Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F14868849
D14691.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
7 KB
Referenced Files
None
Subscribers
None
D14691.diff
View Options
diff --git a/src/applications/transactions/editengine/PhabricatorEditEngine.php b/src/applications/transactions/editengine/PhabricatorEditEngine.php
--- a/src/applications/transactions/editengine/PhabricatorEditEngine.php
+++ b/src/applications/transactions/editengine/PhabricatorEditEngine.php
@@ -190,22 +190,51 @@
return $this->editEngineConfiguration;
}
+
+ /**
+ * Load the default configuration, ignoring customization in the database
+ * (which means we implicitly ignore policies).
+ *
+ * This is used from places like Conduit, where the fields available in the
+ * API should not be affected by configuration changes.
+ *
+ * @return PhabricatorEditEngineConfiguration Default configuration, ignoring
+ * customization.
+ */
+ private function loadDefaultEditEngineConfiguration() {
+ return $this->loadEditEngineConfigurationWithOptions(
+ self::EDITENGINECONFIG_DEFAULT,
+ true);
+ }
+
+
+ /**
+ * Load a named configuration, respecting database customization and policies.
+ *
+ * @param string Configuration key, or null to load the default.
+ * @return PhabricatorEditEngineConfiguration Default configuration,
+ * respecting customization.
+ */
private function loadEditEngineConfiguration($key) {
- $viewer = $this->getViewer();
- if ($key === null) {
+ if (!strlen($key)) {
$key = self::EDITENGINECONFIG_DEFAULT;
-
- // TODO: At least for now, we need to load the default configuration
- // in some cases (editing, comment actions) even if the viewer can not
- // otherwise see it. This should be cleaned up eventually, but we can
- // safely use the omnipotent user for now without policy violations.
- $viewer = PhabricatorUser::getOmnipotentUser();
}
+ return $this->loadEditEngineConfigurationWithOptions(
+ $key,
+ false);
+ }
+
+ private function loadEditEngineConfigurationWithOptions(
+ $key,
+ $ignore_database) {
+ $viewer = $this->getViewer();
+
$config = id(new PhabricatorEditEngineConfigurationQuery())
->setViewer($viewer)
->withEngineKeys(array($this->getEngineKey()))
->withIdentifiers(array($key))
+ ->withIgnoreDatabaseConfigurations($ignore_database)
->executeOne();
if (!$config) {
return null;
@@ -482,14 +511,16 @@
* Load an object by ID.
*
* @param int Object ID.
+ * @param list<const> List of required capability constants, or omit for
+ * defaults.
* @return object|null Object, or null if no such object exists.
* @task load
*/
- private function newObjectFromID($id) {
+ private function newObjectFromID($id, array $capabilities = array()) {
$query = $this->newObjectQuery()
->withIDs(array($id));
- return $this->newObjectFromQuery($query);
+ return $this->newObjectFromQuery($query, $capabilities);
}
@@ -512,19 +543,27 @@
* Load an object given a configured query.
*
* @param PhabricatorPolicyAwareQuery Configured query.
+ * @param list<const> List of required capabilitiy constants, or omit for
+ * defaults.
* @return object|null Object, or null if no such object exists.
* @task load
*/
- private function newObjectFromQuery(PhabricatorPolicyAwareQuery $query) {
+ private function newObjectFromQuery(
+ PhabricatorPolicyAwareQuery $query,
+ array $capabilities = array()) {
+
$viewer = $this->getViewer();
+ if (!$capabilities) {
+ $capabilities = array(
+ PhabricatorPolicyCapability::CAN_VIEW,
+ PhabricatorPolicyCapability::CAN_EDIT,
+ );
+ }
+
$object = $query
->setViewer($viewer)
- ->requireCapabilities(
- array(
- PhabricatorPolicyCapability::CAN_VIEW,
- PhabricatorPolicyCapability::CAN_EDIT,
- ))
+ ->requireCapabilities($capabilities)
->executeOne();
if (!$object) {
return null;
@@ -571,8 +610,28 @@
$controller = $this->getController();
$request = $controller->getRequest();
- $form_key = $request->getURIData('formKey');
- $config = $this->loadEditEngineConfiguration($form_key);
+ $action = $request->getURIData('editAction');
+
+ $capabilities = array();
+ $use_default = false;
+ switch ($action) {
+ case 'comment':
+ $capabilities = array(
+ PhabricatorPolicyCapability::CAN_VIEW,
+ );
+ $use_default = true;
+ break;
+ default:
+ break;
+ }
+
+ if ($use_default) {
+ $config = $this->loadDefaultEditEngineConfiguration();
+ } else {
+ $form_key = $request->getURIData('formKey');
+ $config = $this->loadEditEngineConfiguration($form_key);
+ }
+
if (!$config) {
return new Aphront404Response();
}
@@ -580,7 +639,7 @@
$id = $request->getURIData('id');
if ($id) {
$this->setIsCreate(false);
- $object = $this->newObjectFromID($id);
+ $object = $this->newObjectFromID($id, $capabilities);
if (!$object) {
return new Aphront404Response();
}
@@ -591,7 +650,6 @@
$this->validateObject($object);
- $action = $request->getURIData('editAction');
switch ($action) {
case 'parameters':
return $this->buildParametersResponse($object);
@@ -880,7 +938,7 @@
}
final public function buildEditEngineCommentView($object) {
- $config = $this->loadEditEngineConfiguration(null);
+ $config = $this->loadDefaultEditEngineConfiguration();
$viewer = $this->getViewer();
$object_phid = $object->getPHID();
@@ -1021,7 +1079,7 @@
return new Aphront400Response();
}
- $config = $this->loadEditEngineConfiguration(null);
+ $config = $this->loadDefaultEditEngineConfiguration();
$fields = $this->buildEditFields($object);
$is_preview = $request->isPreviewRequest();
@@ -1151,7 +1209,7 @@
final public function buildConduitResponse(ConduitAPIRequest $request) {
$viewer = $this->getViewer();
- $config = $this->loadEditEngineConfiguration(null);
+ $config = $this->loadDefaultEditEngineConfiguration();
if (!$config) {
throw new Exception(
pht(
@@ -1297,7 +1355,7 @@
}
public function getConduitEditTypes() {
- $config = $this->loadEditEngineConfiguration(null);
+ $config = $this->loadDefaultEditEngineConfiguration();
if (!$config) {
return array();
}
diff --git a/src/applications/transactions/query/PhabricatorEditEngineConfigurationQuery.php b/src/applications/transactions/query/PhabricatorEditEngineConfigurationQuery.php
--- a/src/applications/transactions/query/PhabricatorEditEngineConfigurationQuery.php
+++ b/src/applications/transactions/query/PhabricatorEditEngineConfigurationQuery.php
@@ -10,6 +10,7 @@
private $identifiers;
private $default;
private $disabled;
+ private $ignoreDatabaseConfigurations;
public function withIDs(array $ids) {
$this->ids = $ids;
@@ -46,6 +47,11 @@
return $this;
}
+ public function withIgnoreDatabaseConfigurations($ignore) {
+ $this->ignoreDatabaseConfigurations = $ignore;
+ return $this;
+ }
+
public function newResultObject() {
return new PhabricatorEditEngineConfiguration();
}
@@ -57,7 +63,11 @@
// number of edit forms for any particular engine for the lack of UI
// pagination to become a problem.
- $page = $this->loadStandardPage($this->newResultObject());
+ if ($this->ignoreDatabaseConfigurations) {
+ $page = array();
+ } else {
+ $page = $this->loadStandardPage($this->newResultObject());
+ }
// Now that we've loaded the real results from the database, we're going
// to load builtins from the edit engines and add them to the list.
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Sun, Feb 9, 2:32 AM (21 h, 25 m)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
7104234
Default Alt Text
D14691.diff (7 KB)
Attached To
Mode
D14691: Clean up some EditEngine policy issues
Attached
Detach File
Event Timeline
Log In to Comment