Index: src/__phutil_library_map__.php =================================================================== --- src/__phutil_library_map__.php +++ src/__phutil_library_map__.php @@ -803,6 +803,7 @@ 'PackageDeleteMail' => 'applications/owners/mail/PackageDeleteMail.php', 'PackageMail' => 'applications/owners/mail/PackageMail.php', 'PackageModifyMail' => 'applications/owners/mail/PackageModifyMail.php', + 'PasteCapabilityDefaultView' => 'applications/paste/capability/PasteCapabilityDefaultView.php', 'PasteCreateMailReceiver' => 'applications/paste/mail/PasteCreateMailReceiver.php', 'PasteEmbedView' => 'applications/paste/view/PasteEmbedView.php', 'PasteMockMailReceiver' => 'applications/paste/mail/PasteMockMailReceiver.php', @@ -1292,6 +1293,7 @@ 'PhabricatorLocalTimeTestCase' => 'view/__tests__/PhabricatorLocalTimeTestCase.php', 'PhabricatorLogoutController' => 'applications/auth/controller/PhabricatorLogoutController.php', 'PhabricatorMacroAudioController' => 'applications/macro/controller/PhabricatorMacroAudioController.php', + 'PhabricatorMacroCapabilityManage' => 'applications/macro/capability/PhabricatorMacroCapabilityManage.php', 'PhabricatorMacroCommentController' => 'applications/macro/controller/PhabricatorMacroCommentController.php', 'PhabricatorMacroConfigOptions' => 'applications/macro/config/PhabricatorMacroConfigOptions.php', 'PhabricatorMacroController' => 'applications/macro/controller/PhabricatorMacroController.php', @@ -2943,6 +2945,7 @@ 'PackageDeleteMail' => 'PackageMail', 'PackageMail' => 'PhabricatorMail', 'PackageModifyMail' => 'PackageMail', + 'PasteCapabilityDefaultView' => 'PhabricatorPolicyCapability', 'PasteCreateMailReceiver' => 'PhabricatorMailReceiver', 'PasteEmbedView' => 'AphrontView', 'PasteMockMailReceiver' => 'PhabricatorObjectMailReceiver', @@ -3482,6 +3485,7 @@ 'PhabricatorLocalTimeTestCase' => 'PhabricatorTestCase', 'PhabricatorLogoutController' => 'PhabricatorAuthController', 'PhabricatorMacroAudioController' => 'PhabricatorMacroController', + 'PhabricatorMacroCapabilityManage' => 'PhabricatorPolicyCapability', 'PhabricatorMacroCommentController' => 'PhabricatorMacroController', 'PhabricatorMacroConfigOptions' => 'PhabricatorApplicationConfigOptions', 'PhabricatorMacroController' => 'PhabricatorController', Index: src/applications/base/PhabricatorApplication.php =================================================================== --- src/applications/base/PhabricatorApplication.php +++ src/applications/base/PhabricatorApplication.php @@ -349,11 +349,7 @@ switch ($capability) { case PhabricatorPolicyCapability::CAN_VIEW: - if (PhabricatorEnv::getEnvConfig('policy.allow-public')) { - return PhabricatorPolicies::POLICY_PUBLIC; - } else { - return PhabricatorPolicies::POLICY_USER; - } + return PhabricatorPolicies::getMostOpenPolicy(); case PhabricatorPolicyCapability::CAN_EDIT: return PhabricatorPolicies::POLICY_ADMIN; default: Index: src/applications/macro/application/PhabricatorApplicationMacro.php =================================================================== --- src/applications/macro/application/PhabricatorApplicationMacro.php +++ src/applications/macro/application/PhabricatorApplicationMacro.php @@ -42,4 +42,12 @@ ); } + protected function getCustomCapabilities() { + return array( + PhabricatorMacroCapabilityManage::CAPABILITY => array( + 'caption' => pht('Allows creating and editing macros.') + ), + ); + } + } Index: src/applications/macro/capability/PhabricatorMacroCapabilityManage.php =================================================================== --- /dev/null +++ src/applications/macro/capability/PhabricatorMacroCapabilityManage.php @@ -0,0 +1,20 @@ +requireApplicationCapability( + PhabricatorMacroCapabilityManage::CAPABILITY); + $request = $this->getRequest(); $viewer = $request->getUser(); Index: src/applications/macro/controller/PhabricatorMacroController.php =================================================================== --- src/applications/macro/controller/PhabricatorMacroController.php +++ src/applications/macro/controller/PhabricatorMacroController.php @@ -28,11 +28,16 @@ protected function buildApplicationCrumbs() { $crumbs = parent::buildApplicationCrumbs(); + $can_manage = $this->hasApplicationCapability( + PhabricatorMacroCapabilityManage::CAPABILITY); + $crumbs->addAction( id(new PHUIListItemView()) ->setName(pht('Create Macro')) ->setHref($this->getApplicationURI('/create/')) - ->setIcon('create')); + ->setIcon('create') + ->setDisabled(!$can_manage) + ->setWorkflow(!$can_manage)); return $crumbs; } Index: src/applications/macro/controller/PhabricatorMacroDisableController.php =================================================================== --- src/applications/macro/controller/PhabricatorMacroDisableController.php +++ src/applications/macro/controller/PhabricatorMacroDisableController.php @@ -10,6 +10,10 @@ } public function processRequest() { + + $this->requireApplicationCapability( + PhabricatorMacroCapabilityManage::CAPABILITY); + $request = $this->getRequest(); $user = $request->getUser(); Index: src/applications/macro/controller/PhabricatorMacroEditController.php =================================================================== --- src/applications/macro/controller/PhabricatorMacroEditController.php +++ src/applications/macro/controller/PhabricatorMacroEditController.php @@ -11,17 +11,15 @@ public function processRequest() { + $this->requireApplicationCapability( + PhabricatorMacroCapabilityManage::CAPABILITY); + $request = $this->getRequest(); $user = $request->getUser(); if ($this->id) { $macro = id(new PhabricatorMacroQuery()) ->setViewer($user) - ->requireCapabilities( - array( - PhabricatorPolicyCapability::CAN_VIEW, - PhabricatorPolicyCapability::CAN_EDIT, - )) ->withIDs(array($this->id)) ->executeOne(); if (!$macro) { Index: src/applications/macro/controller/PhabricatorMacroViewController.php =================================================================== --- src/applications/macro/controller/PhabricatorMacroViewController.php +++ src/applications/macro/controller/PhabricatorMacroViewController.php @@ -70,6 +70,8 @@ ->setMarkupEngine($engine); $header = id(new PHUIHeaderView()) + ->setUser($user) + ->setPolicyObject($macro) ->setHeader($title_long); if ($macro->getIsDisabled()) { @@ -128,6 +130,10 @@ } private function buildActionView(PhabricatorFileImageMacro $macro) { + + $can_manage = $this->hasApplicationCapability( + PhabricatorMacroCapabilityManage::CAPABILITY); + $request = $this->getRequest(); $view = id(new PhabricatorActionListView()) ->setUser($request->getUser()) @@ -137,12 +143,16 @@ id(new PhabricatorActionView()) ->setName(pht('Edit Macro')) ->setHref($this->getApplicationURI('/edit/'.$macro->getID().'/')) + ->setDisabled(!$can_manage) + ->setWorkflow(!$can_manage) ->setIcon('edit')); $view->addAction( id(new PhabricatorActionView()) ->setName(pht('Edit Audio')) ->setHref($this->getApplicationURI('/audio/'.$macro->getID().'/')) + ->setDisabled(!$can_manage) + ->setWorkflow(!$can_manage) ->setIcon('herald')); if ($macro->getIsDisabled()) { @@ -151,6 +161,7 @@ ->setName(pht('Restore Macro')) ->setHref($this->getApplicationURI('/disable/'.$macro->getID().'/')) ->setWorkflow(true) + ->setDisabled(!$can_manage) ->setIcon('undo')); } else { $view->addAction( @@ -158,6 +169,7 @@ ->setName(pht('Disable Macro')) ->setHref($this->getApplicationURI('/disable/'.$macro->getID().'/')) ->setWorkflow(true) + ->setDisabled(!$can_manage) ->setIcon('delete')); } Index: src/applications/macro/storage/PhabricatorFileImageMacro.php =================================================================== --- src/applications/macro/storage/PhabricatorFileImageMacro.php +++ src/applications/macro/storage/PhabricatorFileImageMacro.php @@ -64,12 +64,11 @@ public function getCapabilities() { return array( PhabricatorPolicyCapability::CAN_VIEW, - PhabricatorPolicyCapability::CAN_EDIT, ); } public function getPolicy($capability) { - return PhabricatorPolicies::POLICY_USER; + return PhabricatorPolicies::getMostOpenPolicy(); } public function hasAutomaticCapability($capability, PhabricatorUser $viewer) { Index: src/applications/maniphest/controller/ManiphestTaskDetailController.php =================================================================== --- src/applications/maniphest/controller/ManiphestTaskDetailController.php +++ src/applications/maniphest/controller/ManiphestTaskDetailController.php @@ -462,7 +462,7 @@ ->setWorkflow(true) ->setIcon('merge') ->setDisabled(!$can_edit) - ->setWorkflow(!$can_edit)); + ->setWorkflow(true)); $view->addAction( id(new PhabricatorActionView()) Index: src/applications/paste/application/PhabricatorApplicationPaste.php =================================================================== --- src/applications/paste/application/PhabricatorApplicationPaste.php +++ src/applications/paste/application/PhabricatorApplicationPaste.php @@ -1,8 +1,5 @@ array( + 'caption' => pht( + 'Default view policy for newly created pastes.') + ), + ); + } + } Index: src/applications/paste/capability/PasteCapabilityDefaultView.php =================================================================== --- /dev/null +++ src/applications/paste/capability/PasteCapabilityDefaultView.php @@ -0,0 +1,20 @@ +setTitle($title); $paste->setLanguage($language); $paste->setFilePHID($paste_file->getPHID()); - $paste->setAuthorPHID($user->getPHID()); - $paste->setViewPolicy(PhabricatorPolicies::POLICY_USER); $paste->save(); $paste_file->attachToObject($user, $paste->getPHID()); Index: src/applications/paste/controller/PhabricatorPasteEditController.php =================================================================== --- src/applications/paste/controller/PhabricatorPasteEditController.php +++ src/applications/paste/controller/PhabricatorPasteEditController.php @@ -21,7 +21,7 @@ if (!$this->id) { $is_create = true; - $paste = new PhabricatorPaste(); + $paste = PhabricatorPaste::initializeNewPaste($user); $parent_id = $request->getStr('parent'); if ($parent_id) { Index: src/applications/paste/query/PhabricatorPasteQuery.php =================================================================== --- src/applications/paste/query/PhabricatorPasteQuery.php +++ src/applications/paste/query/PhabricatorPasteQuery.php @@ -175,7 +175,14 @@ unset($pastes[$key]); continue; } - $paste->attachRawContent($file->loadFileData()); + try { + $paste->attachRawContent($file->loadFileData()); + } catch (Exception $ex) { + // We can hit various sorts of file storage issues here. Just drop the + // paste if the file is dead. + unset($pastes[$key]); + continue; + } } return $pastes; Index: src/applications/paste/storage/PhabricatorPaste.php =================================================================== --- src/applications/paste/storage/PhabricatorPaste.php +++ src/applications/paste/storage/PhabricatorPaste.php @@ -1,8 +1,5 @@ setViewer($actor) + ->withClasses(array('PhabricatorApplicationPaste')) + ->executeOne(); + + $view_policy = $app->getPolicy(PasteCapabilityDefaultView::CAPABILITY); + + return id(new PhabricatorPaste()) + ->setTitle('') + ->setAuthorPHID($actor->getPHID()) + ->setViewPolicy($view_policy); + } + public function getURI() { return '/P'.$this->getID(); } @@ -42,29 +53,6 @@ return parent::save(); } - public function getCapabilities() { - return array( - PhabricatorPolicyCapability::CAN_VIEW, - PhabricatorPolicyCapability::CAN_EDIT, - ); - } - - public function getPolicy($capability) { - if ($capability == PhabricatorPolicyCapability::CAN_VIEW) { - return $this->viewPolicy; - } - return PhabricatorPolicies::POLICY_NOONE; - } - - public function hasAutomaticCapability($capability, PhabricatorUser $user) { - return ($user->getPHID() == $this->getAuthorPHID()); - } - - public function describeAutomaticCapability($capability) { - return pht( - 'The author of a paste can always view and edit it.'); - } - public function getFullName() { $title = $this->getTitle(); if (!$title) { @@ -91,7 +79,7 @@ return $this; } -/* -( PhabricatorSubscribableInterface Implementation )-------------------- */ +/* -( PhabricatorSubscribableInterface )----------------------------------- */ public function isAutomaticallySubscribed($phid) { @@ -107,4 +95,31 @@ ); } + +/* -( PhabricatorPolicyInterface )----------------------------------------- */ + + + public function getCapabilities() { + return array( + PhabricatorPolicyCapability::CAN_VIEW, + PhabricatorPolicyCapability::CAN_EDIT, + ); + } + + public function getPolicy($capability) { + if ($capability == PhabricatorPolicyCapability::CAN_VIEW) { + return $this->viewPolicy; + } + return PhabricatorPolicies::POLICY_NOONE; + } + + public function hasAutomaticCapability($capability, PhabricatorUser $user) { + return ($user->getPHID() == $this->getAuthorPHID()); + } + + public function describeAutomaticCapability($capability) { + return pht('The author of a paste can always view and edit it.'); + } + + } Index: src/applications/policy/constants/PhabricatorPolicies.php =================================================================== --- src/applications/policy/constants/PhabricatorPolicies.php +++ src/applications/policy/constants/PhabricatorPolicies.php @@ -7,4 +7,19 @@ const POLICY_ADMIN = 'admin'; const POLICY_NOONE = 'no-one'; + /** + * Returns the most public policy this install's configuration permits. + * This is either "public" (if available) or "all users" (if not). + * + * @return const Most open working policy constant. + */ + public static function getMostOpenPolicy() { + if (PhabricatorEnv::getEnvConfig('policy.allow-public')) { + return PhabricatorPolicies::POLICY_PUBLIC; + } else { + return PhabricatorPolicies::POLICY_USER; + } + } + + }