())
210
207
->setObjectURI($this->getRequest()->getRequestURI())
211
-
->setUser($user);
212
-
213
-
$can_edit = PhabricatorPolicyFilter::hasCapability(
214
-
$user,
215
-
$repository,
216
-
PhabricatorPolicyCapability::CAN_EDIT);
208
+
->setUser($viewer);
217
209
218
210
$edit = id(new PhabricatorActionView())
219
211
->setIcon('edit')
220
212
->setName(pht('Edit Text Encoding'))
221
213
->setHref(
222
-
$this->getRepositoryControllerURI($repository, 'edit/encoding/'))
223
-
->setWorkflow(!$can_edit)
224
-
->setDisabled(!$can_edit);
214
+
$this->getRepositoryControllerURI($repository, 'edit/encoding/'));
225
215
$view->addAction($edit);
226
216
227
217
return $view;
···
231
221
PhabricatorRepository $repository,
232
222
PhabricatorActionListView $actions) {
233
223
234
-
$user = $this->getRequest()->getUser();
224
+
$viewer = $this->getRequest()->getUser();
235
225
236
226
$view = id(new PHUIPropertyListView())
237
-
->setUser($user)
227
+
->setUser($viewer)
238
228
->setActionList($actions)
239
229
->addSectionHeader(pht('Text Encoding'));
240
230
···
255
245
->setObjectURI($this->getRequest()->getRequestURI())
256
246
->setUser($viewer);
257
247
258
-
$can_edit = PhabricatorPolicyFilter::hasCapability(
259
-
$viewer,
260
-
$repository,
261
-
PhabricatorPolicyCapability::CAN_EDIT);
262
-
263
248
$edit = id(new PhabricatorActionView())
264
249
->setIcon('edit')
265
250
->setName(pht('Edit Policies'))
266
251
->setHref(
267
-
$this->getRepositoryControllerURI($repository, 'edit/policy/'))
268
-
->setWorkflow(!$can_edit)
269
-
->setDisabled(!$can_edit);
252
+
$this->getRepositoryControllerURI($repository, 'edit/policy/'));
270
253
$view->addAction($edit);
271
254
272
255
return $view;
···
306
289
->setObjectURI($this->getRequest()->getRequestURI())
307
290
->setUser($viewer);
308
291
309
-
$can_edit = PhabricatorPolicyFilter::hasCapability(
310
-
$viewer,
311
-
$repository,
312
-
PhabricatorPolicyCapability::CAN_EDIT);
313
-
314
292
$edit = id(new PhabricatorActionView())
315
293
->setIcon('edit')
316
294
->setName(pht('Edit Branches'))
317
295
->setHref(
318
-
$this->getRepositoryControllerURI($repository, 'edit/branches/'))
319
-
->setWorkflow(!$can_edit)
320
-
->setDisabled(!$can_edit);
296
+
$this->getRepositoryControllerURI($repository, 'edit/branches/'));
321
297
$view->addAction($edit);
322
298
323
299
return $view;
···
359
335
->setObjectURI($this->getRequest()->getRequestURI())
360
336
->setUser($viewer);
361
337
362
-
$can_edit = PhabricatorPolicyFilter::hasCapability(
363
-
$viewer,
364
-
$repository,
365
-
PhabricatorPolicyCapability::CAN_EDIT);
366
-
367
338
$edit = id(new PhabricatorActionView())
368
339
->setIcon('edit')
369
340
->setName(pht('Edit Subversion Info'))
370
341
->setHref(
371
-
$this->getRepositoryControllerURI($repository, 'edit/subversion/'))
372
-
->setWorkflow(!$can_edit)
373
-
->setDisabled(!$can_edit);
342
+
$this->getRepositoryControllerURI($repository, 'edit/subversion/'));
374
343
$view->addAction($edit);
375
344
376
345
return $view;
···
407
376
->setObjectURI($this->getRequest()->getRequestURI())
408
377
->setUser($viewer);
409
378
410
-
$can_edit = PhabricatorPolicyFilter::hasCapability(
411
-
$viewer,
412
-
$repository,
413
-
PhabricatorPolicyCapability::CAN_EDIT);
414
-
415
379
$edit = id(new PhabricatorActionView())
416
380
->setIcon('edit')
417
381
->setName(pht('Edit Actions'))
418
382
->setHref(
419
-
$this->getRepositoryControllerURI($repository, 'edit/actions/'))
420
-
->setWorkflow(!$can_edit)
421
-
->setDisabled(!$can_edit);
383
+
$this->getRepositoryControllerURI($repository, 'edit/actions/'));
422
384
$view->addAction($edit);
423
385
424
386
return $view;
···
457
419
->setObjectURI($this->getRequest()->getRequestURI())
458
420
->setUser($viewer);
459
421
460
-
$can_edit = PhabricatorPolicyFilter::hasCapability(
461
-
$viewer,
462
-
$repository,
463
-
PhabricatorPolicyCapability::CAN_EDIT);
464
-
465
422
$edit = id(new PhabricatorActionView())
466
423
->setIcon('edit')
467
424
->setName(pht('Edit Remote'))
468
425
->setHref(
469
-
$this->getRepositoryControllerURI($repository, 'edit/remote/'))
470
-
->setWorkflow(!$can_edit)
471
-
->setDisabled(!$can_edit);
426
+
$this->getRepositoryControllerURI($repository, 'edit/remote/'));
472
427
$view->addAction($edit);
473
428
474
429
return $view;