recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Allow users who can edit a dashboard to remove invalid / restricted panels

Summary:
Ref T12207. Currently, to remove a panel from a dashboard, it must be a valid panel which you can see.

Instead, only require that the panel PHID actually be listed somewhere in the dashboard's internal list of panels.

This interacts with the "multiple instances of a panel" issue described in some more depth in T12207. In particular:

- Currently, you can sort of add multiple copies of a panel to a dashboard, sometimes? Maybe?
- This leads to great tragedy.

This doesn't fix up the workflow with respect to multiple copies of a panel. We still remove by panel PHID (not by column/position or internal ID) so if a dashboard has multiple copies of the same panel for some reason, I think this workflow removes one of them arbitrarily (at best) or perhaps does something worse. I'm just treating this behavior as undefined for the moment.

Test Plan:
- Removed an invalid/hidden panel from a dashboard as a user with permission to edit that dashboard.
- Tried to remove a made-up panel with a totally bogus PHID, got 404'd.
- Viewed a dashboard with a restricted panel.
- Put a hidden panel inside a tab panel, viewed it as a user who could not see it and a user who could.

Reviewers: chad

Reviewed By: chad

Subscribers: swisspol

Maniphest Tasks: T12207

Differential Revision: https://secure.phabricator.com/D17314

epriestley f64edb99 d2c4d7d9

+61 -25
+1
src/applications/dashboard/controller/PhabricatorDashboardPanelRenderController.php
··· 34 34 $rendered_panel = id(new PhabricatorDashboardPanelRenderingEngine()) 35 35 ->setViewer($viewer) 36 36 ->setPanel($panel) 37 + ->setPanelPHID($panel->getPHID()) 37 38 ->setParentPanelPHIDs($parent_phids) 38 39 ->setHeaderMode($request->getStr('headerMode')) 39 40 ->setDashboardID($request->getInt('dashboardID'))
+1
src/applications/dashboard/controller/PhabricatorDashboardPanelViewController.php
··· 38 38 $rendered_panel = id(new PhabricatorDashboardPanelRenderingEngine()) 39 39 ->setViewer($viewer) 40 40 ->setPanel($panel) 41 + ->setPanelPHID($panel->getPHID()) 41 42 ->setParentPanelPHIDs(array()) 42 43 ->renderPanel(); 43 44
+21 -8
src/applications/dashboard/controller/PhabricatorDashboardRemovePanelController.php
··· 20 20 return new Aphront404Response(); 21 21 } 22 22 23 + // NOTE: If you can edit a dashboard, you can remove panels from it even 24 + // if you don't have permission to see them or they aren't valid. We only 25 + // require that the panel be present on the dashboard. 26 + 23 27 $v_panel = $request->getStr('panelPHID'); 24 - $panel = id(new PhabricatorDashboardPanelQuery()) 25 - ->setViewer($viewer) 26 - ->withPHIDs(array($v_panel)) 27 - ->executeOne(); 28 - if (!$panel) { 28 + 29 + $panel_on_dashboard = false; 30 + $layout = $dashboard->getLayoutConfigObject(); 31 + $columns = $layout->getPanelLocations(); 32 + foreach ($columns as $column) { 33 + foreach ($column as $column_panel_phid) { 34 + if ($column_panel_phid == $v_panel) { 35 + $panel_on_dashboard = true; 36 + break; 37 + } 38 + } 39 + } 40 + 41 + if (!$panel_on_dashboard) { 29 42 return new Aphront404Response(); 30 43 } 31 44 ··· 43 56 ->setNewValue( 44 57 array( 45 58 '-' => array( 46 - $panel->getPHID() => $panel->getPHID(), 59 + $v_panel => $v_panel, 47 60 ), 48 61 )); 49 62 50 - $layout_config->removePanel($panel->getPHID()); 63 + $layout_config->removePanel($v_panel); 51 64 $dashboard->setLayoutConfigFromObject($layout_config); 52 65 53 66 $editor = id(new PhabricatorDashboardTransactionEditor()) ··· 67 80 ->appendChild(pht('Are you sure you want to remove this panel?')); 68 81 69 82 return $this->newDialog() 70 - ->setTitle(pht('Remove Panel %s', $panel->getMonogram())) 83 + ->setTitle(pht('Remove Panel')) 71 84 ->appendChild($form->buildLayoutView()) 72 85 ->addCancelButton($redirect_uri) 73 86 ->addSubmitButton(pht('Remove Panel'));
+35 -17
src/applications/dashboard/engine/PhabricatorDashboardPanelRenderingEngine.php
··· 7 7 const HEADER_MODE_EDIT = 'edit'; 8 8 9 9 private $panel; 10 + private $panelPHID; 10 11 private $viewer; 11 12 private $enableAsyncRendering; 12 13 private $parentPanelPHIDs; ··· 64 65 65 66 public function getPanel() { 66 67 return $this->panel; 68 + } 69 + 70 + public function setPanelPHID($panel_phid) { 71 + $this->panelPHID = $panel_phid; 72 + return $this; 73 + } 74 + 75 + public function getPanelPHID() { 76 + return $this->panelPHID; 67 77 } 68 78 69 79 public function renderPanel() { ··· 255 265 PHUIHeaderView $header) { 256 266 $panel = $this->getPanel(); 257 267 258 - if (!$panel) { 259 - return $header; 260 - } 268 + $dashboard_id = $this->getDashboardID(); 269 + 270 + if ($panel) { 271 + $panel_id = $panel->getID(); 272 + 273 + $edit_uri = "/dashboard/panel/edit/{$panel_id}/"; 274 + $edit_uri = new PhutilURI($edit_uri); 275 + if ($dashboard_id) { 276 + $edit_uri->setQueryParam('dashboardID', $dashboard_id); 277 + } 261 278 262 - $dashboard_id = $this->getDashboardID(); 263 - $edit_uri = id(new PhutilURI( 264 - '/dashboard/panel/edit/'.$panel->getID().'/')); 265 - if ($dashboard_id) { 266 - $edit_uri->setQueryParam('dashboardID', $dashboard_id); 279 + $action_edit = id(new PHUIIconView()) 280 + ->setIcon('fa-pencil') 281 + ->setWorkflow(true) 282 + ->setHref((string)$edit_uri); 283 + 284 + $header->addActionItem($action_edit); 267 285 } 268 - $action_edit = id(new PHUIIconView()) 269 - ->setIcon('fa-pencil') 270 - ->setWorkflow(true) 271 - ->setHref((string)$edit_uri); 272 - $header->addActionItem($action_edit); 273 286 274 287 if ($dashboard_id) { 275 - $uri = id(new PhutilURI( 276 - '/dashboard/removepanel/'.$dashboard_id.'/')) 277 - ->setQueryParam('panelPHID', $panel->getPHID()); 288 + $panel_phid = $this->getPanelPHID(); 289 + 290 + $remove_uri = "/dashboard/removepanel/{$dashboard_id}/"; 291 + $remove_uri = id(new PhutilURI($remove_uri)) 292 + ->setQueryParam('panelPHID', $panel_phid); 293 + 278 294 $action_remove = id(new PHUIIconView()) 279 295 ->setIcon('fa-trash-o') 280 - ->setHref((string)$uri) 296 + ->setHref((string)$remove_uri) 281 297 ->setWorkflow(true); 298 + 282 299 $header->addActionItem($action_remove); 283 300 } 301 + 284 302 return $header; 285 303 } 286 304
+1
src/applications/dashboard/engine/PhabricatorDashboardRenderingEngine.php
··· 55 55 ->setViewer($viewer) 56 56 ->setDashboardID($dashboard->getID()) 57 57 ->setEnableAsyncRendering(true) 58 + ->setPanelPHID($panel_phid) 58 59 ->setParentPanelPHIDs(array()) 59 60 ->setHeaderMode($h_mode); 60 61
+1
src/applications/dashboard/paneltype/PhabricatorDashboardTabsPanelType.php
··· 91 91 ->setEnableAsyncRendering(true) 92 92 ->setParentPanelPHIDs($parent_phids) 93 93 ->setPanel($panel) 94 + ->setPanelPHID($panel->getPHID()) 94 95 ->setHeaderMode($no_headers) 95 96 ->renderPanel(); 96 97 } else {
+1
src/applications/dashboard/remarkup/PhabricatorDashboardRemarkupRule.php
··· 32 32 return id(new PhabricatorDashboardPanelRenderingEngine()) 33 33 ->setViewer($viewer) 34 34 ->setPanel($object) 35 + ->setPanelPHID($object->getPHID()) 35 36 ->setParentPanelPHIDs($parent_phids) 36 37 ->renderPanel(); 37 38