No OneTemporary
Actions

Size

33 KB

Referenced Files

None

Subscribers

None

View Options

	diff --git a/src/applications/feed/story/PhabricatorFeedStory.php b/src/applications/feed/story/PhabricatorFeedStory.php
	index 07503e86b4..3d815364ef 100644
	--- a/src/applications/feed/story/PhabricatorFeedStory.php
	+++ b/src/applications/feed/story/PhabricatorFeedStory.php
	@@ -1,325 +1,327 @@
	<?php

	/**
	* Manages rendering and aggregation of a story. A story is an event (like a
	* user adding a comment) which may be represented in different forms on
	* different channels (like feed, notifications and realtime alerts).
	*
	* @task load Loading Stories
	* @task policy Policy Implementation
	*/
	abstract class PhabricatorFeedStory implements PhabricatorPolicyInterface {

	private $data;
	private $hasViewed;
	private $framed;
	private $hovercard = false;

	private $handles = array();
	private $objects = array();

	/* -( Loading Stories )---------------------------------------------------- */


	/**
	* Given @{class:PhabricatorFeedStoryData} rows, load them into objects and
	* construct appropriate @{class:PhabricatorFeedStory} wrappers for each
	* data row.
	*
	* @param list<dict> List of @{class:PhabricatorFeedStoryData} rows from the
	* database.
	* @return list<PhabricatorFeedStory> List of @{class:PhabricatorFeedStory}
	* objects.
	* @task load
	*/
	public static function loadAllFromRows(array $rows, PhabricatorUser $viewer) {
	$stories = array();

	$data = id(new PhabricatorFeedStoryData())->loadAllFromArray($rows);
	foreach ($data as $story_data) {
	$class = $story_data->getStoryType();

	try {
	$ok =
	class_exists($class) &&
	is_subclass_of($class, 'PhabricatorFeedStory');
	} catch (PhutilMissingSymbolException $ex) {
	$ok = false;
	}

	// If the story type isn't a valid class or isn't a subclass of
	// PhabricatorFeedStory, decline to load it.
	if (!$ok) {
	continue;
	}

	$key = $story_data->getChronologicalKey();
	$stories[$key] = newv($class, array($story_data));
	}

	$object_phids = array();
	$key_phids = array();
	foreach ($stories as $key => $story) {
	$phids = array();
	foreach ($story->getRequiredObjectPHIDs() as $phid) {
	$phids[$phid] = true;
	}
	if ($story->getPrimaryObjectPHID()) {
	$phids[$story->getPrimaryObjectPHID()] = true;
	}
	$key_phids[$key] = $phids;
	$object_phids += $phids;
	}

	- $objects = id(new PhabricatorObjectHandleData(array_keys($object_phids)))
	+ $objects = id(new PhabricatorObjectQuery())
	->setViewer($viewer)
	- ->loadObjects();
	+ ->withPHIDs(array_keys($object_phids))
	+ ->execute();

	foreach ($key_phids as $key => $phids) {
	if (!$phids) {
	continue;
	}
	$story_objects = array_select_keys($objects, array_keys($phids));
	if (count($story_objects) != count($phids)) {
	// An object this story requires either does not exist or is not visible
	// to the user. Decline to render the story.
	unset($stories[$key]);
	unset($key_phids[$key]);
	continue;
	}

	$stories[$key]->setObjects($story_objects);
	}

	$handle_phids = array();
	foreach ($stories as $key => $story) {
	foreach ($story->getRequiredHandlePHIDs() as $phid) {
	$key_phids[$key][$phid] = true;
	}
	if ($story->getAuthorPHID()) {
	$key_phids[$key][$story->getAuthorPHID()] = true;
	}
	$handle_phids += $key_phids[$key];
	}

	- $handles = id(new PhabricatorObjectHandleData(array_keys($handle_phids)))
	+ $handles = id(new PhabricatorHandleQuery())
	->setViewer($viewer)
	- ->loadHandles();
	+ ->withPHIDs(array_keys($handle_phids))
	+ ->execute();

	foreach ($key_phids as $key => $phids) {
	if (!$phids) {
	continue;
	}
	$story_handles = array_select_keys($handles, array_keys($phids));
	$stories[$key]->setHandles($story_handles);
	}

	return $stories;
	}

	public function setHovercard($hover) {
	$this->hovercard = $hover;
	return $this;
	}

	public function setObjects(array $objects) {
	$this->objects = $objects;
	return $this;
	}

	public function getObject($phid) {
	$object = idx($this->objects, $phid);
	if (!$object) {
	throw new Exception(
	"Story is asking for an object it did not request ('{$phid}')!");
	}
	return $object;
	}

	public function getPrimaryObject() {
	$phid = $this->getPrimaryObjectPHID();
	if (!$phid) {
	throw new Exception("Story has no primary object!");
	}
	return $this->getObject($phid);
	}

	public function getPrimaryObjectPHID() {
	return null;
	}

	final public function __construct(PhabricatorFeedStoryData $data) {
	$this->data = $data;
	}

	abstract public function renderView();

	public function getRequiredHandlePHIDs() {
	return array();
	}

	public function getRequiredObjectPHIDs() {
	return array();
	}

	public function setHasViewed($has_viewed) {
	$this->hasViewed = $has_viewed;
	return $this;
	}

	public function getHasViewed() {
	return $this->hasViewed;
	}

	final public function setFramed($framed) {
	$this->framed = $framed;
	return $this;
	}

	final public function setHandles(array $handles) {
	assert_instances_of($handles, 'PhabricatorObjectHandle');
	$this->handles = $handles;
	return $this;
	}

	final protected function getObjects() {
	return $this->objects;
	}

	final protected function getHandles() {
	return $this->handles;
	}

	final protected function getHandle($phid) {
	if (isset($this->handles[$phid])) {
	if ($this->handles[$phid] instanceof PhabricatorObjectHandle) {
	return $this->handles[$phid];
	}
	}

	$handle = new PhabricatorObjectHandle();
	$handle->setPHID($phid);
	$handle->setName("Unloaded Object '{$phid}'");

	return $handle;
	}

	final public function getStoryData() {
	return $this->data;
	}

	final public function getEpoch() {
	return $this->getStoryData()->getEpoch();
	}

	final public function getChronologicalKey() {
	return $this->getStoryData()->getChronologicalKey();
	}

	final public function getValue($key, $default = null) {
	return $this->getStoryData()->getValue($key, $default);
	}

	final public function getAuthorPHID() {
	return $this->getStoryData()->getAuthorPHID();
	}

	final protected function renderHandleList(array $phids) {
	$list = array();
	foreach ($phids as $phid) {
	$list[] = $this->linkTo($phid);
	}
	return phutil_implode_html(', ', $list);
	}

	final protected function linkTo($phid) {
	$handle = $this->getHandle($phid);

	// NOTE: We render our own link here to customize the styling and add
	// the '_top' target for framed feeds.

	$class = null;
	if ($handle->getType() == PhabricatorPeoplePHIDTypeUser::TYPECONST) {
	$class = 'phui-link-person';
	}

	return javelin_tag(
	'a',
	array(
	'href' => $handle->getURI(),
	'target' => $this->framed ? '_top' : null,
	'sigil' => $this->hovercard ? 'hovercard' : null,
	'meta' => $this->hovercard ? array('hoverPHID' => $phid) : null,
	'class' => $class,
	),
	$handle->getLinkName());
	}

	final protected function renderString($str) {
	return phutil_tag('strong', array(), $str);
	}

	final protected function renderSummary($text, $len = 128) {
	if ($len) {
	$text = phutil_utf8_shorten($text, $len);
	}
	$text = phutil_escape_html_newlines($text);
	return $text;
	}

	public function getNotificationAggregations() {
	return array();
	}

	protected function newStoryView() {
	return id(new PHUIFeedStoryView())
	->setChronologicalKey($this->getChronologicalKey())
	->setEpoch($this->getEpoch())
	->setViewed($this->getHasViewed());
	}


	/* -( PhabricatorPolicyInterface Implementation )-------------------------- */


	/**
	* @task policy
	*/
	public function getCapabilities() {
	return array(
	PhabricatorPolicyCapability::CAN_VIEW,
	);
	}


	/**
	* @task policy
	*/
	public function getPolicy($capability) {
	// If this story's primary object is a policy-aware object, use its policy
	// to control story visiblity.

	$primary_phid = $this->getPrimaryObjectPHID();
	if (isset($this->objects[$primary_phid])) {
	$object = $this->objects[$primary_phid];
	if ($object instanceof PhabricatorPolicyInterface) {
	return $object->getPolicy($capability);
	}
	}

	// TODO: Remove this once all objects are policy-aware. For now, keep
	// respecting the `feed.public` setting.
	return PhabricatorEnv::getEnvConfig('feed.public')
	? PhabricatorPolicies::POLICY_PUBLIC
	: PhabricatorPolicies::POLICY_USER;
	}


	/**
	* @task policy
	*/
	public function hasAutomaticCapability($capability, PhabricatorUser $viewer) {
	return false;
	}

	}
	diff --git a/src/applications/phid/query/PhabricatorObjectQuery.php b/src/applications/phid/query/PhabricatorObjectQuery.php
	index d3ed12584c..94b670ebaa 100644
	--- a/src/applications/phid/query/PhabricatorObjectQuery.php
	+++ b/src/applications/phid/query/PhabricatorObjectQuery.php
	@@ -1,121 +1,130 @@
	<?php

	final class PhabricatorObjectQuery
	extends PhabricatorCursorPagedPolicyAwareQuery {

	private $phids;
	private $names;

	private $namedResults;

	public function withPHIDs(array $phids) {
	$this->phids = $phids;
	return $this;
	}

	public function withNames(array $names) {
	$this->names = $names;
	return $this;
	}

	public function loadPage() {
	if ($this->namedResults === null) {
	$this->namedResults = array();
	}

	$types = PhabricatorPHIDType::getAllTypes();

	$names = $this->names;
	$phids = $this->phids;

	// We allow objects to be named by their PHID in addition to their normal
	// name so that, e.g., CLI tools which accept object names can also accept
	// PHIDs and work as users expect.
	$actually_phids = array();
	if ($names) {
	foreach ($names as $key => $name) {
	if (!strncmp($name, 'PHID-', 5)) {
	$actually_phids[] = $name;
	$phids[] = $name;
	unset($names[$key]);
	}
	}
	}

	if ($names) {
	$name_results = $this->loadObjectsByName($types, $names);
	} else {
	$name_results = array();
	}

	if ($phids) {
	$phid_results = $this->loadObjectsByPHID($types, $phids);
	} else {
	$phid_results = array();
	}

	foreach ($actually_phids as $phid) {
	if (isset($phid_results[$phid])) {
	$name_results[$phid] = $phid_results[$phid];
	}
	}

	$this->namedResults += $name_results;

	return $phid_results + mpull($name_results, null, 'getPHID');
	}

	public function getNamedResults() {
	if ($this->namedResults === null) {
	throw new Exception("Call execute() before getNamedResults()!");
	}
	return $this->namedResults;
	}

	private function loadObjectsByName(array $types, array $names) {
	$groups = array();
	foreach ($names as $name) {
	foreach ($types as $type => $type_impl) {
	if (!$type_impl->canLoadNamedObject($name)) {
	continue;
	}
	$groups[$type][] = $name;
	break;
	}
	}

	$results = array();
	foreach ($groups as $type => $group) {
	$results += $types[$type]->loadNamedObjects($this, $group);
	}

	return $results;
	}

	private function loadObjectsByPHID(array $types, array $phids) {
	$groups = array();
	foreach ($phids as $phid) {
	$type = phid_get_type($phid);
	$groups[$type][] = $phid;
	}

	$results = array();
	foreach ($groups as $type => $group) {
	if (isset($types[$type])) {
	$objects = $types[$type]->loadObjects($this, $group);
	$results += mpull($objects, null, 'getPHID');
	}
	}

	return $results;
	}

	protected function didFilterResults(array $filtered) {
	foreach ($this->namedResults as $name => $result) {
	if (isset($filtered[$result->getPHID()])) {
	unset($this->namedResults[$name]);
	}
	}
	}

	+ /**
	+ * This query disables policy filtering because it is performed in the
	+ * subqueries which actually load objects. We don't need to re-filter
	+ * results, since policies have already been applied.
	+ */
	+ protected function shouldDisablePolicyFiltering() {
	+ return true;
	+ }
	+
	}
	diff --git a/src/applications/policy/filter/PhabricatorPolicyFilter.php b/src/applications/policy/filter/PhabricatorPolicyFilter.php
	index 9a26b952eb..ca83847a24 100644
	--- a/src/applications/policy/filter/PhabricatorPolicyFilter.php
	+++ b/src/applications/policy/filter/PhabricatorPolicyFilter.php
	@@ -1,284 +1,293 @@
	<?php

	final class PhabricatorPolicyFilter {

	private $viewer;
	private $objects;
	private $capabilities;
	private $raisePolicyExceptions;
	private $userProjects;

	public static function mustRetainCapability(
	PhabricatorUser $user,
	PhabricatorPolicyInterface $object,
	$capability) {

	if (!self::hasCapability($user, $object, $capability)) {
	throw new Exception(
	"You can not make that edit, because it would remove your ability ".
	"to '{$capability}' the object.");
	}
	}

	public static function requireCapability(
	PhabricatorUser $user,
	PhabricatorPolicyInterface $object,
	$capability) {
	$filter = new PhabricatorPolicyFilter();
	$filter->setViewer($user);
	$filter->requireCapabilities(array($capability));
	$filter->raisePolicyExceptions(true);
	$filter->apply(array($object));
	}

	public static function hasCapability(
	PhabricatorUser $user,
	PhabricatorPolicyInterface $object,
	$capability) {

	$filter = new PhabricatorPolicyFilter();
	$filter->setViewer($user);
	$filter->requireCapabilities(array($capability));
	$result = $filter->apply(array($object));

	return (count($result) == 1);
	}

	public function setViewer(PhabricatorUser $user) {
	$this->viewer = $user;
	return $this;
	}

	public function requireCapabilities(array $capabilities) {
	$this->capabilities = $capabilities;
	return $this;
	}

	public function raisePolicyExceptions($raise) {
	$this->raisePolicyExceptions = $raise;
	return $this;
	}

	public function apply(array $objects) {
	assert_instances_of($objects, 'PhabricatorPolicyInterface');

	$viewer = $this->viewer;
	$capabilities = $this->capabilities;

	if (!$viewer \|\| !$capabilities) {
	throw new Exception(
	'Call setViewer() and requireCapabilities() before apply()!');
	}

	+ // If the viewer is omnipotent, short circuit all the checks and just
	+ // return the input unmodified. This is an optimization; we know the
	+ // result already.
	+ if ($viewer->isOmnipotent()) {
	+ return $objects;
	+ }
	+
	$filtered = array();
	+ $viewer_phid = $viewer->getPHID();
	+
	+ if (empty($this->userProjects[$viewer_phid])) {
	+ $this->userProjects[$viewer_phid] = array();
	+ }

	$need_projects = array();
	foreach ($objects as $key => $object) {
	$object_capabilities = $object->getCapabilities();
	foreach ($capabilities as $capability) {
	if (!in_array($capability, $object_capabilities)) {
	throw new Exception(
	"Testing for capability '{$capability}' on an object which does ".
	"not have that capability!");
	}

	$policy = $object->getPolicy($capability);
	$type = phid_get_type($policy);
	if ($type == PhabricatorProjectPHIDTypeProject::TYPECONST) {
	- $need_projects[] = $policy;
	+ $need_projects[$policy] = $policy;
	}
	}
	}

	+ // If we need projects, check if any of the projects we need are also the
	+ // objects we're filtering. Because of how project rules work, this is a
	+ // common case.
	if ($need_projects) {
	- $need_projects = array_unique($need_projects);
	-
	- // If projects have recursive policies, automatically fail them rather
	- // than looping. This will fall back to automatic capabilities and
	- // resolve the policies in a sensible way.
	- static $querying_projects = array();
	- foreach ($need_projects as $key => $project) {
	- if (empty($querying_projects[$project])) {
	- $querying_projects[$project] = true;
	- continue;
	+ foreach ($objects as $object) {
	+ if ($object instanceof PhabricatorProject) {
	+ $project_phid = $object->getPHID();
	+ if (isset($need_projects[$project_phid])) {
	+ $is_member = $object->isUserMember($viewer_phid);
	+ $this->userProjects[$viewer_phid][$project_phid] = $is_member;
	+ unset($need_projects[$project_phid]);
	+ }
	}
	- unset($need_projects[$key]);
	}
	+ }

	- if ($need_projects) {
	- $caught = null;
	- try {
	- $projects = id(new PhabricatorProjectQuery())
	- ->setViewer($viewer)
	- ->withMemberPHIDs(array($viewer->getPHID()))
	- ->withPHIDs($need_projects)
	- ->execute();
	- } catch (Exception $ex) {
	- $caught = $ex;
	- }
	-
	- foreach ($need_projects as $key => $project) {
	- unset($querying_projects[$project]);
	- }
	-
	- if ($caught) {
	- throw $caught;
	- }
	+ if ($need_projects) {
	+ $need_projects = array_unique($need_projects);

	- $projects = mpull($projects, null, 'getPHID');
	- $this->userProjects[$viewer->getPHID()] = $projects;
	+ // NOTE: We're using the omnipotent user here to avoid a recursive
	+ // descent into madness. We don't actually need to know if the user can
	+ // see these projects or not, since: the check is "user is member of
	+ // project", not "user can see project"; and membership implies
	+ // visibility anyway. Without this, we may load other projects and
	+ // re-enter the policy filter and generally create a huge mess.
	+
	+ $projects = id(new PhabricatorProjectQuery())
	+ ->setViewer(PhabricatorUser::getOmnipotentUser())
	+ ->withMemberPHIDs(array($viewer->getPHID()))
	+ ->withPHIDs($need_projects)
	+ ->execute();
	+
	+ foreach ($projects as $project) {
	+ $this->userProjects[$viewer_phid][$project->getPHID()] = true;
	}
	}

	foreach ($objects as $key => $object) {
	$object_capabilities = $object->getCapabilities();
	foreach ($capabilities as $capability) {
	if (!$this->checkCapability($object, $capability)) {
	// If we're missing any capability, move on to the next object.
	continue 2;
	}

	// If we make it here, we have all of the required capabilities.
	$filtered[$key] = $object;
	}
	}

	return $filtered;
	}

	private function checkCapability(
	PhabricatorPolicyInterface $object,
	$capability) {

	$policy = $object->getPolicy($capability);

	if (!$policy) {
	// TODO: Formalize this somehow?
	$policy = PhabricatorPolicies::POLICY_USER;
	}

	if ($policy == PhabricatorPolicies::POLICY_PUBLIC) {
	// If the object is set to "public" but that policy is disabled for this
	// install, restrict the policy to "user".
	if (!PhabricatorEnv::getEnvConfig('policy.allow-public')) {
	$policy = PhabricatorPolicies::POLICY_USER;
	}

	// If the object is set to "public" but the capability is anything other
	// than "view", restrict the policy to "user".
	if ($capability != PhabricatorPolicyCapability::CAN_VIEW) {
	$policy = PhabricatorPolicies::POLICY_USER;
	}
	}

	$viewer = $this->viewer;

	if ($viewer->isOmnipotent()) {
	return true;
	}

	if ($object->hasAutomaticCapability($capability, $viewer)) {
	return true;
	}

	switch ($policy) {
	case PhabricatorPolicies::POLICY_PUBLIC:
	return true;
	case PhabricatorPolicies::POLICY_USER:
	if ($viewer->getPHID()) {
	return true;
	} else {
	$this->rejectObject($object, $policy, $capability);
	}
	break;
	case PhabricatorPolicies::POLICY_ADMIN:
	if ($viewer->getIsAdmin()) {
	return true;
	} else {
	$this->rejectObject($object, $policy, $capability);
	}
	break;
	case PhabricatorPolicies::POLICY_NOONE:
	$this->rejectObject($object, $policy, $capability);
	break;
	default:
	$type = phid_get_type($policy);
	if ($type == PhabricatorProjectPHIDTypeProject::TYPECONST) {
	if (isset($this->userProjects[$viewer->getPHID()][$policy])) {
	return true;
	} else {
	$this->rejectObject($object, $policy, $capability);
	}
	} else if ($type == PhabricatorPeoplePHIDTypeUser::TYPECONST) {
	if ($viewer->getPHID() == $policy) {
	return true;
	} else {
	$this->rejectObject($object, $policy, $capability);
	}
	} else {
	throw new Exception("Object has unknown policy '{$policy}'!");
	}
	}

	return false;
	}

	private function rejectImpossiblePolicy(
	PhabricatorPolicyInterface $object,
	$policy,
	$capability) {

	if (!$this->raisePolicyExceptions) {
	return;
	}

	// TODO: clean this up
	$verb = $capability;

	throw new PhabricatorPolicyException(
	"This object has an impossible {$verb} policy.");
	}

	private function rejectObject($object, $policy, $capability) {
	if (!$this->raisePolicyExceptions) {
	return;
	}

	// TODO: clean this up
	$verb = $capability;

	$message = "You do not have permission to {$verb} this object.";

	switch ($policy) {
	case PhabricatorPolicies::POLICY_PUBLIC:
	$who = "This is curious, since anyone can {$verb} the object.";
	break;
	case PhabricatorPolicies::POLICY_USER:
	$who = "To {$verb} this object, you must be logged in.";
	break;
	case PhabricatorPolicies::POLICY_ADMIN:
	$who = "To {$verb} this object, you must be an administrator.";
	break;
	case PhabricatorPolicies::POLICY_NOONE:
	$who = "No one can {$verb} this object.";
	break;
	default:
	$handle = PhabricatorObjectHandleData::loadOneHandle(
	$policy,
	$this->viewer);

	$type = phid_get_type($policy);
	if ($type == PhabricatorProjectPHIDTypeProject::TYPECONST) {
	$who = "To {$verb} this object, you must be a member of project ".
	"'".$handle->getFullName()."'.";
	} else if ($type == PhabricatorPeoplePHIDTypeUser::TYPECONST) {
	$who = "Only '".$handle->getFullName()."' can {$verb} this object.";
	} else {
	$who = "It is unclear who can {$verb} this object.";
	}
	break;
	}

	throw new PhabricatorPolicyException("{$message} {$who}");
	}
	}
	diff --git a/src/infrastructure/query/policy/PhabricatorPolicyAwareQuery.php b/src/infrastructure/query/policy/PhabricatorPolicyAwareQuery.php
	index 79a76d2311..b16a47db73 100644
	--- a/src/infrastructure/query/policy/PhabricatorPolicyAwareQuery.php
	+++ b/src/infrastructure/query/policy/PhabricatorPolicyAwareQuery.php
	@@ -1,331 +1,349 @@
	<?php

	/**
	* A @{class:PhabricatorQuery} which filters results according to visibility
	* policies for the querying user. Broadly, this class allows you to implement
	* a query that returns only objects the user is allowed to see.
	*
	* $results = id(new ExampleQuery())
	* ->setViewer($user)
	* ->withConstraint($example)
	* ->execute();
	*
	* Normally, you should extend @{class:PhabricatorCursorPagedPolicyAwareQuery},
	* not this class. @{class:PhabricatorCursorPagedPolicyAwareQuery} provides a
	* more practical interface for building usable queries against most object
	* types.
	*
	* NOTE: Although this class extends @{class:PhabricatorOffsetPagedQuery},
	* offset paging with policy filtering is not efficient. All results must be
	* loaded into the application and filtered here: skipping `N` rows via offset
	* is an `O(N)` operation with a large constant. Prefer cursor-based paging
	* with @{class:PhabricatorCursorPagedPolicyAwareQuery}, which can filter far
	* more efficiently in MySQL.
	*
	* @task config Query Configuration
	* @task exec Executing Queries
	* @task policyimpl Policy Query Implementation
	*/
	abstract class PhabricatorPolicyAwareQuery extends PhabricatorOffsetPagedQuery {

	private $viewer;
	private $raisePolicyExceptions;
	private $rawResultLimit;
	private $capabilities;


	/* -( Query Configuration )------------------------------------------------ */


	/**
	* Set the viewer who is executing the query. Results will be filtered
	* according to the viewer's capabilities. You must set a viewer to execute
	* a policy query.
	*
	* @param PhabricatorUser The viewing user.
	* @return this
	* @task config
	*/
	final public function setViewer(PhabricatorUser $viewer) {
	$this->viewer = $viewer;
	return $this;
	}


	/**
	* Get the query's viewer.
	*
	* @return PhabricatorUser The viewing user.
	* @task config
	*/
	final public function getViewer() {
	return $this->viewer;
	}


	/**
	* @task config
	*/
	final public function requireCapabilities(array $capabilities) {
	$this->capabilities = $capabilities;
	return $this;
	}


	/* -( Query Execution )---------------------------------------------------- */


	/**
	* Execute the query, expecting a single result. This method simplifies
	* loading objects for detail pages or edit views.
	*
	* // Load one result by ID.
	* $obj = id(new ExampleQuery())
	* ->setViewer($user)
	* ->withIDs(array($id))
	* ->executeOne();
	* if (!$obj) {
	* return new Aphront404Response();
	* }
	*
	* If zero results match the query, this method returns `null`.
	*
	* If one result matches the query, this method returns that result.
	*
	* If two or more results match the query, this method throws an exception.
	* You should use this method only when the query constraints guarantee at
	* most one match (e.g., selecting a specific ID or PHID).
	*
	* If one result matches the query but it is caught by the policy filter (for
	* example, the user is trying to view or edit an object which exists but
	* which they do not have permission to see) a policy exception is thrown.
	*
	* @return mixed Single result, or null.
	* @task exec
	*/
	final public function executeOne() {

	$this->raisePolicyExceptions = true;
	try {
	$results = $this->execute();
	} catch (Exception $ex) {
	$this->raisePolicyExceptions = false;
	throw $ex;
	}

	if (count($results) > 1) {
	throw new Exception("Expected a single result!");
	}

	if (!$results) {
	return null;
	}

	return head($results);
	}


	/**
	* Execute the query, loading all visible results.
	*
	* @return list<PhabricatorPolicyInterface> Result objects.
	* @task exec
	*/
	final public function execute() {
	if (!$this->viewer) {
	throw new Exception("Call setViewer() before execute()!");
	}

	$results = array();

	$filter = new PhabricatorPolicyFilter();
	$filter->setViewer($this->viewer);

	if (!$this->capabilities) {
	$capabilities = array(
	PhabricatorPolicyCapability::CAN_VIEW,
	);
	} else {
	$capabilities = $this->capabilities;
	}
	$filter->requireCapabilities($capabilities);
	$filter->raisePolicyExceptions($this->raisePolicyExceptions);

	$offset = (int)$this->getOffset();
	$limit = (int)$this->getLimit();
	$count = 0;

	if ($limit) {
	$need = $offset + $limit;
	} else {
	$need = 0;
	}

	$this->willExecute();

	do {
	if ($need) {
	$this->rawResultLimit = min($need - $count, 1024);
	} else {
	$this->rawResultLimit = 0;
	}

	try {
	$page = $this->loadPage();
	} catch (PhabricatorEmptyQueryException $ex) {
	$page = array();
	}

	if ($page) {
	$maybe_visible = $this->willFilterPage($page);
	} else {
	$maybe_visible = array();
	}

	- $visible = $filter->apply($maybe_visible);
	+ if ($this->shouldDisablePolicyFiltering()) {
	+ $visible = $maybe_visible;
	+ } else {
	+ $visible = $filter->apply($maybe_visible);
	+ }

	$removed = array();
	foreach ($maybe_visible as $key => $object) {
	if (empty($visible[$key])) {
	$removed[$key] = $object;
	}
	}

	$this->didFilterResults($removed);

	foreach ($visible as $key => $result) {
	++$count;

	// If we have an offset, we just ignore that many results and start
	// storing them only once we've hit the offset. This reduces memory
	// requirements for large offsets, compared to storing them all and
	// slicing them away later.
	if ($count > $offset) {
	$results[$key] = $result;
	}

	if ($need && ($count >= $need)) {
	// If we have all the rows we need, break out of the paging query.
	break 2;
	}
	}

	if (!$this->rawResultLimit) {
	// If we don't have a load count, we loaded all the results. We do
	// not need to load another page.
	break;
	}

	if (count($page) < $this->rawResultLimit) {
	// If we have a load count but the unfiltered results contained fewer
	// objects, we know this was the last page of objects; we do not need
	// to load another page because we can deduce it would be empty.
	break;
	}

	$this->nextPage($page);
	} while (true);

	$results = $this->didLoadResults($results);

	return $results;
	}


	/* -( Policy Query Implementation )---------------------------------------- */


	/**
	* Get the number of results @{method:loadPage} should load. If the value is
	* 0, @{method:loadPage} should load all available results.
	*
	* @return int The number of results to load, or 0 for all results.
	* @task policyimpl
	*/
	final protected function getRawResultLimit() {
	return $this->rawResultLimit;
	}


	/**
	* Hook invoked before query execution. Generally, implementations should
	* reset any internal cursors.
	*
	* @return void
	* @task policyimpl
	*/
	protected function willExecute() {
	return;
	}


	/**
	* Load a raw page of results. Generally, implementations should load objects
	* from the database. They should attempt to return the number of results
	* hinted by @{method:getRawResultLimit}.
	*
	* @return list<PhabricatorPolicyInterface> List of filterable policy objects.
	* @task policyimpl
	*/
	abstract protected function loadPage();


	/**
	* Update internal state so that the next call to @{method:loadPage} will
	* return new results. Generally, you should adjust a cursor position based
	* on the provided result page.
	*
	* @param list<PhabricatorPolicyInterface> The current page of results.
	* @return void
	* @task policyimpl
	*/
	abstract protected function nextPage(array $page);


	/**
	* Hook for applying a page filter prior to the privacy filter. This allows
	* you to drop some items from the result set without creating problems with
	* pagination or cursor updates.
	*
	* This method will only be called if data is available. Implementations
	* do not need to handle the case of no results specially.
	*
	* @param list<wild> Results from `loadPage()`.
	* @return list<PhabricatorPolicyInterface> Objects for policy filtering.
	* @task policyimpl
	*/
	protected function willFilterPage(array $page) {
	return $page;
	}


	/**
	* Hook for removing filtered results from alternate result sets. This
	* hook will be called with any objects which were returned by the query but
	* filtered for policy reasons. The query should remove them from any cached
	* or partial result sets.
	*
	* @param list<wild> List of objects that should not be returned by alternate
	* result mechanisms.
	* @return void
	* @task policyimpl
	*/
	protected function didFilterResults(array $results) {
	return;
	}


	/**
	* Hook for applying final adjustments before results are returned. This is
	* used by @{class:PhabricatorCursorPagedPolicyAwareQuery} to reverse results
	* that are queried during reverse paging.
	*
	* @param list<PhabricatorPolicyInterface> Query results.
	* @return list<PhabricatorPolicyInterface> Final results.
	* @task policyimpl
	*/
	protected function didLoadResults(array $results) {
	return $results;
	}

	+
	+ /**
	+ * Allows a subclass to disable policy filtering. This method is dangerous.
	+ * It should be used only if the query loads data which has already been
	+ * filtered (for example, because it wraps some other query which uses
	+ * normal policy filtering).
	+ *
	+ * @return bool True to disable all policy filtering.
	+ * @task policyimpl
	+ */
	+ protected function shouldDisablePolicyFiltering() {
	+ return false;
	+ }
	+
	}

File Metadata

Mime Type: text/x-diff
Expires: Tue, Dec 2, 12:58 PM (18 h, 39 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 431959
Default Alt Text: (33 KB)

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions