No OneTemporary
Actions

Size

74 KB

Referenced Files

None

Subscribers

None

View Options

	diff --git a/resources/sql/autopatches/20151223.proj.04.keycol.sql b/resources/sql/autopatches/20151223.proj.04.keycol.sql
	new file mode 100644
	index 0000000000..bbc938e7ea
	--- /dev/null
	+++ b/resources/sql/autopatches/20151223.proj.04.keycol.sql
	@@ -0,0 +1,2 @@
	+ALTER TABLE {$NAMESPACE}_project.project
	+ ADD projectPathKey BINARY(4) NOT NULL;
	diff --git a/resources/sql/autopatches/20151223.proj.05.updatekeys.php b/resources/sql/autopatches/20151223.proj.05.updatekeys.php
	new file mode 100644
	index 0000000000..fe4a1ffd1c
	--- /dev/null
	+++ b/resources/sql/autopatches/20151223.proj.05.updatekeys.php
	@@ -0,0 +1,24 @@
	+<?php
	+
	+$table = new PhabricatorProject();
	+$conn_w = $table->establishConnection('w');
	+
	+foreach (new LiskMigrationIterator($table) as $project) {
	+ $path = $project->getProjectPath();
	+ $key = $project->getProjectPathKey();
	+
	+ if (strlen($path) && ($key !== "\0\0\0\0")) {
	+ continue;
	+ }
	+
	+ $path_key = PhabricatorHash::digestForIndex($project->getPHID());
	+ $path_key = substr($path_key, 0, 4);
	+
	+ queryfx(
	+ $conn_w,
	+ 'UPDATE %T SET projectPath = %s, projectPathKey = %s WHERE id = %d',
	+ $project->getTableName(),
	+ $path_key,
	+ $path_key,
	+ $project->getID());
	+}
	diff --git a/resources/sql/autopatches/20151223.proj.06.uniq.sql b/resources/sql/autopatches/20151223.proj.06.uniq.sql
	new file mode 100644
	index 0000000000..2e28c18dbe
	--- /dev/null
	+++ b/resources/sql/autopatches/20151223.proj.06.uniq.sql
	@@ -0,0 +1,2 @@
	+ALTER TABLE {$NAMESPACE}_project.project
	+ ADD UNIQUE KEY `key_pathkey` (projectPathKey);
	diff --git a/src/applications/policy/filter/PhabricatorPolicyFilter.php b/src/applications/policy/filter/PhabricatorPolicyFilter.php
	index f9be22ad52..caa119e0cf 100644
	--- a/src/applications/policy/filter/PhabricatorPolicyFilter.php
	+++ b/src/applications/policy/filter/PhabricatorPolicyFilter.php
	@@ -1,848 +1,852 @@
	<?php

	final class PhabricatorPolicyFilter extends Phobject {

	private $viewer;
	private $objects;
	private $capabilities;
	private $raisePolicyExceptions;
	private $userProjects;
	private $customPolicies = array();
	private $objectPolicies = array();
	private $forcedPolicy;

	public static function mustRetainCapability(
	PhabricatorUser $user,
	PhabricatorPolicyInterface $object,
	$capability) {

	if (!self::hasCapability($user, $object, $capability)) {
	throw new Exception(
	pht(
	"You can not make that edit, because it would remove your ability ".
	"to '%s' the object.",
	$capability));
	}
	}

	public static function requireCapability(
	PhabricatorUser $user,
	PhabricatorPolicyInterface $object,
	$capability) {
	$filter = id(new PhabricatorPolicyFilter())
	->setViewer($user)
	->requireCapabilities(array($capability))
	->raisePolicyExceptions(true)
	->apply(array($object));
	}

	/**
	* Perform a capability check, acting as though an object had a specific
	* policy. This is primarily used to check if a policy is valid (for example,
	* to prevent users from editing away their ability to edit an object).
	*
	* Specifically, a check like this:
	*
	* PhabricatorPolicyFilter::requireCapabilityWithForcedPolicy(
	* $viewer,
	* $object,
	* PhabricatorPolicyCapability::CAN_EDIT,
	* $potential_new_policy);
	*
	* ...will throw a @{class:PhabricatorPolicyException} if the new policy would
	* remove the user's ability to edit the object.
	*
	* @param PhabricatorUser The viewer to perform a policy check for.
	* @param PhabricatorPolicyInterface The object to perform a policy check on.
	* @param string Capability to test.
	* @param string Perform the test as though the object has this
	* policy instead of the policy it actually has.
	* @return void
	*/
	public static function requireCapabilityWithForcedPolicy(
	PhabricatorUser $viewer,
	PhabricatorPolicyInterface $object,
	$capability,
	$forced_policy) {

	id(new PhabricatorPolicyFilter())
	->setViewer($viewer)
	->requireCapabilities(array($capability))
	->raisePolicyExceptions(true)
	->forcePolicy($forced_policy)
	->apply(array($object));
	}

	public static function hasCapability(
	PhabricatorUser $user,
	PhabricatorPolicyInterface $object,
	$capability) {

	$filter = new PhabricatorPolicyFilter();
	$filter->setViewer($user);
	$filter->requireCapabilities(array($capability));
	$result = $filter->apply(array($object));

	return (count($result) == 1);
	}

	public function setViewer(PhabricatorUser $user) {
	$this->viewer = $user;
	return $this;
	}

	public function requireCapabilities(array $capabilities) {
	$this->capabilities = $capabilities;
	return $this;
	}

	public function raisePolicyExceptions($raise) {
	$this->raisePolicyExceptions = $raise;
	return $this;
	}

	public function forcePolicy($forced_policy) {
	$this->forcedPolicy = $forced_policy;
	return $this;
	}

	public function apply(array $objects) {
	assert_instances_of($objects, 'PhabricatorPolicyInterface');

	$viewer = $this->viewer;
	$capabilities = $this->capabilities;

	if (!$viewer \|\| !$capabilities) {
	throw new PhutilInvalidStateException('setViewer', 'requireCapabilities');
	}

	// If the viewer is omnipotent, short circuit all the checks and just
	// return the input unmodified. This is an optimization; we know the
	// result already.
	if ($viewer->isOmnipotent()) {
	return $objects;
	}

	$filtered = array();
	$viewer_phid = $viewer->getPHID();

	if (empty($this->userProjects[$viewer_phid])) {
	$this->userProjects[$viewer_phid] = array();
	}

	$need_projects = array();
	$need_policies = array();
	$need_objpolicies = array();
	foreach ($objects as $key => $object) {
	$object_capabilities = $object->getCapabilities();
	foreach ($capabilities as $capability) {
	if (!in_array($capability, $object_capabilities)) {
	throw new Exception(
	pht(
	"Testing for capability '%s' on an object which does ".
	"not have that capability!",
	$capability));
	}

	$policy = $this->getObjectPolicy($object, $capability);

	if (PhabricatorPolicyQuery::isObjectPolicy($policy)) {
	$need_objpolicies[$policy][] = $object;
	continue;
	}

	$type = phid_get_type($policy);
	if ($type == PhabricatorProjectProjectPHIDType::TYPECONST) {
	$need_projects[$policy] = $policy;
	continue;
	}

	if ($type == PhabricatorPolicyPHIDTypePolicy::TYPECONST) {
	$need_policies[$policy][] = $object;
	continue;
	}
	}
	}

	if ($need_objpolicies) {
	$this->loadObjectPolicies($need_objpolicies);
	}

	if ($need_policies) {
	$this->loadCustomPolicies($need_policies);
	}

	// If we need projects, check if any of the projects we need are also the
	// objects we're filtering. Because of how project rules work, this is a
	// common case.
	if ($need_projects) {
	foreach ($objects as $object) {
	if ($object instanceof PhabricatorProject) {
	$project_phid = $object->getPHID();
	if (isset($need_projects[$project_phid])) {
	$is_member = $object->isUserMember($viewer_phid);
	$this->userProjects[$viewer_phid][$project_phid] = $is_member;
	unset($need_projects[$project_phid]);
	}
	}
	}
	}

	if ($need_projects) {
	$need_projects = array_unique($need_projects);

	// NOTE: We're using the omnipotent user here to avoid a recursive
	// descent into madness. We don't actually need to know if the user can
	// see these projects or not, since: the check is "user is member of
	// project", not "user can see project"; and membership implies
	// visibility anyway. Without this, we may load other projects and
	// re-enter the policy filter and generally create a huge mess.

	$projects = id(new PhabricatorProjectQuery())
	->setViewer(PhabricatorUser::getOmnipotentUser())
	->withMemberPHIDs(array($viewer->getPHID()))
	->withPHIDs($need_projects)
	->execute();

	foreach ($projects as $project) {
	$this->userProjects[$viewer_phid][$project->getPHID()] = true;
	}
	}

	foreach ($objects as $key => $object) {
	foreach ($capabilities as $capability) {
	if (!$this->checkCapability($object, $capability)) {
	// If we're missing any capability, move on to the next object.
	continue 2;
	}
	}

	// If we make it here, we have all of the required capabilities.
	$filtered[$key] = $object;
	}

	// If we survied the primary checks, apply extended checks to objects
	// with extended policies.
	$results = array();
	$extended = array();
	foreach ($filtered as $key => $object) {
	if ($object instanceof PhabricatorExtendedPolicyInterface) {
	$extended[$key] = $object;
	} else {
	$results[$key] = $object;
	}
	}

	if ($extended) {
	$results += $this->applyExtendedPolicyChecks($extended);
	// Put results back in the original order.
	$results = array_select_keys($results, array_keys($filtered));
	}

	return $results;
	}

	private function applyExtendedPolicyChecks(array $extended_objects) {
	- // First, we're going to detect cycles and reject any objects which are
	- // part of a cycle. We don't want to loop forever if an object has a
	- // self-referential or nonsense policy.
	-
	- static $in_flight = array();
	-
	- $all_phids = array();
	- foreach ($extended_objects as $key => $object) {
	- $phid = $object->getPHID();
	- if (isset($in_flight[$phid])) {
	- // TODO: This could be more user-friendly.
	- $this->rejectObject($extended_objects[$key], false, '<cycle>');
	- unset($extended_objects[$key]);
	- continue;
	- }
	-
	- // We might throw from rejectObject(), so we don't want to actually mark
	- // anything as in-flight until we survive this entire step.
	- $all_phids[$phid] = $phid;
	- }
	-
	- foreach ($all_phids as $phid) {
	- $in_flight[$phid] = true;
	- }
	-
	- $caught = null;
	- try {
	- $extended_objects = $this->executeExtendedPolicyChecks($extended_objects);
	- } catch (Exception $ex) {
	- $caught = $ex;
	- }
	-
	- foreach ($all_phids as $phid) {
	- unset($in_flight[$phid]);
	- }
	-
	- if ($caught) {
	- throw $caught;
	- }
	-
	- return $extended_objects;
	- }
	-
	- private function executeExtendedPolicyChecks(array $extended_objects) {
	$viewer = $this->viewer;
	$filter_capabilities = $this->capabilities;

	// Iterate over the objects we need to filter and pull all the nonempty
	// policies into a flat, structured list.
	$all_structs = array();
	foreach ($extended_objects as $key => $extended_object) {
	foreach ($filter_capabilities as $extended_capability) {
	$extended_policies = $extended_object->getExtendedPolicy(
	$extended_capability,
	$viewer);
	if (!$extended_policies) {
	continue;
	}

	foreach ($extended_policies as $extended_policy) {
	list($object, $capabilities) = $extended_policy;

	// Build a description of the capabilities we need to check. This
	// will be something like `"view"`, or `"edit view"`, or possibly
	// a longer string with custom capabilities. Later, group the objects
	// up into groups which need the same capabilities tested.
	$capabilities = (array)$capabilities;
	$capabilities = array_fuse($capabilities);
	ksort($capabilities);
	$group = implode(' ', $capabilities);

	$struct = array(
	'key' => $key,
	'for' => $extended_capability,
	'object' => $object,
	'capabilities' => $capabilities,
	'group' => $group,
	);

	$all_structs[] = $struct;
	}
	}
	}

	// Extract any bare PHIDs from the structs; we need to load these objects.
	// These are objects which are required in order to perform an extended
	// policy check but which the original viewer did not have permission to
	// see (they presumably had other permissions which let them load the
	// object in the first place).
	$all_phids = array();
	foreach ($all_structs as $idx => $struct) {
	$object = $struct['object'];
	if (is_string($object)) {
	$all_phids[$object] = $object;
	}
	}

	// If we have some bare PHIDs, we need to load the corresponding objects.
	if ($all_phids) {
	// We can pull these with the omnipotent user because we're immediately
	// filtering them.
	$ref_objects = id(new PhabricatorObjectQuery())
	->setViewer(PhabricatorUser::getOmnipotentUser())
	->withPHIDs($all_phids)
	->execute();
	$ref_objects = mpull($ref_objects, null, 'getPHID');
	} else {
	$ref_objects = array();
	}

	// Group the list of checks by the capabilities we need to check.
	$groups = igroup($all_structs, 'group');
	foreach ($groups as $structs) {
	$head = head($structs);

	// All of the items in each group are checking for the same capabilities.
	$capabilities = $head['capabilities'];

	$key_map = array();
	$objects_in = array();
	foreach ($structs as $struct) {
	$extended_key = $struct['key'];
	if (empty($extended_objects[$key])) {
	// If this object has already been rejected by an earlier filtering
	// pass, we don't need to do any tests on it.
	continue;
	}

	$object = $struct['object'];
	if (is_string($object)) {
	// This is really a PHID, so look it up.
	$object_phid = $object;
	if (empty($ref_objects[$object_phid])) {
	// We weren't able to load the corresponding object, so just
	// reject this result outright.

	$reject = $extended_objects[$key];
	unset($extended_objects[$key]);

	// TODO: This could be friendlier.
	$this->rejectObject($reject, false, '<bad-ref>');
	continue;
	}
	$object = $ref_objects[$object_phid];
	}

	$phid = $object->getPHID();

	$key_map[$phid][] = $extended_key;
	$objects_in[$phid] = $object;
	}

	if ($objects_in) {
	- $objects_out = id(new PhabricatorPolicyFilter())
	- ->setViewer($viewer)
	- ->requireCapabilities($capabilities)
	- ->apply($objects_in);
	+ $objects_out = $this->executeExtendedPolicyChecks(
	+ $viewer,
	+ $capabilities,
	+ $objects_in,
	+ $key_map);
	$objects_out = mpull($objects_out, null, 'getPHID');
	} else {
	$objects_out = array();
	}

	// If any objects were removed by filtering, we're going to reject all
	// of the original objects which needed them.
	foreach ($objects_in as $phid => $object_in) {
	if (isset($objects_out[$phid])) {
	// This object survived filtering, so we don't need to throw any
	// results away.
	continue;
	}

	foreach ($key_map[$phid] as $extended_key) {
	if (empty($extended_objects[$extended_key])) {
	// We've already rejected this object, so we don't need to reject
	// it again.
	continue;
	}

	$reject = $extended_objects[$extended_key];
	unset($extended_objects[$extended_key]);

	// TODO: This isn't as user-friendly as it could be. It's possible
	// that we're rejecting this object for multiple capability/policy
	// failures, though.
	$this->rejectObject($reject, false, '<extended>');
	}
	}
	}

	return $extended_objects;
	}

	+ private function executeExtendedPolicyChecks(
	+ PhabricatorUser $viewer,
	+ array $capabilities,
	+ array $objects,
	+ array $key_map) {
	+
	+ // Do crude cycle detection by seeing if we have a huge stack depth.
	+ // Although more sophisticated cycle detection is possible in theory,
	+ // it is difficult with hierarchical objects like subprojects. Many other
	+ // checks make it difficult to create cycles normally, so just do a
	+ // simple check here to limit damage.
	+
	+ static $depth;
	+
	+ $depth++;
	+
	+ if ($depth > 32) {
	+ foreach ($objects as $key => $object) {
	+ $this->rejectObject($objects[$key], false, '<cycle>');
	+ unset($objects[$key]);
	+ continue;
	+ }
	+ }
	+
	+ if (!$objects) {
	+ return array();
	+ }
	+
	+ $caught = null;
	+ try {
	+ $result = id(new PhabricatorPolicyFilter())
	+ ->setViewer($viewer)
	+ ->requireCapabilities($capabilities)
	+ ->apply($objects);
	+ } catch (Exception $ex) {
	+ $caught = $ex;
	+ }
	+
	+ $depth--;
	+
	+ if ($caught) {
	+ throw $caught;
	+ }
	+
	+ return $result;
	+ }
	+
	private function checkCapability(
	PhabricatorPolicyInterface $object,
	$capability) {

	$policy = $this->getObjectPolicy($object, $capability);

	if (!$policy) {
	// TODO: Formalize this somehow?
	$policy = PhabricatorPolicies::POLICY_USER;
	}

	if ($policy == PhabricatorPolicies::POLICY_PUBLIC) {
	// If the object is set to "public" but that policy is disabled for this
	// install, restrict the policy to "user".
	if (!PhabricatorEnv::getEnvConfig('policy.allow-public')) {
	$policy = PhabricatorPolicies::POLICY_USER;
	}

	// If the object is set to "public" but the capability is not a public
	// capability, restrict the policy to "user".
	$capobj = PhabricatorPolicyCapability::getCapabilityByKey($capability);
	if (!$capobj \|\| !$capobj->shouldAllowPublicPolicySetting()) {
	$policy = PhabricatorPolicies::POLICY_USER;
	}
	}

	$viewer = $this->viewer;

	if ($viewer->isOmnipotent()) {
	return true;
	}

	if ($object instanceof PhabricatorSpacesInterface) {
	$space_phid = $object->getSpacePHID();
	if (!$this->canViewerSeeObjectsInSpace($viewer, $space_phid)) {
	$this->rejectObjectFromSpace($object, $space_phid);
	return false;
	}
	}

	if ($object->hasAutomaticCapability($capability, $viewer)) {
	return true;
	}

	switch ($policy) {
	case PhabricatorPolicies::POLICY_PUBLIC:
	return true;
	case PhabricatorPolicies::POLICY_USER:
	if ($viewer->getPHID()) {
	return true;
	} else {
	$this->rejectObject($object, $policy, $capability);
	}
	break;
	case PhabricatorPolicies::POLICY_ADMIN:
	if ($viewer->getIsAdmin()) {
	return true;
	} else {
	$this->rejectObject($object, $policy, $capability);
	}
	break;
	case PhabricatorPolicies::POLICY_NOONE:
	$this->rejectObject($object, $policy, $capability);
	break;
	default:
	if (PhabricatorPolicyQuery::isObjectPolicy($policy)) {
	if ($this->checkObjectPolicy($policy, $object)) {
	return true;
	} else {
	$this->rejectObject($object, $policy, $capability);
	break;
	}
	}

	$type = phid_get_type($policy);
	if ($type == PhabricatorProjectProjectPHIDType::TYPECONST) {
	if (!empty($this->userProjects[$viewer->getPHID()][$policy])) {
	return true;
	} else {
	$this->rejectObject($object, $policy, $capability);
	}
	} else if ($type == PhabricatorPeopleUserPHIDType::TYPECONST) {
	if ($viewer->getPHID() == $policy) {
	return true;
	} else {
	$this->rejectObject($object, $policy, $capability);
	}
	} else if ($type == PhabricatorPolicyPHIDTypePolicy::TYPECONST) {
	if ($this->checkCustomPolicy($policy, $object)) {
	return true;
	} else {
	$this->rejectObject($object, $policy, $capability);
	}
	} else {
	// Reject objects with unknown policies.
	$this->rejectObject($object, false, $capability);
	}
	}

	return false;
	}

	public function rejectObject(
	PhabricatorPolicyInterface $object,
	$policy,
	$capability) {

	if (!$this->raisePolicyExceptions) {
	return;
	}

	if ($this->viewer->isOmnipotent()) {
	// Never raise policy exceptions for the omnipotent viewer. Although we
	// will never normally issue a policy rejection for the omnipotent
	// viewer, we can end up here when queries blanket reject objects that
	// have failed to load, without distinguishing between nonexistent and
	// nonvisible objects.
	return;
	}

	$capobj = PhabricatorPolicyCapability::getCapabilityByKey($capability);
	$rejection = null;
	if ($capobj) {
	$rejection = $capobj->describeCapabilityRejection();
	$capability_name = $capobj->getCapabilityName();
	} else {
	$capability_name = $capability;
	}

	if (!$rejection) {
	// We couldn't find the capability object, or it doesn't provide a
	// tailored rejection string.
	$rejection = pht(
	'You do not have the required capability ("%s") to do whatever you '.
	'are trying to do.',
	$capability);
	}

	$more = PhabricatorPolicy::getPolicyExplanation($this->viewer, $policy);
	$exceptions = $object->describeAutomaticCapability($capability);

	$details = array_filter(array_merge(array($more), (array)$exceptions));

	$access_denied = $this->renderAccessDenied($object);

	$full_message = pht(
	'[%s] (%s) %s // %s',
	$access_denied,
	$capability_name,
	$rejection,
	implode(' ', $details));

	$exception = id(new PhabricatorPolicyException($full_message))
	->setTitle($access_denied)
	->setObjectPHID($object->getPHID())
	->setRejection($rejection)
	->setCapability($capability)
	->setCapabilityName($capability_name)
	->setMoreInfo($details);

	throw $exception;
	}

	private function loadObjectPolicies(array $map) {
	$viewer = $this->viewer;
	$viewer_phid = $viewer->getPHID();

	$rules = PhabricatorPolicyQuery::getObjectPolicyRules(null);

	$results = array();
	foreach ($map as $key => $object_list) {
	$rule = idx($rules, $key);
	if (!$rule) {
	continue;
	}

	foreach ($object_list as $object_key => $object) {
	if (!$rule->canApplyToObject($object)) {
	unset($object_list[$object_key]);
	}
	}

	$rule->willApplyRules($viewer, array(), $object_list);
	$results[$key] = $rule;
	}

	$this->objectPolicies[$viewer_phid] = $results;
	}

	private function loadCustomPolicies(array $map) {
	$viewer = $this->viewer;
	$viewer_phid = $viewer->getPHID();

	$custom_policies = id(new PhabricatorPolicyQuery())
	->setViewer($viewer)
	->withPHIDs(array_keys($map))
	->execute();
	$custom_policies = mpull($custom_policies, null, 'getPHID');

	$classes = array();
	$values = array();
	$objects = array();
	foreach ($custom_policies as $policy_phid => $policy) {
	foreach ($policy->getCustomRuleClasses() as $class) {
	$classes[$class] = $class;
	$values[$class][] = $policy->getCustomRuleValues($class);

	foreach (idx($map, $policy_phid, array()) as $object) {
	$objects[$class][] = $object;
	}
	}
	}

	foreach ($classes as $class => $ignored) {
	$rule_object = newv($class, array());

	// Filter out any objects which the rule can't apply to.
	$target_objects = idx($objects, $class, array());
	foreach ($target_objects as $key => $target_object) {
	if (!$rule_object->canApplyToObject($target_object)) {
	unset($target_objects[$key]);
	}
	}

	$rule_object->willApplyRules(
	$viewer,
	array_mergev($values[$class]),
	$target_objects);

	$classes[$class] = $rule_object;
	}

	foreach ($custom_policies as $policy) {
	$policy->attachRuleObjects($classes);
	}

	if (empty($this->customPolicies[$viewer_phid])) {
	$this->customPolicies[$viewer_phid] = array();
	}

	$this->customPolicies[$viewer->getPHID()] += $custom_policies;
	}

	private function checkObjectPolicy(
	$policy_phid,
	PhabricatorPolicyInterface $object) {
	$viewer = $this->viewer;
	$viewer_phid = $viewer->getPHID();

	$rule = idx($this->objectPolicies[$viewer_phid], $policy_phid);
	if (!$rule) {
	return false;
	}

	if (!$rule->canApplyToObject($object)) {
	return false;
	}

	return $rule->applyRule($viewer, null, $object);
	}

	private function checkCustomPolicy(
	$policy_phid,
	PhabricatorPolicyInterface $object) {

	$viewer = $this->viewer;
	$viewer_phid = $viewer->getPHID();

	$policy = idx($this->customPolicies[$viewer_phid], $policy_phid);
	if (!$policy) {
	// Reject, this policy is bogus.
	return false;
	}

	$objects = $policy->getRuleObjects();
	$action = null;
	foreach ($policy->getRules() as $rule) {
	if (!is_array($rule)) {
	// Reject, this policy rule is invalid.
	return false;
	}

	$rule_object = idx($objects, idx($rule, 'rule'));
	if (!$rule_object) {
	// Reject, this policy has a bogus rule.
	return false;
	}

	if (!$rule_object->canApplyToObject($object)) {
	// Reject, this policy rule can't be applied to the given object.
	return false;
	}

	// If the user matches this rule, use this action.
	if ($rule_object->applyRule($viewer, idx($rule, 'value'), $object)) {
	$action = idx($rule, 'action');
	break;
	}
	}

	if ($action === null) {
	$action = $policy->getDefaultAction();
	}

	if ($action === PhabricatorPolicy::ACTION_ALLOW) {
	return true;
	}

	return false;
	}

	private function getObjectPolicy(
	PhabricatorPolicyInterface $object,
	$capability) {

	if ($this->forcedPolicy) {
	return $this->forcedPolicy;
	} else {
	return $object->getPolicy($capability);
	}
	}

	private function renderAccessDenied(PhabricatorPolicyInterface $object) {
	// NOTE: Not every type of policy object has a real PHID; just load an
	// empty handle if a real PHID isn't available.
	$phid = nonempty($object->getPHID(), PhabricatorPHIDConstants::PHID_VOID);

	$handle = id(new PhabricatorHandleQuery())
	->setViewer($this->viewer)
	->withPHIDs(array($phid))
	->executeOne();

	$object_name = $handle->getObjectName();

	$is_serious = PhabricatorEnv::getEnvConfig('phabricator.serious-business');
	if ($is_serious) {
	$access_denied = pht(
	'Access Denied: %s',
	$object_name);
	} else {
	$access_denied = pht(
	'You Shall Not Pass: %s',
	$object_name);
	}

	return $access_denied;
	}


	private function canViewerSeeObjectsInSpace(
	PhabricatorUser $viewer,
	$space_phid) {

	$spaces = PhabricatorSpacesNamespaceQuery::getAllSpaces();

	// If there are no spaces, everything exists in an implicit default space
	// with no policy controls. This is the default state.
	if (!$spaces) {
	if ($space_phid !== null) {
	return false;
	} else {
	return true;
	}
	}

	if ($space_phid === null) {
	$space = PhabricatorSpacesNamespaceQuery::getDefaultSpace();
	} else {
	$space = idx($spaces, $space_phid);
	}

	if (!$space) {
	return false;
	}

	// This may be more involved later, but for now being able to see the
	// space is equivalent to being able to see everything in it.
	return self::hasCapability(
	$viewer,
	$space,
	PhabricatorPolicyCapability::CAN_VIEW);
	}

	private function rejectObjectFromSpace(
	PhabricatorPolicyInterface $object,
	$space_phid) {

	if (!$this->raisePolicyExceptions) {
	return;
	}

	if ($this->viewer->isOmnipotent()) {
	return;
	}

	$access_denied = $this->renderAccessDenied($object);

	$rejection = pht(
	'This object is in a space you do not have permission to access.');
	$full_message = pht('[%s] %s', $access_denied, $rejection);

	$exception = id(new PhabricatorPolicyException($full_message))
	->setTitle($access_denied)
	->setObjectPHID($object->getPHID())
	->setRejection($rejection)
	->setCapability(PhabricatorPolicyCapability::CAN_VIEW);

	throw $exception;
	}

	}
	diff --git a/src/applications/project/__tests__/PhabricatorProjectCoreTestCase.php b/src/applications/project/__tests__/PhabricatorProjectCoreTestCase.php
	index d15878f74d..7925b8849c 100644
	--- a/src/applications/project/__tests__/PhabricatorProjectCoreTestCase.php
	+++ b/src/applications/project/__tests__/PhabricatorProjectCoreTestCase.php
	@@ -1,463 +1,537 @@
	<?php

	final class PhabricatorProjectCoreTestCase extends PhabricatorTestCase {

	protected function getPhabricatorTestCaseConfiguration() {
	return array(
	self::PHABRICATOR_TESTCONFIG_BUILD_STORAGE_FIXTURES => true,
	);
	}

	public function testViewProject() {
	$user = $this->createUser();
	$user->save();

	$user2 = $this->createUser();
	$user2->save();

	$proj = $this->createProject($user);

	$proj = $this->refreshProject($proj, $user, true);

	$this->joinProject($proj, $user);
	$proj->setViewPolicy(PhabricatorPolicies::POLICY_USER);
	$proj->save();

	$can_view = PhabricatorPolicyCapability::CAN_VIEW;

	// When the view policy is set to "users", any user can see the project.
	$this->assertTrue((bool)$this->refreshProject($proj, $user));
	$this->assertTrue((bool)$this->refreshProject($proj, $user2));


	// When the view policy is set to "no one", members can still see the
	// project.
	$proj->setViewPolicy(PhabricatorPolicies::POLICY_NOONE);
	$proj->save();

	$this->assertTrue((bool)$this->refreshProject($proj, $user));
	$this->assertFalse((bool)$this->refreshProject($proj, $user2));
	}

	public function testIsViewerMemberOrWatcher() {
	$user1 = $this->createUser()
	->save();

	$user2 = $this->createUser()
	->save();

	$user3 = $this->createUser()
	->save();

	$proj1 = $this->createProject($user1);
	$proj1 = $this->refreshProject($proj1, $user1);

	$this->joinProject($proj1, $user1);
	$this->joinProject($proj1, $user3);
	$this->watchProject($proj1, $user3);

	$proj1 = $this->refreshProject($proj1, $user1);

	$this->assertTrue($proj1->isUserMember($user1->getPHID()));

	$proj1 = $this->refreshProject($proj1, $user1, false, true);

	$this->assertTrue($proj1->isUserMember($user1->getPHID()));
	$this->assertFalse($proj1->isUserWatcher($user1->getPHID()));

	$proj1 = $this->refreshProject($proj1, $user1, true, false);

	$this->assertTrue($proj1->isUserMember($user1->getPHID()));
	$this->assertFalse($proj1->isUserMember($user2->getPHID()));
	$this->assertTrue($proj1->isUserMember($user3->getPHID()));

	$proj1 = $this->refreshProject($proj1, $user1, true, true);

	$this->assertTrue($proj1->isUserMember($user1->getPHID()));
	$this->assertFalse($proj1->isUserMember($user2->getPHID()));
	$this->assertTrue($proj1->isUserMember($user3->getPHID()));

	$this->assertFalse($proj1->isUserWatcher($user1->getPHID()));
	$this->assertFalse($proj1->isUserWatcher($user2->getPHID()));
	$this->assertTrue($proj1->isUserWatcher($user3->getPHID()));
	}

	public function testEditProject() {
	$user = $this->createUser();
	$user->save();

	$user2 = $this->createUser();
	$user2->save();

	$proj = $this->createProject($user);


	// When edit and view policies are set to "user", anyone can edit.
	$proj->setViewPolicy(PhabricatorPolicies::POLICY_USER);
	$proj->setEditPolicy(PhabricatorPolicies::POLICY_USER);
	$proj->save();

	$this->assertTrue($this->attemptProjectEdit($proj, $user));


	// When edit policy is set to "no one", no one can edit.
	$proj->setEditPolicy(PhabricatorPolicies::POLICY_NOONE);
	$proj->save();

	$caught = null;
	try {
	$this->attemptProjectEdit($proj, $user);
	} catch (Exception $ex) {
	$caught = $ex;
	}
	$this->assertTrue($caught instanceof Exception);
	}

	+ public function testAncestryQueries() {
	+ $user = $this->createUser();
	+ $user->save();
	+
	+ $ancestor = $this->createProject($user);
	+ $parent = $this->createProject($user, $ancestor);
	+ $child = $this->createProject($user, $parent);
	+
	+ $projects = id(new PhabricatorProjectQuery())
	+ ->setViewer($user)
	+ ->withAncestorProjectPHIDs(array($ancestor->getPHID()))
	+ ->execute();
	+ $this->assertEqual(2, count($projects));
	+
	+ $projects = id(new PhabricatorProjectQuery())
	+ ->setViewer($user)
	+ ->withParentProjectPHIDs(array($ancestor->getPHID()))
	+ ->execute();
	+ $this->assertEqual(1, count($projects));
	+ $this->assertEqual(
	+ $parent->getPHID(),
	+ head($projects)->getPHID());
	+
	+ $projects = id(new PhabricatorProjectQuery())
	+ ->setViewer($user)
	+ ->withAncestorProjectPHIDs(array($ancestor->getPHID()))
	+ ->withDepthBetween(2, null)
	+ ->execute();
	+ $this->assertEqual(1, count($projects));
	+ $this->assertEqual(
	+ $child->getPHID(),
	+ head($projects)->getPHID());
	+
	+ $parent2 = $this->createProject($user, $ancestor);
	+ $child2 = $this->createProject($user, $parent2);
	+ $grandchild2 = $this->createProject($user, $child2);
	+
	+ $projects = id(new PhabricatorProjectQuery())
	+ ->setViewer($user)
	+ ->withAncestorProjectPHIDs(array($ancestor->getPHID()))
	+ ->execute();
	+ $this->assertEqual(5, count($projects));
	+
	+ $projects = id(new PhabricatorProjectQuery())
	+ ->setViewer($user)
	+ ->withParentProjectPHIDs(array($ancestor->getPHID()))
	+ ->execute();
	+ $this->assertEqual(2, count($projects));
	+
	+ $projects = id(new PhabricatorProjectQuery())
	+ ->setViewer($user)
	+ ->withAncestorProjectPHIDs(array($ancestor->getPHID()))
	+ ->withDepthBetween(2, null)
	+ ->execute();
	+ $this->assertEqual(3, count($projects));
	+
	+ $projects = id(new PhabricatorProjectQuery())
	+ ->setViewer($user)
	+ ->withAncestorProjectPHIDs(array($ancestor->getPHID()))
	+ ->withDepthBetween(3, null)
	+ ->execute();
	+ $this->assertEqual(1, count($projects));
	+
	+ $projects = id(new PhabricatorProjectQuery())
	+ ->setViewer($user)
	+ ->withPHIDs(
	+ array(
	+ $child->getPHID(),
	+ $grandchild2->getPHID(),
	+ ))
	+ ->execute();
	+ $this->assertEqual(2, count($projects));
	+ }
	+
	public function testParentProject() {
	$user = $this->createUser();
	$user->save();

	$parent = $this->createProject($user);
	$child = $this->createProject($user, $parent);

	$this->assertTrue(true);

	$child = $this->refreshProject($child, $user);

	$this->assertEqual(
	$parent->getPHID(),
	$child->getParentProject()->getPHID());

	$this->assertEqual(1, (int)$child->getProjectDepth());

	$this->assertFalse(
	$child->isUserMember($user->getPHID()));

	$this->assertFalse(
	$child->getParentProject()->isUserMember($user->getPHID()));

	$this->joinProject($child, $user);

	$child = $this->refreshProject($child, $user);

	$this->assertTrue(
	$child->isUserMember($user->getPHID()));

	$this->assertTrue(
	$child->getParentProject()->isUserMember($user->getPHID()));


	// Test that hiding a parent hides the child.

	$user2 = $this->createUser();
	$user2->save();

	// Second user can see the project for now.
	$this->assertTrue((bool)$this->refreshProject($child, $user2));

	// Hide the parent.
	$this->setViewPolicy($parent, $user, $user->getPHID());

	// First user (who can see the parent because they are a member of
	// the child) can see the project.
	$this->assertTrue((bool)$this->refreshProject($child, $user));

	// Second user can not, because they can't see the parent.
	$this->assertFalse((bool)$this->refreshProject($child, $user2));
	}

	private function attemptProjectEdit(
	PhabricatorProject $proj,
	PhabricatorUser $user,
	$skip_refresh = false) {

	$proj = $this->refreshProject($proj, $user, true);

	$new_name = $proj->getName().' '.mt_rand();

	$xaction = new PhabricatorProjectTransaction();
	$xaction->setTransactionType(PhabricatorProjectTransaction::TYPE_NAME);
	$xaction->setNewValue($new_name);

	$this->applyTransactions($proj, $user, array($xaction));

	return true;
	}

	public function testJoinLeaveProject() {
	$user = $this->createUser();
	$user->save();

	$proj = $this->createProjectWithNewAuthor();

	$proj = $this->refreshProject($proj, $user, true);
	$this->assertTrue(
	(bool)$proj,
	pht(
	'Assumption that projects are default visible '.
	'to any user when created.'));

	$this->assertFalse(
	$proj->isUserMember($user->getPHID()),
	pht('Arbitrary user not member of project.'));

	// Join the project.
	$this->joinProject($proj, $user);

	$proj = $this->refreshProject($proj, $user, true);
	$this->assertTrue((bool)$proj);

	$this->assertTrue(
	$proj->isUserMember($user->getPHID()),
	pht('Join works.'));


	// Join the project again.
	$this->joinProject($proj, $user);

	$proj = $this->refreshProject($proj, $user, true);
	$this->assertTrue((bool)$proj);

	$this->assertTrue(
	$proj->isUserMember($user->getPHID()),
	pht('Joining an already-joined project is a no-op.'));


	// Leave the project.
	$this->leaveProject($proj, $user);

	$proj = $this->refreshProject($proj, $user, true);
	$this->assertTrue((bool)$proj);

	$this->assertFalse(
	$proj->isUserMember($user->getPHID()),
	pht('Leave works.'));


	// Leave the project again.
	$this->leaveProject($proj, $user);

	$proj = $this->refreshProject($proj, $user, true);
	$this->assertTrue((bool)$proj);

	$this->assertFalse(
	$proj->isUserMember($user->getPHID()),
	pht('Leaving an already-left project is a no-op.'));


	// If a user can't edit or join a project, joining fails.
	$proj->setEditPolicy(PhabricatorPolicies::POLICY_NOONE);
	$proj->setJoinPolicy(PhabricatorPolicies::POLICY_NOONE);
	$proj->save();

	$proj = $this->refreshProject($proj, $user, true);
	$caught = null;
	try {
	$this->joinProject($proj, $user);
	} catch (Exception $ex) {
	$caught = $ex;
	}
	$this->assertTrue($ex instanceof Exception);


	// If a user can edit a project, they can join.
	$proj->setEditPolicy(PhabricatorPolicies::POLICY_USER);
	$proj->setJoinPolicy(PhabricatorPolicies::POLICY_NOONE);
	$proj->save();

	$proj = $this->refreshProject($proj, $user, true);
	$this->joinProject($proj, $user);
	$proj = $this->refreshProject($proj, $user, true);
	$this->assertTrue(
	$proj->isUserMember($user->getPHID()),
	pht('Join allowed with edit permission.'));
	$this->leaveProject($proj, $user);


	// If a user can join a project, they can join, even if they can't edit.
	$proj->setEditPolicy(PhabricatorPolicies::POLICY_NOONE);
	$proj->setJoinPolicy(PhabricatorPolicies::POLICY_USER);
	$proj->save();

	$proj = $this->refreshProject($proj, $user, true);
	$this->joinProject($proj, $user);
	$proj = $this->refreshProject($proj, $user, true);
	$this->assertTrue(
	$proj->isUserMember($user->getPHID()),
	pht('Join allowed with join permission.'));


	// A user can leave a project even if they can't edit it or join.
	$proj->setEditPolicy(PhabricatorPolicies::POLICY_NOONE);
	$proj->setJoinPolicy(PhabricatorPolicies::POLICY_NOONE);
	$proj->save();

	$proj = $this->refreshProject($proj, $user, true);
	$this->leaveProject($proj, $user);
	$proj = $this->refreshProject($proj, $user, true);
	$this->assertFalse(
	$proj->isUserMember($user->getPHID()),
	pht('Leave allowed without any permission.'));
	}

	private function refreshProject(
	PhabricatorProject $project,
	PhabricatorUser $viewer,
	$need_members = false,
	$need_watchers = false) {

	$results = id(new PhabricatorProjectQuery())
	->setViewer($viewer)
	->needMembers($need_members)
	->needWatchers($need_watchers)
	->withIDs(array($project->getID()))
	->execute();

	if ($results) {
	return head($results);
	} else {
	return null;
	}
	}

	private function createProject(
	PhabricatorUser $user,
	PhabricatorProject $parent = null) {

	$project = PhabricatorProject::initializeNewProject($user);

	$name = pht('Test Project %d', mt_rand());

	$xactions = array();

	$xactions[] = id(new PhabricatorProjectTransaction())
	->setTransactionType(PhabricatorProjectTransaction::TYPE_NAME)
	->setNewValue($name);

	if ($parent) {
	$xactions[] = id(new PhabricatorProjectTransaction())
	->setTransactionType(PhabricatorProjectTransaction::TYPE_PARENT)
	->setNewValue($parent->getPHID());
	}

	$this->applyTransactions($project, $user, $xactions);

	return $project;
	}

	private function setViewPolicy(
	PhabricatorProject $project,
	PhabricatorUser $user,
	$policy) {

	$xactions = array();

	$xactions[] = id(new PhabricatorProjectTransaction())
	->setTransactionType(PhabricatorTransactions::TYPE_VIEW_POLICY)
	->setNewValue($policy);

	$this->applyTransactions($project, $user, $xactions);

	return $project;
	}

	private function createProjectWithNewAuthor() {
	$author = $this->createUser();
	$author->save();

	$project = $this->createProject($author);

	return $project;
	}

	private function createUser() {
	$rand = mt_rand();

	$user = new PhabricatorUser();
	$user->setUsername('unittestuser'.$rand);
	$user->setRealName(pht('Unit Test User %d', $rand));

	return $user;
	}

	private function joinProject(
	PhabricatorProject $project,
	PhabricatorUser $user) {
	return $this->joinOrLeaveProject($project, $user, '+');
	}

	private function leaveProject(
	PhabricatorProject $project,
	PhabricatorUser $user) {
	return $this->joinOrLeaveProject($project, $user, '-');
	}

	private function watchProject(
	PhabricatorProject $project,
	PhabricatorUser $user) {
	return $this->watchOrUnwatchProject($project, $user, '+');
	}

	private function unwatchProject(
	PhabricatorProject $project,
	PhabricatorUser $user) {
	return $this->watchOrUnwatchProject($project, $user, '-');
	}

	private function joinOrLeaveProject(
	PhabricatorProject $project,
	PhabricatorUser $user,
	$operation) {
	return $this->applyProjectEdgeTransaction(
	$project,
	$user,
	$operation,
	PhabricatorProjectProjectHasMemberEdgeType::EDGECONST);
	}

	private function watchOrUnwatchProject(
	PhabricatorProject $project,
	PhabricatorUser $user,
	$operation) {
	return $this->applyProjectEdgeTransaction(
	$project,
	$user,
	$operation,
	PhabricatorObjectHasWatcherEdgeType::EDGECONST);
	}

	private function applyProjectEdgeTransaction(
	PhabricatorProject $project,
	PhabricatorUser $user,
	$operation,
	$edge_type) {

	$spec = array(
	$operation => array($user->getPHID() => $user->getPHID()),
	);

	$xactions = array();
	$xactions[] = id(new PhabricatorProjectTransaction())
	->setTransactionType(PhabricatorTransactions::TYPE_EDGE)
	->setMetadataValue('edge:type', $edge_type)
	->setNewValue($spec);

	$this->applyTransactions($project, $user, $xactions);

	return $project;
	}

	private function applyTransactions(
	PhabricatorProject $project,
	PhabricatorUser $user,
	array $xactions) {

	$editor = id(new PhabricatorProjectTransactionEditor())
	->setActor($user)
	->setContentSource(PhabricatorContentSource::newConsoleSource())
	->setContinueOnNoEffect(true)
	->applyTransactions($project, $xactions);
	}


	}
	diff --git a/src/applications/project/query/PhabricatorProjectQuery.php b/src/applications/project/query/PhabricatorProjectQuery.php
	index f540f25e7e..bd0134143e 100644
	--- a/src/applications/project/query/PhabricatorProjectQuery.php
	+++ b/src/applications/project/query/PhabricatorProjectQuery.php
	@@ -1,477 +1,562 @@
	<?php

	final class PhabricatorProjectQuery
	extends PhabricatorCursorPagedPolicyAwareQuery {

	private $ids;
	private $phids;
	private $memberPHIDs;
	private $slugs;
	private $names;
	private $nameTokens;
	private $icons;
	private $colors;
	+ private $ancestorPHIDs;
	+ private $parentPHIDs;
	+ private $isMilestone;
	+ private $minDepth;
	+ private $maxDepth;

	private $status = 'status-any';
	const STATUS_ANY = 'status-any';
	const STATUS_OPEN = 'status-open';
	const STATUS_CLOSED = 'status-closed';
	const STATUS_ACTIVE = 'status-active';
	const STATUS_ARCHIVED = 'status-archived';

	private $needSlugs;
	private $needMembers;
	private $needWatchers;
	private $needImages;

	public function withIDs(array $ids) {
	$this->ids = $ids;
	return $this;
	}

	public function withPHIDs(array $phids) {
	$this->phids = $phids;
	return $this;
	}

	public function withStatus($status) {
	$this->status = $status;
	return $this;
	}

	public function withMemberPHIDs(array $member_phids) {
	$this->memberPHIDs = $member_phids;
	return $this;
	}

	public function withSlugs(array $slugs) {
	$this->slugs = $slugs;
	return $this;
	}

	public function withNames(array $names) {
	$this->names = $names;
	return $this;
	}

	public function withNameTokens(array $tokens) {
	$this->nameTokens = array_values($tokens);
	return $this;
	}

	public function withIcons(array $icons) {
	$this->icons = $icons;
	return $this;
	}

	public function withColors(array $colors) {
	$this->colors = $colors;
	return $this;
	}

	+ public function withParentProjectPHIDs($parent_phids) {
	+ $this->parentPHIDs = $parent_phids;
	+ return $this;
	+ }
	+
	+ public function withAncestorProjectPHIDs($ancestor_phids) {
	+ $this->ancestorPHIDs = $ancestor_phids;
	+ return $this;
	+ }
	+
	+ public function withIsMilestone($is_milestone) {
	+ $this->isMilestone = $is_milestone;
	+ return $this;
	+ }
	+
	+ public function withDepthBetween($min, $max) {
	+ $this->minDepth = $min;
	+ $this->maxDepth = $max;
	+ return $this;
	+ }
	+
	public function needMembers($need_members) {
	$this->needMembers = $need_members;
	return $this;
	}

	public function needWatchers($need_watchers) {
	$this->needWatchers = $need_watchers;
	return $this;
	}

	public function needImages($need_images) {
	$this->needImages = $need_images;
	return $this;
	}

	public function needSlugs($need_slugs) {
	$this->needSlugs = $need_slugs;
	return $this;
	}

	public function newResultObject() {
	return new PhabricatorProject();
	}

	protected function getDefaultOrderVector() {
	return array('name');
	}

	public function getBuiltinOrders() {
	return array(
	'name' => array(
	'vector' => array('name'),
	'name' => pht('Name'),
	),
	) + parent::getBuiltinOrders();
	}

	public function getOrderableColumns() {
	return parent::getOrderableColumns() + array(
	'name' => array(
	'table' => $this->getPrimaryTableAlias(),
	'column' => 'name',
	'reverse' => true,
	'type' => 'string',
	'unique' => true,
	),
	);
	}

	protected function getPagingValueMap($cursor, array $keys) {
	$project = $this->loadCursorObject($cursor);
	return array(
	'name' => $project->getName(),
	);
	}

	protected function loadPage() {
	return $this->loadStandardPage($this->newResultObject());
	}

	protected function willFilterPage(array $projects) {
	$project_phids = array();
	$ancestor_paths = array();

	foreach ($projects as $project) {
	$project_phids[] = $project->getPHID();

	foreach ($project->getAncestorProjectPaths() as $path) {
	$ancestor_paths[$path] = $path;
	}
	}

	if ($ancestor_paths) {
	$ancestors = id(new PhabricatorProject())->loadAllWhere(
	'projectPath IN (%Ls)',
	$ancestor_paths);
	} else {
	$ancestors = array();
	}

	$projects = $this->linkProjectGraph($projects, $ancestors);

	$viewer_phid = $this->getViewer()->getPHID();
	$project_phids = mpull($projects, 'getPHID');

	$member_type = PhabricatorProjectProjectHasMemberEdgeType::EDGECONST;
	$watcher_type = PhabricatorObjectHasWatcherEdgeType::EDGECONST;

	$types = array();
	$types[] = $member_type;
	if ($this->needWatchers) {
	$types[] = $watcher_type;
	}

	$edge_query = id(new PhabricatorEdgeQuery())
	->withSourcePHIDs($project_phids)
	->withEdgeTypes($types);

	// If we only need to know if the viewer is a member, we can restrict
	// the query to just their PHID.
	if (!$this->needMembers && !$this->needWatchers) {
	$edge_query->withDestinationPHIDs(array($viewer_phid));
	}

	$edge_query->execute();

	$membership_projects = array();
	foreach ($projects as $project) {
	$project_phid = $project->getPHID();

	$member_phids = $edge_query->getDestinationPHIDs(
	array($project_phid),
	array($member_type));

	if (in_array($viewer_phid, $member_phids)) {
	$membership_projects[$project_phid] = $project;
	}

	if ($this->needMembers) {
	$project->attachMemberPHIDs($member_phids);
	}

	if ($this->needWatchers) {
	$watcher_phids = $edge_query->getDestinationPHIDs(
	array($project_phid),
	array($watcher_type));
	$project->attachWatcherPHIDs($watcher_phids);
	$project->setIsUserWatcher(
	$viewer_phid,
	in_array($viewer_phid, $watcher_phids));
	}
	}

	$all_graph = $this->getAllReachableAncestors($projects);
	$member_graph = $this->getAllReachableAncestors($membership_projects);

	foreach ($all_graph as $phid => $project) {
	$is_member = isset($member_graph[$phid]);
	$project->setIsUserMember($viewer_phid, $is_member);
	}

	return $projects;
	}

	protected function didFilterPage(array $projects) {
	if ($this->needImages) {
	$default = null;

	$file_phids = mpull($projects, 'getProfileImagePHID');
	$file_phids = array_filter($file_phids);
	if ($file_phids) {
	$files = id(new PhabricatorFileQuery())
	->setParentQuery($this)
	->setViewer($this->getViewer())
	->withPHIDs($file_phids)
	->execute();
	$files = mpull($files, null, 'getPHID');
	} else {
	$files = array();
	}

	foreach ($projects as $project) {
	$file = idx($files, $project->getProfileImagePHID());
	if (!$file) {
	if (!$default) {
	$default = PhabricatorFile::loadBuiltin(
	$this->getViewer(),
	'project.png');
	}
	$file = $default;
	}
	$project->attachProfileImageFile($file);
	}
	}

	if ($this->needSlugs) {
	$slugs = id(new PhabricatorProjectSlug())
	->loadAllWhere(
	'projectPHID IN (%Ls)',
	mpull($projects, 'getPHID'));
	$slugs = mgroup($slugs, 'getProjectPHID');
	foreach ($projects as $project) {
	$project_slugs = idx($slugs, $project->getPHID(), array());
	$project->attachSlugs($project_slugs);
	}
	}

	return $projects;
	}

	protected function buildWhereClauseParts(AphrontDatabaseConnection $conn) {
	$where = parent::buildWhereClauseParts($conn);

	if ($this->status != self::STATUS_ANY) {
	switch ($this->status) {
	case self::STATUS_OPEN:
	case self::STATUS_ACTIVE:
	$filter = array(
	PhabricatorProjectStatus::STATUS_ACTIVE,
	);
	break;
	case self::STATUS_CLOSED:
	case self::STATUS_ARCHIVED:
	$filter = array(
	PhabricatorProjectStatus::STATUS_ARCHIVED,
	);
	break;
	default:
	throw new Exception(
	pht(
	"Unknown project status '%s'!",
	$this->status));
	}
	$where[] = qsprintf(
	$conn,
	'status IN (%Ld)',
	$filter);
	}

	if ($this->ids !== null) {
	$where[] = qsprintf(
	$conn,
	'id IN (%Ld)',
	$this->ids);
	}

	if ($this->phids !== null) {
	$where[] = qsprintf(
	$conn,
	'phid IN (%Ls)',
	$this->phids);
	}

	if ($this->memberPHIDs !== null) {
	$where[] = qsprintf(
	$conn,
	'e.dst IN (%Ls)',
	$this->memberPHIDs);
	}

	if ($this->slugs !== null) {
	$where[] = qsprintf(
	$conn,
	'slug.slug IN (%Ls)',
	$this->slugs);
	}

	if ($this->names !== null) {
	$where[] = qsprintf(
	$conn,
	'name IN (%Ls)',
	$this->names);
	}

	if ($this->icons !== null) {
	$where[] = qsprintf(
	$conn,
	'icon IN (%Ls)',
	$this->icons);
	}

	if ($this->colors !== null) {
	$where[] = qsprintf(
	$conn,
	'color IN (%Ls)',
	$this->colors);
	}

	+ if ($this->parentPHIDs !== null) {
	+ $where[] = qsprintf(
	+ $conn,
	+ 'parentProjectPHID IN (%Ls)',
	+ $this->parentPHIDs);
	+ }
	+
	+ if ($this->ancestorPHIDs !== null) {
	+ $ancestor_paths = queryfx_all(
	+ $conn,
	+ 'SELECT projectPath, projectDepth FROM %T WHERE phid IN (%Ls)',
	+ id(new PhabricatorProject())->getTableName(),
	+ $this->ancestorPHIDs);
	+ if (!$ancestor_paths) {
	+ throw new PhabricatorEmptyQueryException();
	+ }
	+
	+ $sql = array();
	+ foreach ($ancestor_paths as $ancestor_path) {
	+ $sql[] = qsprintf(
	+ $conn,
	+ '(projectPath LIKE %> AND projectDepth > %d)',
	+ $ancestor_path['projectPath'],
	+ $ancestor_path['projectDepth']);
	+ }
	+
	+ $where[] = '('.implode(' OR ', $sql).')';
	+
	+ $where[] = qsprintf(
	+ $conn,
	+ 'parentProjectPHID IS NOT NULL');
	+ }
	+
	+ if ($this->isMilestone !== null) {
	+ if ($this->isMilestone) {
	+ $where[] = qsprintf(
	+ $conn,
	+ 'milestoneNumber IS NOT NULL');
	+ } else {
	+ $where[] = qsprintf(
	+ $conn,
	+ 'milestoneNumber IS NULL');
	+ }
	+ }
	+
	+ if ($this->minDepth !== null) {
	+ $where[] = qsprintf(
	+ $conn,
	+ 'projectDepth >= %d',
	+ $this->minDepth);
	+ }
	+
	+ if ($this->maxDepth !== null) {
	+ $where[] = qsprintf(
	+ $conn,
	+ 'projectDepth <= %d',
	+ $this->maxDepth);
	+ }
	+
	return $where;
	}

	protected function shouldGroupQueryResultRows() {
	if ($this->memberPHIDs \|\| $this->nameTokens) {
	return true;
	}
	return parent::shouldGroupQueryResultRows();
	}

	protected function buildJoinClauseParts(AphrontDatabaseConnection $conn) {
	$joins = parent::buildJoinClauseParts($conn);

	if ($this->memberPHIDs !== null) {
	$joins[] = qsprintf(
	$conn,
	'JOIN %T e ON e.src = p.phid AND e.type = %d',
	PhabricatorEdgeConfig::TABLE_NAME_EDGE,
	PhabricatorProjectProjectHasMemberEdgeType::EDGECONST);
	}

	if ($this->slugs !== null) {
	$joins[] = qsprintf(
	$conn,
	'JOIN %T slug on slug.projectPHID = p.phid',
	id(new PhabricatorProjectSlug())->getTableName());
	}

	if ($this->nameTokens !== null) {
	foreach ($this->nameTokens as $key => $token) {
	$token_table = 'token_'.$key;
	$joins[] = qsprintf(
	$conn,
	'JOIN %T %T ON %T.projectID = p.id AND %T.token LIKE %>',
	PhabricatorProject::TABLE_DATASOURCE_TOKEN,
	$token_table,
	$token_table,
	$token_table,
	$token);
	}
	}

	return $joins;
	}

	public function getQueryApplicationClass() {
	return 'PhabricatorProjectApplication';
	}

	protected function getPrimaryTableAlias() {
	return 'p';
	}

	private function linkProjectGraph(array $projects, array $ancestors) {
	$ancestor_map = mpull($ancestors, null, 'getPHID');
	$projects_map = mpull($projects, null, 'getPHID');

	$all_map = $projects_map + $ancestor_map;

	$done = array();
	foreach ($projects as $key => $project) {
	$seen = array($project->getPHID() => true);

	if (!$this->linkProject($project, $all_map, $done, $seen)) {
	$this->didRejectResult($project);
	unset($projects[$key]);
	continue;
	}

	foreach ($project->getAncestorProjects() as $ancestor) {
	$seen[$ancestor->getPHID()] = true;
	}
	}

	return $projects;
	}

	private function linkProject($project, array $all, array $done, array $seen) {
	$parent_phid = $project->getParentProjectPHID();

	// This project has no parent, so just attach `null` and return.
	if (!$parent_phid) {
	$project->attachParentProject(null);
	return true;
	}

	// This project has a parent, but it failed to load.
	if (empty($all[$parent_phid])) {
	return false;
	}

	// Test for graph cycles. If we encounter one, we're going to hide the
	// entire cycle since we can't meaningfully resolve it.
	if (isset($seen[$parent_phid])) {
	return false;
	}

	$seen[$parent_phid] = true;

	$parent = $all[$parent_phid];
	$project->attachParentProject($parent);

	if (!empty($done[$parent_phid])) {
	return true;
	}

	return $this->linkProject($parent, $all, $done, $seen);
	}

	private function getAllReachableAncestors(array $projects) {
	$ancestors = array();

	$seen = mpull($projects, null, 'getPHID');

	$stack = $projects;
	while ($stack) {
	$project = array_pop($stack);

	$phid = $project->getPHID();
	$ancestors[$phid] = $project;

	$parent_phid = $project->getParentProjectPHID();
	if (!$parent_phid) {
	continue;
	}

	if (isset($seen[$parent_phid])) {
	continue;
	}

	$seen[$parent_phid] = true;
	$stack[] = $project->getParentProject();
	}

	return $ancestors;
	}

	}
	diff --git a/src/applications/project/storage/PhabricatorProject.php b/src/applications/project/storage/PhabricatorProject.php
	index cd5eaff067..223333809f 100644
	--- a/src/applications/project/storage/PhabricatorProject.php
	+++ b/src/applications/project/storage/PhabricatorProject.php
	@@ -1,519 +1,528 @@
	<?php

	final class PhabricatorProject extends PhabricatorProjectDAO
	implements
	PhabricatorApplicationTransactionInterface,
	PhabricatorFlaggableInterface,
	PhabricatorPolicyInterface,
	PhabricatorExtendedPolicyInterface,
	PhabricatorSubscribableInterface,
	PhabricatorCustomFieldInterface,
	PhabricatorDestructibleInterface,
	PhabricatorFulltextInterface {

	protected $name;
	protected $status = PhabricatorProjectStatus::STATUS_ACTIVE;
	protected $authorPHID;
	protected $primarySlug;
	protected $profileImagePHID;
	protected $icon;
	protected $color;
	protected $mailKey;

	protected $viewPolicy;
	protected $editPolicy;
	protected $joinPolicy;
	protected $isMembershipLocked;

	protected $parentProjectPHID;
	protected $hasWorkboard;
	protected $hasMilestones;
	protected $hasSubprojects;
	protected $milestoneNumber;

	protected $projectPath;
	protected $projectDepth;
	+ protected $projectPathKey;

	private $memberPHIDs = self::ATTACHABLE;
	private $watcherPHIDs = self::ATTACHABLE;
	private $sparseWatchers = self::ATTACHABLE;
	private $sparseMembers = self::ATTACHABLE;
	private $customFields = self::ATTACHABLE;
	private $profileImageFile = self::ATTACHABLE;
	private $slugs = self::ATTACHABLE;
	private $parentProject = self::ATTACHABLE;

	const DEFAULT_ICON = 'fa-briefcase';
	const DEFAULT_COLOR = 'blue';

	const TABLE_DATASOURCE_TOKEN = 'project_datasourcetoken';

	public static function initializeNewProject(PhabricatorUser $actor) {
	$app = id(new PhabricatorApplicationQuery())
	->setViewer(PhabricatorUser::getOmnipotentUser())
	->withClasses(array('PhabricatorProjectApplication'))
	->executeOne();

	$view_policy = $app->getPolicy(
	ProjectDefaultViewCapability::CAPABILITY);
	$edit_policy = $app->getPolicy(
	ProjectDefaultEditCapability::CAPABILITY);
	$join_policy = $app->getPolicy(
	ProjectDefaultJoinCapability::CAPABILITY);

	return id(new PhabricatorProject())
	->setAuthorPHID($actor->getPHID())
	->setIcon(self::DEFAULT_ICON)
	->setColor(self::DEFAULT_COLOR)
	->setViewPolicy($view_policy)
	->setEditPolicy($edit_policy)
	->setJoinPolicy($join_policy)
	->setIsMembershipLocked(0)
	->attachMemberPHIDs(array())
	->attachSlugs(array())
	->setHasWorkboard(0)
	->setHasMilestones(0)
	->setHasSubprojects(0)
	->attachParentProject(null);
	}

	public function getCapabilities() {
	return array(
	PhabricatorPolicyCapability::CAN_VIEW,
	PhabricatorPolicyCapability::CAN_EDIT,
	PhabricatorPolicyCapability::CAN_JOIN,
	);
	}

	public function getPolicy($capability) {
	switch ($capability) {
	case PhabricatorPolicyCapability::CAN_VIEW:
	return $this->getViewPolicy();
	case PhabricatorPolicyCapability::CAN_EDIT:
	return $this->getEditPolicy();
	case PhabricatorPolicyCapability::CAN_JOIN:
	return $this->getJoinPolicy();
	}
	}

	public function hasAutomaticCapability($capability, PhabricatorUser $viewer) {
	$can_edit = PhabricatorPolicyCapability::CAN_EDIT;

	switch ($capability) {
	case PhabricatorPolicyCapability::CAN_VIEW:
	if ($this->isUserMember($viewer->getPHID())) {
	// Project members can always view a project.
	return true;
	}
	break;
	case PhabricatorPolicyCapability::CAN_EDIT:
	$parent = $this->getParentProject();
	if ($parent) {
	$can_edit_parent = PhabricatorPolicyFilter::hasCapability(
	$viewer,
	$parent,
	$can_edit);
	if ($can_edit_parent) {
	return true;
	}
	}
	break;
	case PhabricatorPolicyCapability::CAN_JOIN:
	if (PhabricatorPolicyFilter::hasCapability($viewer, $this, $can_edit)) {
	// Project editors can always join a project.
	return true;
	}
	break;
	}

	return false;
	}

	public function describeAutomaticCapability($capability) {

	// TODO: Clarify the additional rules that parent and subprojects imply.

	switch ($capability) {
	case PhabricatorPolicyCapability::CAN_VIEW:
	return pht('Members of a project can always view it.');
	case PhabricatorPolicyCapability::CAN_JOIN:
	return pht('Users who can edit a project can always join it.');
	}
	return null;
	}

	public function getExtendedPolicy($capability, PhabricatorUser $viewer) {
	$extended = array();

	switch ($capability) {
	case PhabricatorPolicyCapability::CAN_VIEW:
	$parent = $this->getParentProject();
	if ($parent) {
	$extended[] = array(
	$parent,
	PhabricatorPolicyCapability::CAN_VIEW,
	);
	}
	break;
	}

	return $extended;
	}


	public function isUserMember($user_phid) {
	if ($this->memberPHIDs !== self::ATTACHABLE) {
	return in_array($user_phid, $this->memberPHIDs);
	}
	return $this->assertAttachedKey($this->sparseMembers, $user_phid);
	}

	public function setIsUserMember($user_phid, $is_member) {
	if ($this->sparseMembers === self::ATTACHABLE) {
	$this->sparseMembers = array();
	}
	$this->sparseMembers[$user_phid] = $is_member;
	return $this;
	}

	protected function getConfiguration() {
	return array(
	self::CONFIG_AUX_PHID => true,
	self::CONFIG_COLUMN_SCHEMA => array(
	'name' => 'sort128',
	'status' => 'text32',
	'primarySlug' => 'text128?',
	'isMembershipLocked' => 'bool',
	'profileImagePHID' => 'phid?',
	'icon' => 'text32',
	'color' => 'text32',
	'mailKey' => 'bytes20',
	'joinPolicy' => 'policy',
	'parentProjectPHID' => 'phid?',
	'hasWorkboard' => 'bool',
	'hasMilestones' => 'bool',
	'hasSubprojects' => 'bool',
	'milestoneNumber' => 'uint32?',
	'projectPath' => 'hashpath64',
	'projectDepth' => 'uint32',
	+ 'projectPathKey' => 'bytes4',
	),
	self::CONFIG_KEY_SCHEMA => array(
	'key_phid' => null,
	'phid' => array(
	'columns' => array('phid'),
	'unique' => true,
	),
	'key_icon' => array(
	'columns' => array('icon'),
	),
	'key_color' => array(
	'columns' => array('color'),
	),
	'name' => array(
	'columns' => array('name'),
	'unique' => true,
	),
	'key_milestone' => array(
	'columns' => array('parentProjectPHID', 'milestoneNumber'),
	'unique' => true,
	),
	'key_primaryslug' => array(
	'columns' => array('primarySlug'),
	'unique' => true,
	),
	'key_path' => array(
	'columns' => array('projectPath', 'projectDepth'),
	),
	+ 'key_pathkey' => array(
	+ 'columns' => array('projectPathKey'),
	+ 'unique' => true,
	+ ),
	),
	) + parent::getConfiguration();
	}

	public function generatePHID() {
	return PhabricatorPHID::generateNewPHID(
	PhabricatorProjectProjectPHIDType::TYPECONST);
	}

	public function attachMemberPHIDs(array $phids) {
	$this->memberPHIDs = $phids;
	return $this;
	}

	public function getMemberPHIDs() {
	return $this->assertAttached($this->memberPHIDs);
	}

	public function isArchived() {
	return ($this->getStatus() == PhabricatorProjectStatus::STATUS_ARCHIVED);
	}

	public function getProfileImageURI() {
	return $this->getProfileImageFile()->getBestURI();
	}

	public function attachProfileImageFile(PhabricatorFile $file) {
	$this->profileImageFile = $file;
	return $this;
	}

	public function getProfileImageFile() {
	return $this->assertAttached($this->profileImageFile);
	}


	public function isUserWatcher($user_phid) {
	if ($this->watcherPHIDs !== self::ATTACHABLE) {
	return in_array($user_phid, $this->watcherPHIDs);
	}
	return $this->assertAttachedKey($this->sparseWatchers, $user_phid);
	}

	public function setIsUserWatcher($user_phid, $is_watcher) {
	if ($this->sparseWatchers === self::ATTACHABLE) {
	$this->sparseWatchers = array();
	}
	$this->sparseWatchers[$user_phid] = $is_watcher;
	return $this;
	}

	public function attachWatcherPHIDs(array $phids) {
	$this->watcherPHIDs = $phids;
	return $this;
	}

	public function getWatcherPHIDs() {
	return $this->assertAttached($this->watcherPHIDs);
	}

	public function attachSlugs(array $slugs) {
	$this->slugs = $slugs;
	return $this;
	}

	public function getSlugs() {
	return $this->assertAttached($this->slugs);
	}

	public function getColor() {
	if ($this->isArchived()) {
	return PHUITagView::COLOR_DISABLED;
	}

	return $this->color;
	}

	public function save() {
	if (!$this->getMailKey()) {
	$this->setMailKey(Filesystem::readRandomCharacters(20));
	}

	if (!strlen($this->getPHID())) {
	$this->setPHID($this->generatePHID());
	}

	+ if (!strlen($this->getProjectPathKey())) {
	+ $hash = PhabricatorHash::digestForIndex($this->getPHID());
	+ $hash = substr($hash, 0, 4);
	+ $this->setProjectPathKey($hash);
	+ }
	+
	$path = array();
	$depth = 0;
	if ($this->parentProjectPHID) {
	$parent = $this->getParentProject();
	$path[] = $parent->getProjectPath();
	$depth = $parent->getProjectDepth() + 1;
	}
	- $hash = PhabricatorHash::digestForIndex($this->getPHID());
	- $path[] = substr($hash, 0, 4);
	-
	+ $path[] = $this->getProjectPathKey();
	$path = implode('', $path);

	$limit = self::getProjectDepthLimit();
	- if (strlen($path) > ($limit * 4)) {
	- throw new Exception(
	- pht('Unable to save project: path length is too long.'));
	+ if ($depth >= $limit) {
	+ throw new Exception(pht('Project depth is too great.'));
	}

	$this->setProjectPath($path);
	$this->setProjectDepth($depth);

	$this->openTransaction();
	$result = parent::save();
	$this->updateDatasourceTokens();
	$this->saveTransaction();

	return $result;
	}

	public static function getProjectDepthLimit() {
	// This is limited by how many path hashes we can fit in the path
	// column.
	return 16;
	}

	public function updateDatasourceTokens() {
	$table = self::TABLE_DATASOURCE_TOKEN;
	$conn_w = $this->establishConnection('w');
	$id = $this->getID();

	$slugs = queryfx_all(
	$conn_w,
	'SELECT * FROM %T WHERE projectPHID = %s',
	id(new PhabricatorProjectSlug())->getTableName(),
	$this->getPHID());

	$all_strings = ipull($slugs, 'slug');
	$all_strings[] = $this->getName();
	$all_strings = implode(' ', $all_strings);

	$tokens = PhabricatorTypeaheadDatasource::tokenizeString($all_strings);

	$sql = array();
	foreach ($tokens as $token) {
	$sql[] = qsprintf($conn_w, '(%d, %s)', $id, $token);
	}

	$this->openTransaction();
	queryfx(
	$conn_w,
	'DELETE FROM %T WHERE projectID = %d',
	$table,
	$id);

	foreach (PhabricatorLiskDAO::chunkSQL($sql) as $chunk) {
	queryfx(
	$conn_w,
	'INSERT INTO %T (projectID, token) VALUES %Q',
	$table,
	$chunk);
	}
	$this->saveTransaction();
	}

	public function isMilestone() {
	return ($this->getMilestoneNumber() !== null);
	}

	public function getParentProject() {
	return $this->assertAttached($this->parentProject);
	}

	public function attachParentProject(PhabricatorProject $project = null) {
	$this->parentProject = $project;
	return $this;
	}

	public function getAncestorProjectPaths() {
	$parts = array();

	$path = $this->getProjectPath();
	$parent_length = (strlen($path) - 4);

	- for ($ii = $parent_length; $ii >= 0; $ii -= 4) {
	+ for ($ii = $parent_length; $ii > 0; $ii -= 4) {
	$parts[] = substr($path, 0, $ii);
	}

	return $parts;
	}

	public function getAncestorProjects() {
	$ancestors = array();

	$cursor = $this->getParentProject();
	while ($cursor) {
	$ancestors[] = $cursor;
	$cursor = $cursor->getParentProject();
	}

	return $ancestors;
	}


	/* -( PhabricatorSubscribableInterface )----------------------------------- */


	public function isAutomaticallySubscribed($phid) {
	return false;
	}

	public function shouldShowSubscribersProperty() {
	return false;
	}

	public function shouldAllowSubscription($phid) {
	return $this->isUserMember($phid) &&
	!$this->isUserWatcher($phid);
	}


	/* -( PhabricatorCustomFieldInterface )------------------------------------ */


	public function getCustomFieldSpecificationForRole($role) {
	return PhabricatorEnv::getEnvConfig('projects.fields');
	}

	public function getCustomFieldBaseClass() {
	return 'PhabricatorProjectCustomField';
	}

	public function getCustomFields() {
	return $this->assertAttached($this->customFields);
	}

	public function attachCustomFields(PhabricatorCustomFieldAttachment $fields) {
	$this->customFields = $fields;
	return $this;
	}


	/* -( PhabricatorApplicationTransactionInterface )------------------------- */


	public function getApplicationTransactionEditor() {
	return new PhabricatorProjectTransactionEditor();
	}

	public function getApplicationTransactionObject() {
	return $this;
	}

	public function getApplicationTransactionTemplate() {
	return new PhabricatorProjectTransaction();
	}

	public function willRenderTimeline(
	PhabricatorApplicationTransactionView $timeline,
	AphrontRequest $request) {

	return $timeline;
	}


	/* -( PhabricatorDestructibleInterface )----------------------------------- */


	public function destroyObjectPermanently(
	PhabricatorDestructionEngine $engine) {

	$this->openTransaction();
	$this->delete();

	$columns = id(new PhabricatorProjectColumn())
	->loadAllWhere('projectPHID = %s', $this->getPHID());
	foreach ($columns as $column) {
	$engine->destroyObject($column);
	}

	$slugs = id(new PhabricatorProjectSlug())
	->loadAllWhere('projectPHID = %s', $this->getPHID());
	foreach ($slugs as $slug) {
	$slug->delete();
	}

	$this->saveTransaction();
	}


	/* -( PhabricatorFulltextInterface )--------------------------------------- */


	public function newFulltextEngine() {
	return new PhabricatorProjectFulltextEngine();
	}

	}

File Metadata

Mime Type: text/x-diff
Expires: Tue, Apr 29, 2:28 AM (19 h, 35 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 108161
Default Alt Text: (74 KB)

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions