Differential D7751 Diff 17565 src/applications/phragment/controller/PhragmentSnapshotPromoteController.php
Changeset View
Changeset View
Standalone View
Standalone View
src/applications/phragment/controller/PhragmentSnapshotPromoteController.php
| Show All 17 Lines | public function processRequest() { | ||||
| $request = $this->getRequest(); | $request = $this->getRequest(); | ||||
| $viewer = $request->getUser(); | $viewer = $request->getUser(); | ||||
| // When the user is promoting a snapshot to the latest version, the | // When the user is promoting a snapshot to the latest version, the | ||||
| // identifier is a fragment path. | // identifier is a fragment path. | ||||
| if ($this->dblob !== null) { | if ($this->dblob !== null) { | ||||
| $this->targetFragment = id(new PhragmentFragmentQuery()) | $this->targetFragment = id(new PhragmentFragmentQuery()) | ||||
| ->setViewer($viewer) | ->setViewer($viewer) | ||||
| ->requireCapabilities(array( | |||||
| PhabricatorPolicyCapability::CAN_VIEW, | |||||
| PhabricatorPolicyCapability::CAN_EDIT)) | |||||
| ->withPaths(array($this->dblob)) | ->withPaths(array($this->dblob)) | ||||
| ->executeOne(); | ->executeOne(); | ||||
| if ($this->targetFragment === null) { | if ($this->targetFragment === null) { | ||||
| return new Aphront404Response(); | return new Aphront404Response(); | ||||
| } | } | ||||
| $this->snapshots = id(new PhragmentSnapshotQuery()) | $this->snapshots = id(new PhragmentSnapshotQuery()) | ||||
| ->setViewer($viewer) | ->setViewer($viewer) | ||||
| ->withPrimaryFragmentPHIDs(array($this->targetFragment->getPHID())) | ->withPrimaryFragmentPHIDs(array($this->targetFragment->getPHID())) | ||||
| ->execute(); | ->execute(); | ||||
| } | } | ||||
| // When the user is promoting a snapshot to another snapshot, the | // When the user is promoting a snapshot to another snapshot, the | ||||
| // identifier is another snapshot ID. | // identifier is another snapshot ID. | ||||
| if ($this->id !== null) { | if ($this->id !== null) { | ||||
| $this->targetSnapshot = id(new PhragmentSnapshotQuery()) | $this->targetSnapshot = id(new PhragmentSnapshotQuery()) | ||||
| ->setViewer($viewer) | ->setViewer($viewer) | ||||
| ->requireCapabilities(array( | |||||
| PhabricatorPolicyCapability::CAN_VIEW, | |||||
| PhabricatorPolicyCapability::CAN_EDIT)) | |||||
| ->withIDs(array($this->id)) | ->withIDs(array($this->id)) | ||||
| ->executeOne(); | ->executeOne(); | ||||
| if ($this->targetSnapshot === null) { | if ($this->targetSnapshot === null) { | ||||
| return new Aphront404Response(); | return new Aphront404Response(); | ||||
| } | } | ||||
| $this->snapshots = id(new PhragmentSnapshotQuery()) | $this->snapshots = id(new PhragmentSnapshotQuery()) | ||||
| ->setViewer($viewer) | ->setViewer($viewer) | ||||
| ->withPrimaryFragmentPHIDs(array( | ->withPrimaryFragmentPHIDs(array( | ||||
| $this->targetSnapshot->getPrimaryFragmentPHID())) | $this->targetSnapshot->getPrimaryFragmentPHID())) | ||||
epriestley: Prefer to use `requireCapabilities(VIEW, EDIT)` when querying over explicit checks, if you can. | |||||
| ->execute(); | ->execute(); | ||||
| } | } | ||||
| // If there's no identifier, just 404. | // If there's no identifier, just 404. | ||||
| if ($this->snapshots === null) { | if ($this->snapshots === null) { | ||||
| return new Aphront404Response(); | return new Aphront404Response(); | ||||
| } | } | ||||
| ▲ Show 20 Lines • Show All 75 Lines • ▼ Show 20 Lines | if ($request->isDialogFormPost()) { | ||||
| ->setSnapshotPHID($snapshot->getPHID()) | ->setSnapshotPHID($snapshot->getPHID()) | ||||
| ->setFragmentPHID($child->getFragmentPHID()) | ->setFragmentPHID($child->getFragmentPHID()) | ||||
| ->setFragmentVersionPHID($child->getFragmentVersionPHID()) | ->setFragmentVersionPHID($child->getFragmentVersionPHID()) | ||||
| ->save(); | ->save(); | ||||
| } | } | ||||
| } | } | ||||
| $snapshot->saveTransaction(); | $snapshot->saveTransaction(); | ||||
| return id(new AphrontRedirectResponse()); | if ($this->id === null) { | ||||
| return id(new AphrontRedirectResponse()) | |||||
| ->setURI($this->targetFragment->getURI()); | |||||
| } else { | |||||
| return id(new AphrontRedirectResponse()) | |||||
| ->setURI($this->targetSnapshot->getURI()); | |||||
| } | |||||
| } | } | ||||
| return $this->createDialog(); | return $this->createDialog(); | ||||
| } | } | ||||
| function createDialog() { | function createDialog() { | ||||
| $request = $this->getRequest(); | $request = $this->getRequest(); | ||||
| $viewer = $request->getUser(); | $viewer = $request->getUser(); | ||||
| Show All 28 Lines | |||||
Prefer to use requireCapabilities(VIEW, EDIT) when querying over explicit checks, if you can. This is a stronger behavior because we never even get objects which we don't have authority to act on, so it's more difficult to make mistakes.