No OneTemporary
Actions

Size

11 KB

Referenced Files

None

Subscribers

None

View Options

	diff --git a/src/applications/meta/xactions/PhabricatorApplicationPolicyChangeTransaction.php b/src/applications/meta/xactions/PhabricatorApplicationPolicyChangeTransaction.php
	index 5364a3d4fa..3c58b42ab5 100644
	--- a/src/applications/meta/xactions/PhabricatorApplicationPolicyChangeTransaction.php
	+++ b/src/applications/meta/xactions/PhabricatorApplicationPolicyChangeTransaction.php
	@@ -1,206 +1,176 @@
	<?php

	final class PhabricatorApplicationPolicyChangeTransaction
	extends PhabricatorApplicationTransactionType {

	const TRANSACTIONTYPE = 'application.policy';
	const METADATA_ATTRIBUTE = 'capability.name';

	private $policies;

	public function generateOldValue($object) {
	$application = $object;
	$capability = $this->getCapabilityName();
	return $application->getPolicy($capability);
	}

	public function applyExternalEffects($object, $value) {
	$application = $object;
	$user = $this->getActor();

	$key = 'phabricator.application-settings';
	$config_entry = PhabricatorConfigEntry::loadConfigEntry($key);
	$current_value = $config_entry->getValue();

	$phid = $application->getPHID();
	if (empty($current_value[$phid])) {
	$current_value[$application->getPHID()] = array();
	}
	if (empty($current_value[$phid]['policy'])) {
	$current_value[$phid]['policy'] = array();
	}

	$new = array($this->getCapabilityName() => $value);
	$current_value[$phid]['policy'] = $new + $current_value[$phid]['policy'];

	$editor = $this->getEditor();
	$content_source = $editor->getContentSource();

	// NOTE: We allow applications to have custom edit policies, but they are
	// currently stored in the Config application. The ability to edit Config
	// values is always restricted to administrators, today. Empower this
	// particular edit to punch through possible stricter policies, so normal
	// users can change application configuration if the application allows
	// them to do so.

	PhabricatorConfigEditor::storeNewValue(
	PhabricatorUser::getOmnipotentUser(),
	$config_entry,
	$current_value,
	$content_source,
	$user->getPHID());
	}

	public function getTitle() {
	- $old = $this->renderApplicationPolicy($this->getOldValue());
	- $new = $this->renderApplicationPolicy($this->getNewValue());
	-
	return pht(
	- '%s changed the "%s" policy from "%s" to "%s".',
	+ '%s changed the %s policy from %s to %s.',
	$this->renderAuthor(),
	$this->renderCapability(),
	- $old,
	- $new);
	+ $this->renderOldPolicy(),
	+ $this->renderNewPolicy());
	}

	public function getTitleForFeed() {
	$old = $this->renderApplicationPolicy($this->getOldValue());
	$new = $this->renderApplicationPolicy($this->getNewValue());

	return pht(
	- '%s changed the "%s" policy for application %s from "%s" to "%s".',
	+ '%s changed the %s policy for application %s from %s to %s.',
	$this->renderAuthor(),
	$this->renderCapability(),
	$this->renderObject(),
	- $old,
	- $new);
	+ $this->renderOldPolicy(),
	+ $this->renderNewPolicy());
	}

	public function validateTransactions($object, array $xactions) {
	$user = $this->getActor();
	$application = $object;
	$policies = id(new PhabricatorPolicyQuery())
	->setViewer($user)
	->setObject($application)
	->execute();

	$errors = array();
	foreach ($xactions as $xaction) {
	$new = $xaction->getNewValue();
	$capability = $xaction->getMetadataValue(self::METADATA_ATTRIBUTE);

	if (empty($policies[$new])) {
	// Not a standard policy, check for a custom policy.
	$policy = id(new PhabricatorPolicyQuery())
	->setViewer($user)
	->withPHIDs(array($new))
	->executeOne();
	if (!$policy) {
	$errors[] = $this->newInvalidError(
	pht('Policy does not exist.'));
	continue;
	}
	} else {
	$policy = idx($policies, $new);
	}

	if (!$policy->isValidPolicyForEdit()) {
	$errors[] = $this->newInvalidError(
	pht('Can\'t set the policy to a policy you can\'t view!'));
	continue;
	}

	if ($new == PhabricatorPolicies::POLICY_PUBLIC) {
	$capobj = PhabricatorPolicyCapability::getCapabilityByKey(
	$capability);
	if (!$capobj \|\| !$capobj->shouldAllowPublicPolicySetting()) {
	$errors[] = $this->newInvalidError(
	pht('Can\'t set non-public policies to public.'));
	continue;
	}
	}

	if (!$application->isCapabilityEditable($capability)) {
	$errors[] = $this->newInvalidError(
	pht('Capability "%s" is not editable for this application.',
	$capability));
	continue;
	}
	}

	// If we're changing these policies, the viewer needs to still be able to
	// view or edit the application under the new policy.
	$validate_map = array(
	PhabricatorPolicyCapability::CAN_VIEW,
	PhabricatorPolicyCapability::CAN_EDIT,
	);
	$validate_map = array_fill_keys($validate_map, array());

	foreach ($xactions as $xaction) {
	$capability = $xaction->getMetadataValue(self::METADATA_ATTRIBUTE);
	if (!isset($validate_map[$capability])) {
	continue;
	}

	$validate_map[$capability][] = $xaction;
	}

	foreach ($validate_map as $capability => $cap_xactions) {
	if (!$cap_xactions) {
	continue;
	}

	$editor = $this->getEditor();
	$policy_errors = $editor->validatePolicyTransaction(
	$object,
	$cap_xactions,
	self::TRANSACTIONTYPE,
	$capability);

	foreach ($policy_errors as $error) {
	$errors[] = $error;
	}
	}

	return $errors;
	}

	- private function renderApplicationPolicy($name) {
	- $policies = $this->getAllPolicies();
	- if (empty($policies[$name])) {
	- // Not a standard policy, check for a custom policy.
	- $policy = id(new PhabricatorPolicyQuery())
	- ->setViewer($this->getViewer())
	- ->withPHIDs(array($name))
	- ->executeOne();
	- $policies[$name] = $policy;
	- }
	-
	- $policy = idx($policies, $name);
	- return $this->renderValue($policy->getFullName());
	- }
	-
	- private function getAllPolicies() {
	- if (!$this->policies) {
	- $viewer = $this->getViewer();
	- $application = $this->getObject();
	- $this->policies = id(new PhabricatorPolicyQuery())
	- ->setViewer($viewer)
	- ->setObject($application)
	- ->execute();
	- }
	-
	- return $this->policies;
	- }
	-
	private function renderCapability() {
	$application = $this->getObject();
	$capability = $this->getCapabilityName();
	- return $application->getCapabilityLabel($capability);
	+ $label = $application->getCapabilityLabel($capability);
	+ return $this->renderValue($label);
	}

	private function getCapabilityName() {
	return $this->getMetadataValue(self::METADATA_ATTRIBUTE);
	}

	}
	diff --git a/src/applications/transactions/controller/PhabricatorApplicationTransactionValueController.php b/src/applications/transactions/controller/PhabricatorApplicationTransactionValueController.php
	index bef6fef5a8..9c82ff99c8 100644
	--- a/src/applications/transactions/controller/PhabricatorApplicationTransactionValueController.php
	+++ b/src/applications/transactions/controller/PhabricatorApplicationTransactionValueController.php
	@@ -1,145 +1,146 @@
	<?php

	final class PhabricatorApplicationTransactionValueController
	extends PhabricatorApplicationTransactionController {

	public function shouldAllowPublic() {
	return true;
	}

	public function handleRequest(AphrontRequest $request) {
	$viewer = $this->getViewer();
	$phid = $request->getURIData('phid');
	$type = $request->getURIData('value');

	$xaction = id(new PhabricatorObjectQuery())
	->setViewer($viewer)
	->withPHIDs(array($phid))
	->executeOne();
	if (!$xaction) {
	return new Aphront404Response();
	}

	// For now, this pathway only supports policy transactions
	// to show the details of custom policies. If / when this pathway
	// supports more transaction types, rendering coding should be moved
	// into PhabricatorTransactions e.g. feed rendering code.

	// TODO: This should be some kind of "hey do you support this?" thing on
	// the transactions themselves.

	switch ($xaction->getTransactionType()) {
	case PhabricatorTransactions::TYPE_VIEW_POLICY:
	case PhabricatorTransactions::TYPE_EDIT_POLICY:
	case PhabricatorTransactions::TYPE_JOIN_POLICY:
	case PhabricatorRepositoryPushPolicyTransaction::TRANSACTIONTYPE:
	+ case PhabricatorApplicationPolicyChangeTransaction::TRANSACTIONTYPE:
	break;
	default:
	return new Aphront404Response();
	break;
	}

	if ($type == 'old') {
	$value = $xaction->getOldValue();
	} else {
	$value = $xaction->getNewValue();
	}

	$policy = id(new PhabricatorPolicyQuery())
	->setViewer($viewer)
	->withPHIDs(array($value))
	->executeOne();
	if (!$policy) {
	return new Aphront404Response();
	}

	if ($policy->getType() != PhabricatorPolicyType::TYPE_CUSTOM) {
	return new Aphront404Response();
	}

	$rule_objects = array();
	foreach ($policy->getCustomRuleClasses() as $class) {
	$rule_objects[$class] = newv($class, array());
	}
	$policy->attachRuleObjects($rule_objects);

	$this->requireResource('policy-transaction-detail-css');
	$cancel_uri = $this->guessCancelURI($viewer, $xaction);

	return $this->newDialog()
	->setTitle($policy->getFullName())
	->setWidth(AphrontDialogView::WIDTH_FORM)
	->appendChild($this->renderPolicyDetails($policy, $rule_objects))
	->addCancelButton($cancel_uri, pht('Close'));
	}

	private function extractPHIDs(
	PhabricatorPolicy $policy,
	array $rule_objects) {

	$phids = array();
	foreach ($policy->getRules() as $rule) {
	$rule_object = $rule_objects[$rule['rule']];
	$phids[] =
	$rule_object->getRequiredHandlePHIDsForSummary($rule['value']);
	}
	return array_filter(array_mergev($phids));
	}

	private function renderPolicyDetails(
	PhabricatorPolicy $policy,
	array $rule_objects) {
	$details = array();
	$details[] = phutil_tag(
	'p',
	array(
	'class' => 'policy-transaction-detail-intro',
	),
	pht('These rules are processed in order:'));

	foreach ($policy->getRules() as $index => $rule) {
	$rule_object = $rule_objects[$rule['rule']];
	if ($rule['action'] == 'allow') {
	$icon = 'fa-check-circle green';
	} else {
	$icon = 'fa-minus-circle red';
	}
	$icon = id(new PHUIIconView())
	->setIcon($icon)
	->setText(
	ucfirst($rule['action']).' '.$rule_object->getRuleDescription());

	$handle_phids = $rule_object->getRequiredHandlePHIDsForSummary(
	$rule['value']);
	if ($handle_phids) {
	$value = $this->getViewer()
	->renderHandleList($handle_phids)
	->setAsInline(true);
	} else {
	$value = $rule['value'];
	}

	$details[] = phutil_tag('div',
	array(
	'class' => 'policy-transaction-detail-row',
	),
	array(
	$icon,
	$value,
	));
	}

	$details[] = phutil_tag(
	'p',
	array(
	'class' => 'policy-transaction-detail-end',
	),
	pht(
	'If no rules match, %s all other users.',
	phutil_tag('b',
	array(),
	$policy->getDefaultAction())));
	return $details;
	}

	}

File Metadata

Mime Type: text/x-diff
Expires: Sun, Jul 27, 4:20 PM (1 w, 9 h ago)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 185974
Default Alt Text: (11 KB)

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions