D20718.diff
No OneTemporary
Actions

Size

7 KB

Referenced Files

None

Subscribers

None

D20718.diff
View Options

	diff --git a/src/__phutil_library_map__.php b/src/__phutil_library_map__.php
	--- a/src/__phutil_library_map__.php
	+++ b/src/__phutil_library_map__.php
	@@ -5329,6 +5329,7 @@
	'PhortunePaymentMethodDisableController' => 'applications/phortune/controller/payment/PhortunePaymentMethodDisableController.php',
	'PhortunePaymentMethodEditController' => 'applications/phortune/controller/payment/PhortunePaymentMethodEditController.php',
	'PhortunePaymentMethodPHIDType' => 'applications/phortune/phid/PhortunePaymentMethodPHIDType.php',
	+ 'PhortunePaymentMethodPolicyCodex' => 'applications/phortune/codex/PhortunePaymentMethodPolicyCodex.php',
	'PhortunePaymentMethodQuery' => 'applications/phortune/query/PhortunePaymentMethodQuery.php',
	'PhortunePaymentProvider' => 'applications/phortune/provider/PhortunePaymentProvider.php',
	'PhortunePaymentProviderConfig' => 'applications/phortune/storage/PhortunePaymentProviderConfig.php',
	@@ -11893,11 +11894,14 @@
	'PhortunePaymentMethod' => array(
	'PhortuneDAO',
	'PhabricatorPolicyInterface',
	+ 'PhabricatorExtendedPolicyInterface',
	+ 'PhabricatorPolicyCodexInterface',
	),
	'PhortunePaymentMethodCreateController' => 'PhortuneController',
	'PhortunePaymentMethodDisableController' => 'PhortuneController',
	'PhortunePaymentMethodEditController' => 'PhortuneController',
	'PhortunePaymentMethodPHIDType' => 'PhabricatorPHIDType',
	+ 'PhortunePaymentMethodPolicyCodex' => 'PhabricatorPolicyCodex',
	'PhortunePaymentMethodQuery' => 'PhabricatorCursorPagedPolicyAwareQuery',
	'PhortunePaymentProvider' => 'Phobject',
	'PhortunePaymentProviderConfig' => array(
	diff --git a/src/applications/phortune/codex/PhortunePaymentMethodPolicyCodex.php b/src/applications/phortune/codex/PhortunePaymentMethodPolicyCodex.php
	new file mode 100644
	--- /dev/null
	+++ b/src/applications/phortune/codex/PhortunePaymentMethodPolicyCodex.php
	@@ -0,0 +1,35 @@
	+<?php
	+
	+final class PhortunePaymentMethodPolicyCodex
	+ extends PhabricatorPolicyCodex {
	+
	+ public function getPolicySpecialRuleDescriptions() {
	+ $object = $this->getObject();
	+
	+ $rules = array();
	+
	+ $rules[] = $this->newRule()
	+ ->setCapabilities(
	+ array(
	+ PhabricatorPolicyCapability::CAN_VIEW,
	+ ))
	+ ->setIsActive(true)
	+ ->setDescription(
	+ pht(
	+ 'Account members may view and edit payment methods.'));
	+
	+ $rules[] = $this->newRule()
	+ ->setCapabilities(
	+ array(
	+ PhabricatorPolicyCapability::CAN_VIEW,
	+ ))
	+ ->setIsActive(true)
	+ ->setDescription(
	+ pht(
	+ 'Merchants you have a relationship with may view associated '.
	+ 'payment methods.'));
	+
	+ return $rules;
	+ }
	+
	+}
	diff --git a/src/applications/phortune/controller/account/PhortuneAccountPaymentMethodsController.php b/src/applications/phortune/controller/account/PhortuneAccountPaymentMethodsController.php
	--- a/src/applications/phortune/controller/account/PhortuneAccountPaymentMethodsController.php
	+++ b/src/applications/phortune/controller/account/PhortuneAccountPaymentMethodsController.php
	@@ -34,7 +34,6 @@
	->setCrumbs($crumbs)
	->setNavigation($navigation)
	->appendChild($view);
	-
	}

	private function buildPaymentMethodsSection(PhortuneAccount $account) {
	diff --git a/src/applications/phortune/query/PhortunePaymentMethodQuery.php b/src/applications/phortune/query/PhortunePaymentMethodQuery.php
	--- a/src/applications/phortune/query/PhortunePaymentMethodQuery.php
	+++ b/src/applications/phortune/query/PhortunePaymentMethodQuery.php
	@@ -53,6 +53,7 @@
	$account = idx($accounts, $method->getAccountPHID());
	if (!$account) {
	unset($methods[$key]);
	+ $this->didRejectResult($method);
	continue;
	}
	$method->attachAccount($account);
	@@ -72,6 +73,7 @@
	$merchant = idx($merchants, $method->getMerchantPHID());
	if (!$merchant) {
	unset($methods[$key]);
	+ $this->didRejectResult($method);
	continue;
	}
	$method->attachMerchant($merchant);
	@@ -91,6 +93,7 @@
	$provider_config = idx($provider_configs, $method->getProviderPHID());
	if (!$provider_config) {
	unset($methods[$key]);
	+ $this->didRejectResult($method);
	continue;
	}
	$method->attachProviderConfig($provider_config);
	diff --git a/src/applications/phortune/storage/PhortunePaymentMethod.php b/src/applications/phortune/storage/PhortunePaymentMethod.php
	--- a/src/applications/phortune/storage/PhortunePaymentMethod.php
	+++ b/src/applications/phortune/storage/PhortunePaymentMethod.php
	@@ -4,8 +4,12 @@
	* A payment method is a credit card; it is associated with an account and
	* charges can be made against it.
	*/
	-final class PhortunePaymentMethod extends PhortuneDAO
	- implements PhabricatorPolicyInterface {
	+final class PhortunePaymentMethod
	+ extends PhortuneDAO
	+ implements
	+ PhabricatorPolicyInterface,
	+ PhabricatorExtendedPolicyInterface,
	+ PhabricatorPolicyCodexInterface {

	const STATUS_ACTIVE = 'payment:active';
	const STATUS_DISABLED = 'payment:disabled';
	@@ -148,18 +152,50 @@
	}

	public function getPolicy($capability) {
	- return $this->getAccount()->getPolicy($capability);
	+ return PhabricatorPolicies::getMostOpenPolicy();
	}

	public function hasAutomaticCapability($capability, PhabricatorUser $viewer) {
	- return $this->getAccount()->hasAutomaticCapability(
	- $capability,
	- $viewer);
	+
	+ // See T13366. If you can edit the merchant associated with this payment
	+ // method, you can view the payment method.
	+ if ($capability === PhabricatorPolicyCapability::CAN_VIEW) {
	+ $any_edit = PhortuneMerchantQuery::canViewersEditMerchants(
	+ array($viewer->getPHID()),
	+ array($this->getMerchantPHID()));
	+ if ($any_edit) {
	+ return true;
	+ }
	+ }
	+
	+ return false;
	+ }
	+
	+
	+/* -( PhabricatorExtendedPolicyInterface )--------------------------------- */
	+
	+
	+ public function getExtendedPolicy($capability, PhabricatorUser $viewer) {
	+ if ($this->hasAutomaticCapability($capability, $viewer)) {
	+ return array();
	+ }
	+
	+ // See T13366. For blanket view and edit permissions on all payment
	+ // methods, you must be able to edit the associated account.
	+ return array(
	+ array(
	+ $this->getAccount(),
	+ PhabricatorPolicyCapability::CAN_EDIT,
	+ ),
	+ );
	}

	- public function describeAutomaticCapability($capability) {
	- return pht(
	- 'Members of an account can always view and edit its payment methods.');
	+
	+/* -( PhabricatorPolicyCodexInterface )------------------------------------ */
	+
	+
	+ public function newPolicyCodex() {
	+ return new PhortunePaymentMethodPolicyCodex();
	}

	}
	diff --git a/src/applications/policy/codex/PhabricatorPolicyCodex.php b/src/applications/policy/codex/PhabricatorPolicyCodex.php
	--- a/src/applications/policy/codex/PhabricatorPolicyCodex.php
	+++ b/src/applications/policy/codex/PhabricatorPolicyCodex.php
	@@ -44,16 +44,6 @@
	return null;
	}

	- final public function getPolicySpecialRuleForCapability($capability) {
	- foreach ($this->getPolicySpecialRuleDescriptions() as $rule) {
	- if (in_array($capability, $rule->getCapabilities())) {
	- return $rule;
	- }
	- }
	-
	- return null;
	- }
	-
	final protected function newRule() {
	return new PhabricatorPolicyCodexRuleDescription();
	}

File Metadata

Mime Type: text/plain
Expires: Tue, Mar 11, 7:41 PM (3 w, 2 d ago)
Storage Engine: blob
Storage Format: Encrypted (AES-256-CBC)
Storage Handle: 7406338
Default Alt Text: D20718.diff (7 KB)

D20718.diffNo OneTemporaryActions

D20718.diffView Options

File Metadata

Event Timeline

D20718.diff
No OneTemporary
Actions

D20718.diff
View Options