Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F15435616
D14480.id35034.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
21 KB
Referenced Files
None
Subscribers
None
D14480.id35034.diff
View Options
diff --git a/resources/sql/autopatches/20151114.passphrase.revealpolicy.1.sql b/resources/sql/autopatches/20151114.passphrase.revealpolicy.1.sql
new file mode 100644
--- /dev/null
+++ b/resources/sql/autopatches/20151114.passphrase.revealpolicy.1.sql
@@ -0,0 +1,2 @@
+ALTER TABLE {$NAMESPACE}_passphrase.passphrase_credential
+ ADD revealPolicy VARBINARY(64) NOT NULL AFTER editPolicy;
diff --git a/resources/sql/autopatches/20151114.passphrase.revealpolicy.2.sql b/resources/sql/autopatches/20151114.passphrase.revealpolicy.2.sql
new file mode 100644
--- /dev/null
+++ b/resources/sql/autopatches/20151114.passphrase.revealpolicy.2.sql
@@ -0,0 +1,3 @@
+UPDATE {$NAMESPACE}_passphrase.passphrase_credential
+ SET revealPolicy = editPolicy
+ WHERE revealPolicy = '';
diff --git a/resources/sql/autopatches/20151114.passphrase.revealpolicy.3.sql b/resources/sql/autopatches/20151114.passphrase.revealpolicy.3.sql
new file mode 100644
--- /dev/null
+++ b/resources/sql/autopatches/20151114.passphrase.revealpolicy.3.sql
@@ -0,0 +1,3 @@
+UPDATE {$NAMESPACE}_passphrase.passphrase_credentialtransaction
+ SET transactionType = 'passphrase:revealed'
+ WHERE transactionType = 'passphrase:lookedAtSecret'
diff --git a/src/__phutil_library_map__.php b/src/__phutil_library_map__.php
--- a/src/__phutil_library_map__.php
+++ b/src/__phutil_library_map__.php
@@ -1519,12 +1519,14 @@
'PassphraseCredentialViewController' => 'applications/passphrase/controller/PassphraseCredentialViewController.php',
'PassphraseDAO' => 'applications/passphrase/storage/PassphraseDAO.php',
'PassphraseDefaultEditCapability' => 'applications/passphrase/capability/PassphraseDefaultEditCapability.php',
+ 'PassphraseDefaultRevealCapability' => 'applications/passphrase/capability/PassphraseDefaultRevealCapability.php',
'PassphraseDefaultViewCapability' => 'applications/passphrase/capability/PassphraseDefaultViewCapability.php',
'PassphraseNoteCredentialType' => 'applications/passphrase/credentialtype/PassphraseNoteCredentialType.php',
'PassphrasePasswordCredentialType' => 'applications/passphrase/credentialtype/PassphrasePasswordCredentialType.php',
'PassphrasePasswordKey' => 'applications/passphrase/keys/PassphrasePasswordKey.php',
'PassphraseQueryConduitAPIMethod' => 'applications/passphrase/conduit/PassphraseQueryConduitAPIMethod.php',
'PassphraseRemarkupRule' => 'applications/passphrase/remarkup/PassphraseRemarkupRule.php',
+ 'PassphraseRevealCapability' => 'applications/passphrase/capability/PassphraseRevealCapability.php',
'PassphraseSSHGeneratedKeyCredentialType' => 'applications/passphrase/credentialtype/PassphraseSSHGeneratedKeyCredentialType.php',
'PassphraseSSHKey' => 'applications/passphrase/keys/PassphraseSSHKey.php',
'PassphraseSSHPrivateKeyCredentialType' => 'applications/passphrase/credentialtype/PassphraseSSHPrivateKeyCredentialType.php',
@@ -5498,12 +5500,14 @@
'PassphraseCredentialViewController' => 'PassphraseController',
'PassphraseDAO' => 'PhabricatorLiskDAO',
'PassphraseDefaultEditCapability' => 'PhabricatorPolicyCapability',
+ 'PassphraseDefaultRevealCapability' => 'PhabricatorPolicyCapability',
'PassphraseDefaultViewCapability' => 'PhabricatorPolicyCapability',
'PassphraseNoteCredentialType' => 'PassphraseCredentialType',
'PassphrasePasswordCredentialType' => 'PassphraseCredentialType',
'PassphrasePasswordKey' => 'PassphraseAbstractKey',
'PassphraseQueryConduitAPIMethod' => 'PassphraseConduitAPIMethod',
'PassphraseRemarkupRule' => 'PhabricatorObjectRemarkupRule',
+ 'PassphraseRevealCapability' => 'PhabricatorPolicyCapability',
'PassphraseSSHGeneratedKeyCredentialType' => 'PassphraseSSHPrivateKeyCredentialType',
'PassphraseSSHKey' => 'PassphraseAbstractKey',
'PassphraseSSHPrivateKeyCredentialType' => 'PassphraseCredentialType',
diff --git a/src/applications/passphrase/application/PhabricatorPassphraseApplication.php b/src/applications/passphrase/application/PhabricatorPassphraseApplication.php
--- a/src/applications/passphrase/application/PhabricatorPassphraseApplication.php
+++ b/src/applications/passphrase/application/PhabricatorPassphraseApplication.php
@@ -80,6 +80,13 @@
'capability' => PhabricatorPolicyCapability::CAN_EDIT,
'default' => $policy_key,
),
+ PassphraseDefaultRevealCapability::CAPABILITY => array(
+ 'caption' => pht(
+ 'Default reveal policy for newly created credentials.'),
+ 'template' => PassphraseCredentialPHIDType::TYPECONST,
+ 'capability' => PassphraseDefaultRevealCapability::CAPABILITY,
+ 'default' => $policy_key,
+ ),
);
}
diff --git a/src/applications/passphrase/capability/PassphraseDefaultRevealCapability.php b/src/applications/passphrase/capability/PassphraseDefaultRevealCapability.php
new file mode 100644
--- /dev/null
+++ b/src/applications/passphrase/capability/PassphraseDefaultRevealCapability.php
@@ -0,0 +1,12 @@
+<?php
+
+final class PassphraseDefaultRevealCapability
+ extends PhabricatorPolicyCapability {
+
+ const CAPABILITY = 'passphrase.default.reveal';
+
+ public function getCapabilityName() {
+ return pht('Default Reveal Policy');
+ }
+
+}
diff --git a/src/applications/passphrase/capability/PassphraseRevealCapability.php b/src/applications/passphrase/capability/PassphraseRevealCapability.php
new file mode 100644
--- /dev/null
+++ b/src/applications/passphrase/capability/PassphraseRevealCapability.php
@@ -0,0 +1,15 @@
+<?php
+
+final class PassphraseRevealCapability extends PhabricatorPolicyCapability {
+
+ const CAPABILITY = 'passphrase.reveal';
+
+ public function getCapabilityName() {
+ return pht('Revealable By');
+ }
+
+ public function describeCapabilityRejection() {
+ return pht('You do not have permission to reveal this secret.');
+ }
+
+}
diff --git a/src/applications/passphrase/controller/PassphraseCredentialEditController.php b/src/applications/passphrase/controller/PassphraseCredentialEditController.php
--- a/src/applications/passphrase/controller/PassphraseCredentialEditController.php
+++ b/src/applications/passphrase/controller/PassphraseCredentialEditController.php
@@ -85,6 +85,7 @@
$v_username = $request->getStr('username');
$v_view_policy = $request->getStr('viewPolicy');
$v_edit_policy = $request->getStr('editPolicy');
+ $v_reveal_policy = $request->getStr('revealPolicy');
$v_is_locked = $request->getStr('lock');
$v_secret = $request->getStr('secret');
@@ -123,6 +124,8 @@
$type_is_locked = PassphraseCredentialTransaction::TYPE_LOCK;
$type_view_policy = PhabricatorTransactions::TYPE_VIEW_POLICY;
$type_edit_policy = PhabricatorTransactions::TYPE_EDIT_POLICY;
+ $type_reveal_policy =
+ PassphraseCredentialTransaction::TYPE_REVEAL_POLICY;
$type_space = PhabricatorTransactions::TYPE_SPACE;
$xactions = array();
@@ -144,6 +147,10 @@
->setNewValue($v_edit_policy);
$xactions[] = id(new PassphraseCredentialTransaction())
+ ->setTransactionType($type_reveal_policy)
+ ->setNewValue($v_reveal_policy);
+
+ $xactions[] = id(new PassphraseCredentialTransaction())
->setTransactionType($type_space)
->setNewValue($v_space);
@@ -212,6 +219,7 @@
$credential->setViewPolicy($v_view_policy);
$credential->setEditPolicy($v_edit_policy);
+ $credential->setRevealPolicy($v_reveal_policy);
}
}
}
@@ -258,6 +266,12 @@
->setPolicyObject($credential)
->setCapability(PhabricatorPolicyCapability::CAN_EDIT)
->setPolicies($policies))
+ ->appendControl(
+ id(new AphrontFormPolicyControl())
+ ->setName('revealPolicy')
+ ->setPolicyObject($credential)
+ ->setCapability(PassphraseRevealCapability::CAPABILITY)
+ ->setPolicies($policies))
->appendChild(
id(new AphrontFormDividerControl()));
diff --git a/src/applications/passphrase/controller/PassphraseCredentialRevealController.php b/src/applications/passphrase/controller/PassphraseCredentialRevealController.php
--- a/src/applications/passphrase/controller/PassphraseCredentialRevealController.php
+++ b/src/applications/passphrase/controller/PassphraseCredentialRevealController.php
@@ -13,7 +13,7 @@
->requireCapabilities(
array(
PhabricatorPolicyCapability::CAN_VIEW,
- PhabricatorPolicyCapability::CAN_EDIT,
+ PassphraseRevealCapability::CAPABILITY,
))
->needSecrets(true)
->executeOne();
@@ -66,10 +66,10 @@
->setDisableWorkflowOnCancel(true)
->addCancelButton($view_uri, pht('Done'));
- $type_secret = PassphraseCredentialTransaction::TYPE_LOOKEDATSECRET;
+ $type_revealed = PassphraseCredentialTransaction::TYPE_REVEALED;
$xactions = array(
id(new PassphraseCredentialTransaction())
- ->setTransactionType($type_secret)
+ ->setTransactionType($type_revealed)
->setNewValue(true),
);
diff --git a/src/applications/passphrase/controller/PassphraseCredentialViewController.php b/src/applications/passphrase/controller/PassphraseCredentialViewController.php
--- a/src/applications/passphrase/controller/PassphraseCredentialViewController.php
+++ b/src/applications/passphrase/controller/PassphraseCredentialViewController.php
@@ -97,6 +97,10 @@
$viewer,
$credential,
PhabricatorPolicyCapability::CAN_EDIT);
+ $can_reveal = PhabricatorPolicyFilter::hasCapability(
+ $viewer,
+ $credential,
+ PassphraseRevealCapability::CAPABILITY);
$actions->addAction(
id(new PhabricatorActionView())
@@ -117,10 +121,10 @@
$actions->addAction(
id(new PhabricatorActionView())
- ->setName(pht('Show Secret'))
+ ->setName(pht('Reveal Secret'))
->setIcon('fa-eye')
->setHref($this->getApplicationURI("reveal/{$id}/"))
- ->setDisabled(!$can_edit || $is_locked)
+ ->setDisabled(!$can_reveal || $is_locked)
->setWorkflow(true));
if ($type->hasPublicKey()) {
@@ -177,6 +181,10 @@
pht('Editable By'),
$descriptions[PhabricatorPolicyCapability::CAN_EDIT]);
+ $properties->addProperty(
+ pht('Revealable By'),
+ $descriptions[PassphraseRevealCapability::CAPABILITY]);
+
if ($type->shouldRequireUsername()) {
$properties->addProperty(
pht('Username'),
diff --git a/src/applications/passphrase/editor/PassphraseCredentialTransactionEditor.php b/src/applications/passphrase/editor/PassphraseCredentialTransactionEditor.php
--- a/src/applications/passphrase/editor/PassphraseCredentialTransactionEditor.php
+++ b/src/applications/passphrase/editor/PassphraseCredentialTransactionEditor.php
@@ -22,9 +22,10 @@
$types[] = PassphraseCredentialTransaction::TYPE_USERNAME;
$types[] = PassphraseCredentialTransaction::TYPE_SECRET_ID;
$types[] = PassphraseCredentialTransaction::TYPE_DESTROY;
- $types[] = PassphraseCredentialTransaction::TYPE_LOOKEDATSECRET;
+ $types[] = PassphraseCredentialTransaction::TYPE_REVEALED;
$types[] = PassphraseCredentialTransaction::TYPE_LOCK;
$types[] = PassphraseCredentialTransaction::TYPE_CONDUIT;
+ $types[] = PassphraseCredentialTransaction::TYPE_REVEAL_POLICY;
return $types;
}
@@ -50,8 +51,10 @@
return (int)$object->getIsLocked();
case PassphraseCredentialTransaction::TYPE_CONDUIT:
return (int)$object->getAllowConduit();
- case PassphraseCredentialTransaction::TYPE_LOOKEDATSECRET:
+ case PassphraseCredentialTransaction::TYPE_REVEALED:
return null;
+ case PassphraseCredentialTransaction::TYPE_REVEAL_POLICY:
+ return $object->getRevealPolicy();
}
return parent::getCustomTransactionOldValue($object, $xaction);
@@ -65,7 +68,8 @@
case PassphraseCredentialTransaction::TYPE_DESCRIPTION:
case PassphraseCredentialTransaction::TYPE_USERNAME:
case PassphraseCredentialTransaction::TYPE_SECRET_ID:
- case PassphraseCredentialTransaction::TYPE_LOOKEDATSECRET:
+ case PassphraseCredentialTransaction::TYPE_REVEALED:
+ case PassphraseCredentialTransaction::TYPE_REVEAL_POLICY:
return $xaction->getNewValue();
case PassphraseCredentialTransaction::TYPE_DESTROY:
case PassphraseCredentialTransaction::TYPE_LOCK:
@@ -108,7 +112,7 @@
}
}
return;
- case PassphraseCredentialTransaction::TYPE_LOOKEDATSECRET:
+ case PassphraseCredentialTransaction::TYPE_REVEALED:
return;
case PassphraseCredentialTransaction::TYPE_LOCK:
$object->setIsLocked((int)$xaction->getNewValue());
@@ -116,9 +120,14 @@
case PassphraseCredentialTransaction::TYPE_CONDUIT:
$object->setAllowConduit((int)$xaction->getNewValue());
return;
- }
- return parent::applyCustomInternalTransaction($object, $xaction);
+ case PassphraseCredentialTransaction::TYPE_REVEAL_POLICY:
+ $object->setRevealPolicy($xaction->getNewValue());
+ break;
+
+ default:
+ return parent::applyCustomInternalTransaction($object, $xaction);
+ }
}
protected function applyCustomExternalTransaction(
@@ -131,13 +140,15 @@
case PassphraseCredentialTransaction::TYPE_USERNAME:
case PassphraseCredentialTransaction::TYPE_SECRET_ID:
case PassphraseCredentialTransaction::TYPE_DESTROY:
- case PassphraseCredentialTransaction::TYPE_LOOKEDATSECRET:
+ case PassphraseCredentialTransaction::TYPE_REVEALED:
case PassphraseCredentialTransaction::TYPE_LOCK:
case PassphraseCredentialTransaction::TYPE_CONDUIT:
+ case PassphraseCredentialTransaction::TYPE_REVEAL_POLICY:
return;
- }
- return parent::applyCustomExternalTransaction($object, $xaction);
+ default:
+ return parent::applyCustomExternalTransaction($object, $xaction);
+ }
}
private function destroySecret($secret_id) {
diff --git a/src/applications/passphrase/storage/PassphraseCredential.php b/src/applications/passphrase/storage/PassphraseCredential.php
--- a/src/applications/passphrase/storage/PassphraseCredential.php
+++ b/src/applications/passphrase/storage/PassphraseCredential.php
@@ -14,6 +14,7 @@
protected $providesType;
protected $viewPolicy;
protected $editPolicy;
+ protected $revealPolicy;
protected $description;
protected $username;
protected $secretID;
@@ -33,6 +34,8 @@
$view_policy = $app->getPolicy(PassphraseDefaultViewCapability::CAPABILITY);
$edit_policy = $app->getPolicy(PassphraseDefaultEditCapability::CAPABILITY);
+ $reveal_policy = $app->getPolicy(
+ PassphraseDefaultRevealCapability::CAPABILITY);
return id(new PassphraseCredential())
->setName('')
@@ -42,6 +45,7 @@
->setAuthorPHID($actor->getPHID())
->setViewPolicy($view_policy)
->setEditPolicy($edit_policy)
+ ->setRevealPolicy($reveal_policy)
->setSpacePHID($actor->getDefaultSpacePHID());
}
@@ -128,6 +132,7 @@
return array(
PhabricatorPolicyCapability::CAN_VIEW,
PhabricatorPolicyCapability::CAN_EDIT,
+ PassphraseRevealCapability::CAPABILITY,
);
}
@@ -137,6 +142,8 @@
return $this->getViewPolicy();
case PhabricatorPolicyCapability::CAN_EDIT:
return $this->getEditPolicy();
+ case PassphraseRevealCapability::CAPABILITY:
+ return $this->getRevealPolicy();
}
}
diff --git a/src/applications/passphrase/storage/PassphraseCredentialTransaction.php b/src/applications/passphrase/storage/PassphraseCredentialTransaction.php
--- a/src/applications/passphrase/storage/PassphraseCredentialTransaction.php
+++ b/src/applications/passphrase/storage/PassphraseCredentialTransaction.php
@@ -3,14 +3,15 @@
final class PassphraseCredentialTransaction
extends PhabricatorApplicationTransaction {
- const TYPE_NAME = 'passphrase:name';
- const TYPE_DESCRIPTION = 'passphrase:description';
- const TYPE_USERNAME = 'passphrase:username';
- const TYPE_SECRET_ID = 'passphrase:secretID';
- const TYPE_DESTROY = 'passphrase:destroy';
- const TYPE_LOOKEDATSECRET = 'passphrase:lookedAtSecret';
- const TYPE_LOCK = 'passphrase:lock';
- const TYPE_CONDUIT = 'passphrase:conduit';
+ const TYPE_NAME = 'passphrase:name';
+ const TYPE_DESCRIPTION = 'passphrase:description';
+ const TYPE_USERNAME = 'passphrase:username';
+ const TYPE_SECRET_ID = 'passphrase:secretID';
+ const TYPE_DESTROY = 'passphrase:destroy';
+ const TYPE_REVEALED = 'passphrase:revealed';
+ const TYPE_LOCK = 'passphrase:lock';
+ const TYPE_CONDUIT = 'passphrase:conduit';
+ const TYPE_REVEAL_POLICY = 'passphrase:reveal-policy';
public function getApplicationName() {
return 'passphrase';
@@ -33,7 +34,7 @@
return ($old === null);
case self::TYPE_USERNAME:
return !strlen($old);
- case self::TYPE_LOOKEDATSECRET:
+ case self::TYPE_REVEALED:
return false;
}
return parent::shouldHide();
@@ -84,9 +85,9 @@
return pht(
'%s destroyed this credential.',
$this->renderHandleLink($author_phid));
- case self::TYPE_LOOKEDATSECRET:
+ case self::TYPE_REVEALED:
return pht(
- '%s examined the secret plaintext for this credential.',
+ '%s revealed the secret plaintext for this credential.',
$this->renderHandleLink($author_phid));
case self::TYPE_LOCK:
return pht(
diff --git a/src/applications/paste/storage/PhabricatorPaste.php b/src/applications/paste/storage/PhabricatorPaste.php
--- a/src/applications/paste/storage/PhabricatorPaste.php
+++ b/src/applications/paste/storage/PhabricatorPaste.php
@@ -183,12 +183,12 @@
}
public function getPolicy($capability) {
- if ($capability == PhabricatorPolicyCapability::CAN_VIEW) {
- return $this->viewPolicy;
- } else if ($capability == PhabricatorPolicyCapability::CAN_EDIT) {
- return $this->editPolicy;
+ switch ($capability) {
+ case PhabricatorPolicyCapability::CAN_VIEW:
+ return $this->viewPolicy;
+ case PhabricatorPolicyCapability::CAN_EDIT:
+ return $this->editPolicy;
}
- return PhabricatorPolicies::POLICY_NOONE;
}
public function hasAutomaticCapability($capability, PhabricatorUser $user) {
diff --git a/src/applications/policy/capability/PhabricatorPolicyCapability.php b/src/applications/policy/capability/PhabricatorPolicyCapability.php
--- a/src/applications/policy/capability/PhabricatorPolicyCapability.php
+++ b/src/applications/policy/capability/PhabricatorPolicyCapability.php
@@ -2,9 +2,9 @@
abstract class PhabricatorPolicyCapability extends Phobject {
- const CAN_VIEW = 'view';
- const CAN_EDIT = 'edit';
- const CAN_JOIN = 'join';
+ const CAN_VIEW = 'view';
+ const CAN_EDIT = 'edit';
+ const CAN_JOIN = 'join';
/**
* Get the unique key identifying this capability. This key must be globally
diff --git a/src/applications/transactions/constants/PhabricatorTransactions.php b/src/applications/transactions/constants/PhabricatorTransactions.php
--- a/src/applications/transactions/constants/PhabricatorTransactions.php
+++ b/src/applications/transactions/constants/PhabricatorTransactions.php
@@ -2,28 +2,28 @@
final class PhabricatorTransactions extends Phobject {
- const TYPE_COMMENT = 'core:comment';
- const TYPE_SUBSCRIBERS = 'core:subscribers';
- const TYPE_VIEW_POLICY = 'core:view-policy';
- const TYPE_EDIT_POLICY = 'core:edit-policy';
- const TYPE_JOIN_POLICY = 'core:join-policy';
- const TYPE_EDGE = 'core:edge';
- const TYPE_CUSTOMFIELD = 'core:customfield';
- const TYPE_BUILDABLE = 'harbormaster:buildable';
- const TYPE_TOKEN = 'token:give';
- const TYPE_INLINESTATE = 'core:inlinestate';
- const TYPE_SPACE = 'core:space';
+ const TYPE_COMMENT = 'core:comment';
+ const TYPE_SUBSCRIBERS = 'core:subscribers';
+ const TYPE_VIEW_POLICY = 'core:view-policy';
+ const TYPE_EDIT_POLICY = 'core:edit-policy';
+ const TYPE_JOIN_POLICY = 'core:join-policy';
+ const TYPE_EDGE = 'core:edge';
+ const TYPE_CUSTOMFIELD = 'core:customfield';
+ const TYPE_BUILDABLE = 'harbormaster:buildable';
+ const TYPE_TOKEN = 'token:give';
+ const TYPE_INLINESTATE = 'core:inlinestate';
+ const TYPE_SPACE = 'core:space';
- const COLOR_RED = 'red';
- const COLOR_ORANGE = 'orange';
- const COLOR_YELLOW = 'yellow';
- const COLOR_GREEN = 'green';
- const COLOR_SKY = 'sky';
- const COLOR_BLUE = 'blue';
- const COLOR_INDIGO = 'indigo';
- const COLOR_VIOLET = 'violet';
- const COLOR_GREY = 'grey';
- const COLOR_BLACK = 'black';
+ const COLOR_RED = 'red';
+ const COLOR_ORANGE = 'orange';
+ const COLOR_YELLOW = 'yellow';
+ const COLOR_GREEN = 'green';
+ const COLOR_SKY = 'sky';
+ const COLOR_BLUE = 'blue';
+ const COLOR_INDIGO = 'indigo';
+ const COLOR_VIOLET = 'violet';
+ const COLOR_GREY = 'grey';
+ const COLOR_BLACK = 'black';
public static function getInlineStateMap() {
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Wed, Mar 26, 9:20 AM (1 w, 3 d ago)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
7723588
Default Alt Text
D14480.id35034.diff (21 KB)
Attached To
Mode
D14480: Add reveal policy for Passprase credentials
Attached
Detach File
Event Timeline
Log In to Comment