Page MenuHomePhabricator
Files F15389778

D15944.id38387.diff
No OneTemporary
Actions

D15944.id38387.diff
View Options

diff --git a/src/applications/passphrase/conduit/PassphraseQueryConduitAPIMethod.php b/src/applications/passphrase/conduit/PassphraseQueryConduitAPIMethod.php
--- a/src/applications/passphrase/conduit/PassphraseQueryConduitAPIMethod.php
+++ b/src/applications/passphrase/conduit/PassphraseQueryConduitAPIMethod.php
@@ -63,9 +63,12 @@
$material = array();
+ $is_locked = $credential->getIsLocked();
+ $allow_api = ($credential->getAllowConduit() && !$is_locked);
+
$secret = null;
if ($request->getValue('needSecrets')) {
- if ($credential->getAllowConduit()) {
+ if ($allow_api) {
$secret = $credential->getSecret();
if ($secret) {
$secret = $secret->openEnvelope();
@@ -102,7 +105,7 @@
break;
}
- if (!$credential->getAllowConduit()) {
+ if (!$allow_api) {
$material['noAPIAccess'] = pht(
'This private material for this credential is not accessible via '.
'API calls.');
diff --git a/src/applications/passphrase/controller/PassphraseCredentialConduitController.php b/src/applications/passphrase/controller/PassphraseCredentialConduitController.php
--- a/src/applications/passphrase/controller/PassphraseCredentialConduitController.php
+++ b/src/applications/passphrase/controller/PassphraseCredentialConduitController.php
@@ -33,8 +33,22 @@
throw new Exception(pht('Credential has invalid type "%s"!', $type));
}
+ $is_locked = $credential->getIsLocked();
+
+ if ($is_locked) {
+ return $this->newDialog()
+ ->setUser($viewer)
+ ->setTitle(pht('Credential Locked'))
+ ->appendChild(
+ pht(
+ 'This credential can not be made available via Conduit because '.
+ 'it is locked.'))
+ ->addCancelButton($view_uri);
+ }
+
if ($request->isFormPost()) {
$xactions = array();
+
$xactions[] = id(new PassphraseCredentialTransaction())
->setTransactionType(PassphraseCredentialTransaction::TYPE_CONDUIT)
->setNewValue(!$credential->getAllowConduit());
diff --git a/src/applications/passphrase/controller/PassphraseCredentialEditController.php b/src/applications/passphrase/controller/PassphraseCredentialEditController.php
--- a/src/applications/passphrase/controller/PassphraseCredentialEditController.php
+++ b/src/applications/passphrase/controller/PassphraseCredentialEditController.php
@@ -270,8 +270,7 @@
}
if ($type->shouldRequireUsername()) {
- $form
- ->appendChild(
+ $form->appendChild(
id(new AphrontFormTextControl())
->setName('username')
->setLabel(pht('Login/Username'))
@@ -279,13 +278,13 @@
->setDisabled($credential_is_locked)
->setError($e_username));
}
- $form
- ->appendChild(
- $secret_control
- ->setName('secret')
- ->setLabel($type->getSecretLabel())
- ->setDisabled($credential_is_locked)
- ->setValue($v_secret));
+
+ $form->appendChild(
+ $secret_control
+ ->setName('secret')
+ ->setLabel($type->getSecretLabel())
+ ->setDisabled($credential_is_locked)
+ ->setValue($v_secret));
if ($type->shouldShowPasswordField()) {
$form->appendChild(
diff --git a/src/applications/passphrase/controller/PassphraseCredentialLockController.php b/src/applications/passphrase/controller/PassphraseCredentialLockController.php
--- a/src/applications/passphrase/controller/PassphraseCredentialLockController.php
+++ b/src/applications/passphrase/controller/PassphraseCredentialLockController.php
@@ -32,15 +32,17 @@
return $this->newDialog()
->setTitle(pht('Credential Already Locked'))
->appendChild(
- pht(
- 'This credential has been locked and the secret is '.
- 'hidden forever. Anything relying on this credential will '.
- 'still function. This operation can not be undone.'))
+ pht('This credential is already locked.'))
->addCancelButton($view_uri, pht('Close'));
}
if ($request->isFormPost()) {
$xactions = array();
+
+ $xactions[] = id(new PassphraseCredentialTransaction())
+ ->setTransactionType(PassphraseCredentialTransaction::TYPE_CONDUIT)
+ ->setNewValue(0);
+
$xactions[] = id(new PassphraseCredentialTransaction())
->setTransactionType(PassphraseCredentialTransaction::TYPE_LOCK)
->setNewValue(1);
@@ -55,12 +57,13 @@
}
return $this->newDialog()
- ->setTitle(pht('Really lock credential?'))
+ ->setTitle(pht('Lock Credential'))
->appendChild(
pht(
- 'This credential will be locked and the secret will be '.
- 'hidden forever. Anything relying on this credential will '.
- 'still function. This operation can not be undone.'))
+ 'This credential will be locked and the secret will be hidden '.
+ 'forever. If Conduit access is enabled, it will be revoked. '.
+ 'Anything relying on this credential will still function. This '.
+ 'operation can not be undone.'))
->addSubmitButton(pht('Lock Credential'))
->addCancelButton($view_uri);
}
diff --git a/src/applications/passphrase/controller/PassphraseCredentialViewController.php b/src/applications/passphrase/controller/PassphraseCredentialViewController.php
--- a/src/applications/passphrase/controller/PassphraseCredentialViewController.php
+++ b/src/applications/passphrase/controller/PassphraseCredentialViewController.php
@@ -119,6 +119,8 @@
$credential,
PhabricatorPolicyCapability::CAN_EDIT);
+ $can_conduit = ($can_edit && !$is_locked);
+
$curtain = $this->newCurtainView($credential);
$curtain->addAction(
@@ -161,7 +163,7 @@
->setName($credential_conduit_text)
->setIcon($credential_conduit_icon)
->setHref($this->getApplicationURI("conduit/{$id}/"))
- ->setDisabled(!$can_edit)
+ ->setDisabled(!$can_conduit)
->setWorkflow(true));
$curtain->addAction(

File Metadata

Mime Type
text/plain
Expires
Sun, Mar 16, 5:38 AM (2 w, 1 d ago)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
7388029
Default Alt Text
D15944.id38387.diff (6 KB)

Event Timeline

Phabricator · Built by Phacility