No OneTemporary
Actions

Size

16 KB

Referenced Files

None

Subscribers

None

View Options

	diff --git a/src/applications/auth/guidance/PhabricatorAuthProvidersGuidanceEngineExtension.php b/src/applications/auth/guidance/PhabricatorAuthProvidersGuidanceEngineExtension.php
	index d4d41f1d83..8d823f82c2 100644
	--- a/src/applications/auth/guidance/PhabricatorAuthProvidersGuidanceEngineExtension.php
	+++ b/src/applications/auth/guidance/PhabricatorAuthProvidersGuidanceEngineExtension.php
	@@ -1,127 +1,126 @@
	<?php

	final class PhabricatorAuthProvidersGuidanceEngineExtension
	extends PhabricatorGuidanceEngineExtension {

	const GUIDANCEKEY = 'core.auth.providers';

	public function canGenerateGuidance(PhabricatorGuidanceContext $context) {
	return ($context instanceof PhabricatorAuthProvidersGuidanceContext);
	}

	public function generateGuidance(PhabricatorGuidanceContext $context) {
	$configs = id(new PhabricatorAuthProviderConfigQuery())
	->setViewer(PhabricatorUser::getOmnipotentUser())
	->withIsEnabled(true)
	->execute();

	$allows_registration = false;
	foreach ($configs as $config) {
	$provider = $config->getProvider();
	if ($provider->shouldAllowRegistration()) {
	$allows_registration = true;
	break;
	}
	}

	// If no provider allows registration, we don't need provide any warnings
	// about registration being too open.
	if (!$allows_registration) {
	return array();
	}

	$domains_key = 'auth.email-domains';
	$domains_link = $this->renderConfigLink($domains_key);
	$domains_value = PhabricatorEnv::getEnvConfig($domains_key);

	$approval_key = 'auth.require-approval';
	$approval_link = $this->renderConfigLink($approval_key);
	$approval_value = PhabricatorEnv::getEnvConfig($approval_key);

	$results = array();

	if ($domains_value) {
	$message = pht(
	'This server is configured with an email domain whitelist (in %s), so '.
	'only users with a verified email address at one of these %s '.
	'allowed domain(s) will be able to register an account: %s',
	$domains_link,
	phutil_count($domains_value),
	phutil_tag('strong', array(), implode(', ', $domains_value)));

	$results[] = $this->newGuidance('core.auth.email-domains.on')
	->setMessage($message);
	} else {
	$message = pht(
	- 'Anyone who can browse to this this server will be able to '.
	- 'register an account. To add email domain restrictions, configure '.
	- '%s.',
	+ 'Anyone who can browse to this server will be able to register '.
	+ 'an account. To add email domain restrictions, configure %s.',
	$domains_link);

	$results[] = $this->newGuidance('core.auth.email-domains.off')
	->setMessage($message);
	}

	if ($approval_value) {
	$message = pht(
	'Administrative approvals are enabled (in %s), so all new users must '.
	'have their accounts approved by an administrator.',
	$approval_link);

	$results[] = $this->newGuidance('core.auth.require-approval.on')
	->setMessage($message);
	} else {
	$message = pht(
	'Administrative approvals are disabled, so users who register will '.
	'be able to use their accounts immediately. To enable approvals, '.
	'configure %s.',
	$approval_link);

	$results[] = $this->newGuidance('core.auth.require-approval.off')
	->setMessage($message);
	}

	if (!$domains_value && !$approval_value) {
	$message = pht(
	'You can safely ignore these warnings if the install itself has '.
	'access controls (for example, it is deployed on a VPN) or if all of '.
	'the configured providers have access controls (for example, they are '.
	'all private LDAP or OAuth servers).');

	$results[] = $this->newWarning('core.auth.warning')
	->setMessage($message);
	}

	$locked_config_key = 'auth.lock-config';
	$is_locked = PhabricatorEnv::getEnvConfig($locked_config_key);
	if ($is_locked) {
	$message = pht(
	'Authentication provider configuration is locked, and can not be '.
	'changed without being unlocked. See the configuration setting %s '.
	'for details.',
	phutil_tag(
	'a',
	array(
	'href' => '/config/edit/'.$locked_config_key,
	),
	$locked_config_key));

	$results[] = $this->newWarning('auth.locked-config')
	->setPriority(500)
	->setMessage($message);
	}

	return $results;
	}

	private function renderConfigLink($key) {
	return phutil_tag(
	'a',
	array(
	'href' => '/config/edit/'.$key.'/',
	'target' => '_blank',
	),
	$key);
	}

	}
	diff --git a/src/applications/phame/storage/PhameBlog.php b/src/applications/phame/storage/PhameBlog.php
	index 587f5daea3..8ab5c2747e 100644
	--- a/src/applications/phame/storage/PhameBlog.php
	+++ b/src/applications/phame/storage/PhameBlog.php
	@@ -1,406 +1,406 @@
	<?php

	final class PhameBlog extends PhameDAO
	implements
	PhabricatorPolicyInterface,
	PhabricatorMarkupInterface,
	PhabricatorSubscribableInterface,
	PhabricatorFlaggableInterface,
	PhabricatorProjectInterface,
	PhabricatorDestructibleInterface,
	PhabricatorApplicationTransactionInterface,
	PhabricatorConduitResultInterface,
	PhabricatorFulltextInterface,
	PhabricatorFerretInterface {

	protected $name;
	protected $subtitle;
	protected $description;
	protected $domain;
	protected $domainFullURI;
	protected $parentSite;
	protected $parentDomain;
	protected $configData;
	protected $creatorPHID;
	protected $viewPolicy;
	protected $editPolicy;
	protected $interactPolicy;
	protected $status;
	protected $mailKey;
	protected $profileImagePHID;
	protected $headerImagePHID;

	private $profileImageFile = self::ATTACHABLE;
	private $headerImageFile = self::ATTACHABLE;

	const STATUS_ACTIVE = 'active';
	const STATUS_ARCHIVED = 'archived';

	protected function getConfiguration() {
	return array(
	self::CONFIG_AUX_PHID => true,
	self::CONFIG_SERIALIZATION => array(
	'configData' => self::SERIALIZATION_JSON,
	),
	self::CONFIG_COLUMN_SCHEMA => array(
	'name' => 'text64',
	'subtitle' => 'text64',
	'description' => 'text',
	'domain' => 'text128?',
	'domainFullURI' => 'text128?',
	'parentSite' => 'text128?',
	'parentDomain' => 'text128?',
	'status' => 'text32',
	'mailKey' => 'bytes20',
	'profileImagePHID' => 'phid?',
	'headerImagePHID' => 'phid?',

	'editPolicy' => 'policy',
	'viewPolicy' => 'policy',
	'interactPolicy' => 'policy',
	),
	self::CONFIG_KEY_SCHEMA => array(
	'key_phid' => null,
	'phid' => array(
	'columns' => array('phid'),
	'unique' => true,
	),
	'domain' => array(
	'columns' => array('domain'),
	'unique' => true,
	),
	),
	) + parent::getConfiguration();
	}

	public function save() {
	if (!$this->getMailKey()) {
	$this->setMailKey(Filesystem::readRandomCharacters(20));
	}
	return parent::save();
	}

	public function generatePHID() {
	return PhabricatorPHID::generateNewPHID(
	PhabricatorPhameBlogPHIDType::TYPECONST);
	}

	public static function initializeNewBlog(PhabricatorUser $actor) {
	$blog = id(new PhameBlog())
	->setCreatorPHID($actor->getPHID())
	->setStatus(self::STATUS_ACTIVE)
	->setViewPolicy(PhabricatorPolicies::getMostOpenPolicy())
	->setEditPolicy(PhabricatorPolicies::POLICY_USER)
	->setInteractPolicy(PhabricatorPolicies::POLICY_USER);

	return $blog;
	}

	public function isArchived() {
	return ($this->getStatus() == self::STATUS_ARCHIVED);
	}

	public static function getStatusNameMap() {
	return array(
	self::STATUS_ACTIVE => pht('Active'),
	self::STATUS_ARCHIVED => pht('Archived'),
	);
	}

	/**
	* Makes sure a given custom blog uri is properly configured in DNS
	* to point at this Phabricator instance. If there is an error in
	* the configuration, return a string describing the error and how
	* to fix it. If there is no error, return an empty string.
	*
	* @return string
	*/
	public function validateCustomDomain($domain_full_uri) {
	$example_domain = 'http://blog.example.com/';
	$label = pht('Invalid');

	// note this "uri" should be pretty busted given the desired input
	// so just use it to test if there's a protocol specified
	$uri = new PhutilURI($domain_full_uri);
	$domain = $uri->getDomain();
	$protocol = $uri->getProtocol();
	$path = $uri->getPath();
	$supported_protocols = array('http', 'https');

	if (!in_array($protocol, $supported_protocols)) {
	return pht(
	'The custom domain should include a valid protocol in the URI '.
	'(for example, "%s"). Valid protocols are "http" or "https".',
	$example_domain);
	}

	if (strlen($path) && $path != '/') {
	return pht(
	'The custom domain should not specify a path (hosting a Phame '.
	'blog at a path is currently not supported). Instead, just provide '.
	'the bare domain name (for example, "%s").',
	$example_domain);
	}

	if (strpos($domain, '.') === false) {
	return pht(
	'The custom domain should contain at least one dot (.) because '.
	'some browsers fail to set cookies on domains without a dot. '.
	'Instead, use a normal looking domain name like "%s".',
	$example_domain);
	}

	if (!PhabricatorEnv::getEnvConfig('policy.allow-public')) {
	$href = PhabricatorEnv::getProductionURI(
	'/config/edit/policy.allow-public/');
	return pht(
	- 'For custom domains to work, this this server must be '.
	+ 'For custom domains to work, this server must be '.
	'configured to allow the public access policy. Configure this '.
	'setting %s, or ask an administrator to configure this setting. '.
	'The domain can be specified later once this setting has been '.
	'changed.',
	phutil_tag(
	'a',
	array('href' => $href),
	pht('here')));
	}

	return null;
	}

	public function getLiveURI() {
	if (phutil_nonempty_string($this->getDomain())) {
	return $this->getExternalLiveURI();
	} else {
	return $this->getInternalLiveURI();
	}
	}

	public function getExternalLiveURI() {
	$uri = new PhutilURI($this->getDomainFullURI());
	PhabricatorEnv::requireValidRemoteURIForLink($uri);
	return (string)$uri;
	}

	public function getExternalParentURI() {
	$uri = $this->getParentDomain();
	PhabricatorEnv::requireValidRemoteURIForLink($uri);
	return (string)$uri;
	}

	public function getInternalLiveURI() {
	return '/phame/live/'.$this->getID().'/';
	}

	public function getViewURI() {
	return '/phame/blog/view/'.$this->getID().'/';
	}

	public function getManageURI() {
	return '/phame/blog/manage/'.$this->getID().'/';
	}

	/**
	* Get relative URI of Phame blog feed.
	*
	* @return string Relative URI of Phame blog feed
	*/
	public function getFeedURI() {
	return '/phame/blog/feed/'.$this->getID().'/';
	}

	public function getProfileImageURI() {
	return $this->getProfileImageFile()->getBestURI();
	}

	public function attachProfileImageFile(PhabricatorFile $file) {
	$this->profileImageFile = $file;
	return $this;
	}

	public function getProfileImageFile() {
	return $this->assertAttached($this->profileImageFile);
	}

	public function getHeaderImageURI() {
	return $this->getHeaderImageFile()->getBestURI();
	}

	public function attachHeaderImageFile(PhabricatorFile $file) {
	$this->headerImageFile = $file;
	return $this;
	}

	public function getHeaderImageFile() {
	return $this->assertAttached($this->headerImageFile);
	}


	/* -( PhabricatorPolicyInterface Implementation )-------------------------- */


	public function getCapabilities() {
	return array(
	PhabricatorPolicyCapability::CAN_VIEW,
	PhabricatorPolicyCapability::CAN_INTERACT,
	PhabricatorPolicyCapability::CAN_EDIT,
	);
	}


	public function getPolicy($capability) {
	switch ($capability) {
	case PhabricatorPolicyCapability::CAN_VIEW:
	return $this->getViewPolicy();
	case PhabricatorPolicyCapability::CAN_INTERACT:
	return $this->getInteractPolicy();
	case PhabricatorPolicyCapability::CAN_EDIT:
	return $this->getEditPolicy();
	}
	}

	public function hasAutomaticCapability($capability, PhabricatorUser $user) {
	$can_edit = PhabricatorPolicyCapability::CAN_EDIT;

	switch ($capability) {
	case PhabricatorPolicyCapability::CAN_VIEW:
	// Users who can edit or post to a blog can always view it.
	if (PhabricatorPolicyFilter::hasCapability($user, $this, $can_edit)) {
	return true;
	}
	break;
	}

	return false;
	}


	public function describeAutomaticCapability($capability) {
	switch ($capability) {
	case PhabricatorPolicyCapability::CAN_VIEW:
	return pht(
	'Users who can edit a blog can always view it.');
	}

	return null;
	}


	/* -( PhabricatorMarkupInterface Implementation )-------------------------- */


	public function getMarkupFieldKey($field) {
	$content = $this->getMarkupText($field);
	return PhabricatorMarkupEngine::digestRemarkupContent($this, $content);
	}


	public function newMarkupEngine($field) {
	return PhabricatorMarkupEngine::newPhameMarkupEngine();
	}


	public function getMarkupText($field) {
	return $this->getDescription();
	}


	public function didMarkupText(
	$field,
	$output,
	PhutilMarkupEngine $engine) {
	return $output;
	}

	public function shouldUseMarkupCache($field) {
	return (bool)$this->getPHID();
	}

	/* -( PhabricatorDestructibleInterface )----------------------------------- */

	public function destroyObjectPermanently(
	PhabricatorDestructionEngine $engine) {

	$this->openTransaction();

	$posts = id(new PhamePostQuery())
	->setViewer($engine->getViewer())
	->withBlogPHIDs(array($this->getPHID()))
	->execute();
	foreach ($posts as $post) {
	$engine->destroyObject($post);
	}
	$this->delete();

	$this->saveTransaction();
	}


	/* -( PhabricatorApplicationTransactionInterface )------------------------- */


	public function getApplicationTransactionEditor() {
	return new PhameBlogEditor();
	}

	public function getApplicationTransactionTemplate() {
	return new PhameBlogTransaction();
	}


	/* -( PhabricatorSubscribableInterface Implementation )-------------------- */


	public function isAutomaticallySubscribed($phid) {
	return false;
	}


	/* -( PhabricatorConduitResultInterface )---------------------------------- */


	public function getFieldSpecificationsForConduit() {
	return array(
	id(new PhabricatorConduitSearchFieldSpecification())
	->setKey('name')
	->setType('string')
	->setDescription(pht('The name of the blog.')),
	id(new PhabricatorConduitSearchFieldSpecification())
	->setKey('description')
	->setType('string')
	->setDescription(pht('Blog description.')),
	id(new PhabricatorConduitSearchFieldSpecification())
	->setKey('status')
	->setType('string')
	->setDescription(pht('Archived or active status.')),
	);
	}

	public function getFieldValuesForConduit() {
	return array(
	'name' => $this->getName(),
	'description' => $this->getDescription(),
	'status' => $this->getStatus(),
	);
	}

	public function getConduitSearchAttachments() {
	return array();
	}


	/* -( PhabricatorFulltextInterface )--------------------------------------- */

	public function newFulltextEngine() {
	return new PhameBlogFulltextEngine();
	}


	/* -( PhabricatorFerretInterface )----------------------------------------- */


	public function newFerretEngine() {
	return new PhameBlogFerretEngine();
	}

	}

File Metadata

Mime Type: text/x-diff
Expires: Wed, Apr 30, 1:10 PM (1 d, 8 h)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 108715
Default Alt Text: (16 KB)

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions