Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F13981791
D13385.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
7 KB
Referenced Files
None
Subscribers
None
D13385.diff
View Options
diff --git a/resources/sql/autopatches/20150621.phrase.1.sql b/resources/sql/autopatches/20150621.phrase.1.sql
new file mode 100644
--- /dev/null
+++ b/resources/sql/autopatches/20150621.phrase.1.sql
@@ -0,0 +1,2 @@
+ALTER TABLE {$NAMESPACE}_passphrase.passphrase_credential
+ ADD authorPHID VARBINARY(64) NOT NULL;
diff --git a/src/__phutil_library_map__.php b/src/__phutil_library_map__.php
--- a/src/__phutil_library_map__.php
+++ b/src/__phutil_library_map__.php
@@ -1267,6 +1267,7 @@
'PassphraseConduitAPIMethod' => 'applications/passphrase/conduit/PassphraseConduitAPIMethod.php',
'PassphraseController' => 'applications/passphrase/controller/PassphraseController.php',
'PassphraseCredential' => 'applications/passphrase/storage/PassphraseCredential.php',
+ 'PassphraseCredentialAuthorPolicyRule' => 'applications/passphrase/policyrule/PassphraseCredentialAuthorPolicyRule.php',
'PassphraseCredentialConduitController' => 'applications/passphrase/controller/PassphraseCredentialConduitController.php',
'PassphraseCredentialControl' => 'applications/passphrase/view/PassphraseCredentialControl.php',
'PassphraseCredentialCreateController' => 'applications/passphrase/controller/PassphraseCredentialCreateController.php',
@@ -1286,6 +1287,8 @@
'PassphraseCredentialTypeTestCase' => 'applications/passphrase/credentialtype/__tests__/PassphraseCredentialTypeTestCase.php',
'PassphraseCredentialViewController' => 'applications/passphrase/controller/PassphraseCredentialViewController.php',
'PassphraseDAO' => 'applications/passphrase/storage/PassphraseDAO.php',
+ 'PassphraseDefaultEditCapability' => 'applications/passphrase/capability/PassphraseDefaultEditCapability.php',
+ 'PassphraseDefaultViewCapability' => 'applications/passphrase/capability/PassphraseDefaultViewCapability.php',
'PassphraseNoteCredentialType' => 'applications/passphrase/credentialtype/PassphraseNoteCredentialType.php',
'PassphrasePasswordCredentialType' => 'applications/passphrase/credentialtype/PassphrasePasswordCredentialType.php',
'PassphrasePasswordKey' => 'applications/passphrase/keys/PassphrasePasswordKey.php',
@@ -4779,6 +4782,7 @@
'PhabricatorPolicyInterface',
'PhabricatorDestructibleInterface',
),
+ 'PassphraseCredentialAuthorPolicyRule' => 'PhabricatorPolicyRule',
'PassphraseCredentialConduitController' => 'PassphraseController',
'PassphraseCredentialControl' => 'AphrontFormControl',
'PassphraseCredentialCreateController' => 'PassphraseController',
@@ -4798,6 +4802,8 @@
'PassphraseCredentialTypeTestCase' => 'PhabricatorTestCase',
'PassphraseCredentialViewController' => 'PassphraseController',
'PassphraseDAO' => 'PhabricatorLiskDAO',
+ 'PassphraseDefaultEditCapability' => 'PhabricatorPolicyCapability',
+ 'PassphraseDefaultViewCapability' => 'PhabricatorPolicyCapability',
'PassphraseNoteCredentialType' => 'PassphraseCredentialType',
'PassphrasePasswordCredentialType' => 'PassphraseCredentialType',
'PassphrasePasswordKey' => 'PassphraseAbstractKey',
diff --git a/src/applications/passphrase/application/PhabricatorPassphraseApplication.php b/src/applications/passphrase/application/PhabricatorPassphraseApplication.php
--- a/src/applications/passphrase/application/PhabricatorPassphraseApplication.php
+++ b/src/applications/passphrase/application/PhabricatorPassphraseApplication.php
@@ -63,4 +63,22 @@
);
}
+ protected function getCustomCapabilities() {
+ $policy_key = id(new PassphraseCredentialAuthorPolicyRule())
+ ->getObjectPolicyFullKey();
+
+ return array(
+ PassphraseDefaultViewCapability::CAPABILITY => array(
+ 'caption' => pht('Default view policy for newly created credentials.'),
+ 'template' => PassphraseCredentialPHIDType::TYPECONST,
+ 'default' => $policy_key,
+ ),
+ PassphraseDefaultEditCapability::CAPABILITY => array(
+ 'caption' => pht('Default edit policy for newly created credentials.'),
+ 'template' => PassphraseCredentialPHIDType::TYPECONST,
+ 'default' => $policy_key,
+ ),
+ );
+ }
+
}
diff --git a/src/applications/passphrase/capability/PassphraseDefaultEditCapability.php b/src/applications/passphrase/capability/PassphraseDefaultEditCapability.php
new file mode 100644
--- /dev/null
+++ b/src/applications/passphrase/capability/PassphraseDefaultEditCapability.php
@@ -0,0 +1,12 @@
+<?php
+
+final class PassphraseDefaultEditCapability
+ extends PhabricatorPolicyCapability {
+
+ const CAPABILITY = 'passphrase.default.edit';
+
+ public function getCapabilityName() {
+ return pht('Default Edit Policy');
+ }
+
+}
diff --git a/src/applications/passphrase/capability/PassphraseDefaultViewCapability.php b/src/applications/passphrase/capability/PassphraseDefaultViewCapability.php
new file mode 100644
--- /dev/null
+++ b/src/applications/passphrase/capability/PassphraseDefaultViewCapability.php
@@ -0,0 +1,16 @@
+<?php
+
+final class PassphraseDefaultViewCapability
+ extends PhabricatorPolicyCapability {
+
+ const CAPABILITY = 'passphrase.default.view';
+
+ public function getCapabilityName() {
+ return pht('Default View Policy');
+ }
+
+ public function shouldAllowPublicPolicySetting() {
+ return true;
+ }
+
+}
diff --git a/src/applications/passphrase/policyrule/PassphraseCredentialAuthorPolicyRule.php b/src/applications/passphrase/policyrule/PassphraseCredentialAuthorPolicyRule.php
new file mode 100644
--- /dev/null
+++ b/src/applications/passphrase/policyrule/PassphraseCredentialAuthorPolicyRule.php
@@ -0,0 +1,48 @@
+<?php
+
+final class PassphraseCredentialAuthorPolicyRule
+ extends PhabricatorPolicyRule {
+
+ public function getObjectPolicyKey() {
+ return 'passphrase.author';
+ }
+
+ public function getObjectPolicyName() {
+ return pht('Credential Author');
+ }
+
+ public function getPolicyExplanation() {
+ return pht('The author of this credential can take this action.');
+ }
+
+ public function getRuleDescription() {
+ return pht('credential author');
+ }
+
+ public function canApplyToObject(PhabricatorPolicyInterface $object) {
+ return ($object instanceof PassphraseCredential);
+ }
+
+ public function applyRule(
+ PhabricatorUser $viewer,
+ $value,
+ PhabricatorPolicyInterface $object) {
+
+ $author_phid = $object->getAuthorPHID();
+ if (!$author_phid) {
+ return false;
+ }
+
+ $viewer_phid = $viewer->getPHID();
+ if (!$viewer_phid) {
+ return false;
+ }
+
+ return ($viewer_phid == $author_phid);
+ }
+
+ public function getValueControlType() {
+ return self::CONTROL_TYPE_NONE;
+ }
+
+}
diff --git a/src/applications/passphrase/storage/PassphraseCredential.php b/src/applications/passphrase/storage/PassphraseCredential.php
--- a/src/applications/passphrase/storage/PassphraseCredential.php
+++ b/src/applications/passphrase/storage/PassphraseCredential.php
@@ -17,17 +17,27 @@
protected $isDestroyed;
protected $isLocked = 0;
protected $allowConduit = 0;
+ protected $authorPHID;
private $secret = self::ATTACHABLE;
public static function initializeNewCredential(PhabricatorUser $actor) {
+ $app = id(new PhabricatorApplicationQuery())
+ ->setViewer($actor)
+ ->withClasses(array('PhabricatorPassphraseApplication'))
+ ->executeOne();
+
+ $view_policy = $app->getPolicy(PassphraseDefaultViewCapability::CAPABILITY);
+ $edit_policy = $app->getPolicy(PassphraseDefaultEditCapability::CAPABILITY);
+
return id(new PassphraseCredential())
->setName('')
->setUsername('')
->setDescription('')
->setIsDestroyed(0)
- ->setViewPolicy($actor->getPHID())
- ->setEditPolicy($actor->getPHID());
+ ->setAuthorPHID($actor->getPHID())
+ ->setViewPolicy($view_policy)
+ ->setEditPolicy($edit_policy);
}
public function getMonogram() {
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Sun, Oct 20, 7:04 PM (4 w, 22 h ago)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
6721367
Default Alt Text
D13385.diff (7 KB)
Attached To
Mode
D13385: Save authorPHID on Passphrase Credentials to support "Credential Author" object policy
Attached
Detach File
Event Timeline
Log In to Comment