Page MenuHomePhabricator
Differential D10164

file.upload set policy explicitly
ClosedPublic
Actions

Authored by chasemp on Aug 6 2014, 8:39 PM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Apr 25, 12:07 AM
Unknown Object (File)
Sat, Apr 20, 2:48 AM
Unknown Object (File)
Fri, Apr 19, 2:06 AM
Unknown Object (File)
Fri, Apr 19, 2:06 AM
Unknown Object (File)
Fri, Apr 19, 2:06 AM
Unknown Object (File)
Fri, Apr 19, 2:06 AM
Unknown Object (File)
Fri, Apr 19, 2:06 AM
Unknown Object (File)
Fri, Apr 19, 2:06 AM
View All Files
Subscribers
20after4
epriestley
Korvin

Details

Reviewers
epriestley
20after4
Group Reviewers
Blessed Reviewers
Maniphest Tasks
T5685: Allow file data to be inaccessible, not undiscoverable
Commits
Restricted Diffusion Commit
rP6a69b4699ecb: file.upload set policy explicitly
Summary

This is pretty basic allowing a user to set the
policy as a valid string ('no-one' or 'users') or
as a valid PHID. Without an explicit policy
a permissive one is set.

Test Plan

Tested using the python-phabricator module (very basic api wrapper).

The arc cli syntax was evading me.

import base64
from phabricator import Phabricator
phab = Phabricator()
with open('mypic.jpg') as f:
    encoded = base64.b64encode(f.read())

//set no-one as viewer which really means author only?
phab.file.upload(name='mypicnoone.jpg',
                 data_base64=encoded,
                 viewPolicy='no-one')

//set a specific phid as policy in this case a project
phab.file.upload(name='mypicphid.jpg',
                 data_base64=encoded,
                 viewPolicy='PHID-PROJ-fgvvnafmhvkgn2d5a4rf')

//no set policy ends up as 'users' i.e. ('all users')
phab.file.upload(name='mypicdefault.jpg', data_base64=encoded)

Not able to really test canCDN attribute but it should be
fine and I tried to make it all consistent with D10166

Diff Detail

Repository
rP Phabricator
Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

chasemp updated this revision to Diff 24451.Aug 6 2014, 8:39 PM
chasemp retitled this revision from to file.upload set policy explicitly.
chasemp updated this object.
chasemp edited the test plan for this revision. (Show Details)
chasemp added a reviewer: epriestley.
Herald added a reviewer: Blessed Reviewers. · View Herald TranscriptAug 6 2014, 8:39 PM
Herald added subscribers: Korvin, epriestley. · View Herald Transcript
Harbormaster completed remote builds in B2064: Diff 24451.Aug 6 2014, 8:40 PM
epriestley requested changes to this revision.Aug 6 2014, 9:03 PM
epriestley edited edge metadata.

Minor parameter naming nit.

src/applications/files/conduit/FileUploadConduitAPIMethod.php
17

This should be viewPolicy, to avoid ambiguity with editPolicy. While Files may not ever have a mutable editPolicy, other object types will, and it's more consistent if they all end up with their view policy called viewPolicy than if it's sometimes viewPolicy and sometimes policy.

This revision now requires changes to proceed.Aug 6 2014, 9:03 PM
epriestley added a task: T5685: Allow file data to be inaccessible, not undiscoverable.Aug 6 2014, 9:27 PM
20after4 commandeered this revision.Aug 7 2014, 3:08 AM
20after4 added a reviewer: chasemp.
20after4 added a subscriber: 20after4.

adding can_cdn parameter and fixing up the policy->view_policy nit....I hope this isn't stepping on @rush898's toes too much :)

20after4 updated this revision to Diff 24470.Aug 7 2014, 3:09 AM
20after4 edited edge metadata.
  • policy becomes view_policy
  • Added can_cdn flag since I was about to do that in a separate diff, this seemed appropriate..
Harbormaster completed remote builds in B2064: Diff 24451.Aug 7 2014, 3:09 AM
Harbormaster completed remote builds in B2074: Diff 24470.
20after4 added inline comments.Aug 7 2014, 3:37 AM
src/applications/files/conduit/FileUploadConduitAPIMethod.php
47

@epriestley: what do you think about setting can_cdn=true when the default view policy is public?

if ($view_policy == PhabricatorPolicies::POLICY_PUBLIC) {
  $cdn = true;
}
chasemp commandeered this revision.Aug 7 2014, 4:01 PM
chasemp edited reviewers, added: 20after4; removed: chasemp.
chasemp updated this revision to Diff 24481.Aug 7 2014, 4:01 PM
chasemp edited edge metadata.

updating for consistency

Harbormaster completed remote builds in B2074: Diff 24470.Aug 7 2014, 4:02 PM
Harbormaster completed remote builds in B2084: Diff 24481.
chasemp edited the test plan for this revision. (Show Details)Aug 7 2014, 4:04 PM
epriestley requested changes to this revision.Aug 7 2014, 4:38 PM
epriestley edited edge metadata.

I like the explicitness of not coupling canCDN/viewPolicy -- I think API callers likely benefit most from an explicit API. I think we should default it off (i.e., make the default more secure), though, like file uploads elsewhere. This looks good otherwise, just kill those three lines?

src/applications/files/conduit/FileUploadConduitAPIMethod.php
44–46

I think it's OK to leave this off by default -- it's off by default for web UI uploads.

This revision now requires changes to proceed.Aug 7 2014, 4:38 PM
chasemp added inline comments.Aug 7 2014, 6:57 PM
src/applications/files/conduit/FileUploadConduitAPIMethod.php
44–46

don't make it explicit false by default then?

chasemp updated this revision to Diff 24485.Aug 7 2014, 6:57 PM
chasemp edited edge metadata.

no true by default for can_cnd

Harbormaster completed remote builds in B2087: Diff 24485.Aug 7 2014, 6:58 PM
epriestley accepted this revision.Aug 7 2014, 7:14 PM
epriestley edited edge metadata.

(canCDN has no effect until D10166, but that's fine.)

This revision is now accepted and ready to land.Aug 7 2014, 7:14 PM
epriestley closed this revision.Aug 7 2014, 7:14 PM
epriestley updated this revision to Diff 24486.

Closed by commit rP6a69b4699ecb (authored by cpettet <rush@wikimedia.org>, committed by @epriestley).

Revision Contents
Changeset List

PathSize
src/
applications/
files/
conduit/
15 lines

Diff 24486

View Options

src/applications/files/conduit/FileUploadConduitAPIMethod.php

Loading...
Phabricator · Built by Phacility