Changeset View
Changeset View
Standalone View
Standalone View
src/applications/conduit/call/ConduitCall.php
Show First 20 Lines • Show All 108 Lines • ▼ Show 20 Lines | if (!$this->shouldRequireAuthentication()) { | ||||
// No auth requirement here. | // No auth requirement here. | ||||
} else { | } else { | ||||
$allow_public = $this->handler->shouldAllowPublic() && | $allow_public = $this->handler->shouldAllowPublic() && | ||||
PhabricatorEnv::getEnvConfig('policy.allow-public'); | PhabricatorEnv::getEnvConfig('policy.allow-public'); | ||||
if (!$allow_public) { | if (!$allow_public) { | ||||
if (!$user->isLoggedIn() && !$user->isOmnipotent()) { | if (!$user->isLoggedIn() && !$user->isOmnipotent()) { | ||||
// TODO: As per below, this should get centralized and cleaned up. | // TODO: As per below, this should get centralized and cleaned up. | ||||
throw new ConduitException("ERR-INVALID-AUTH"); | throw new ConduitException('ERR-INVALID-AUTH'); | ||||
} | } | ||||
} | } | ||||
// TODO: This would be slightly cleaner by just using a Query, but the | // TODO: This would be slightly cleaner by just using a Query, but the | ||||
// Conduit auth workflow requires the Call and User be built separately. | // Conduit auth workflow requires the Call and User be built separately. | ||||
// Just do it this way for the moment. | // Just do it this way for the moment. | ||||
$application = $this->handler->getApplication(); | $application = $this->handler->getApplication(); | ||||
if ($application) { | if ($application) { | ||||
$can_view = PhabricatorPolicyFilter::hasCapability( | $can_view = PhabricatorPolicyFilter::hasCapability( | ||||
$user, | $user, | ||||
$application, | $application, | ||||
PhabricatorPolicyCapability::CAN_VIEW); | PhabricatorPolicyCapability::CAN_VIEW); | ||||
if (!$can_view) { | if (!$can_view) { | ||||
throw new ConduitException( | throw new ConduitException( | ||||
pht( | pht( | ||||
"You do not have access to the application which provides this ". | 'You do not have access to the application which provides this '. | ||||
"API method.")); | 'API method.')); | ||||
} | } | ||||
} | } | ||||
} | } | ||||
if (!$this->shouldForceLocal() && $this->servers) { | if (!$this->shouldForceLocal() && $this->servers) { | ||||
$server = $this->pickRandomServer($this->servers); | $server = $this->pickRandomServer($this->servers); | ||||
$client = new ConduitClient($server); | $client = new ConduitClient($server); | ||||
$params = $this->request->getAllParameters(); | $params = $this->request->getAllParameters(); | ||||
$params["__conduit__"]["isProxied"] = true; | $params['__conduit__']['isProxied'] = true; | ||||
if ($this->handler->shouldRequireAuthentication()) { | if ($this->handler->shouldRequireAuthentication()) { | ||||
$client->callMethodSynchronous( | $client->callMethodSynchronous( | ||||
'conduit.connect', | 'conduit.connect', | ||||
array( | array( | ||||
'client' => 'PhabricatorConduit', | 'client' => 'PhabricatorConduit', | ||||
'clientVersion' => '1.0', | 'clientVersion' => '1.0', | ||||
'user' => $this->getUser()->getUserName(), | 'user' => $this->getUser()->getUserName(), | ||||
'certificate' => $this->getUser()->getConduitCertificate(), | 'certificate' => $this->getUser()->getConduitCertificate(), | ||||
'__conduit__' => $params["__conduit__"], | '__conduit__' => $params['__conduit__'], | ||||
)); | )); | ||||
} | } | ||||
return $client->callMethodSynchronous( | return $client->callMethodSynchronous( | ||||
$this->method, | $this->method, | ||||
$params); | $params); | ||||
} else { | } else { | ||||
return $this->handler->executeMethod($this->request); | return $this->handler->executeMethod($this->request); | ||||
▲ Show 20 Lines • Show All 50 Lines • Show Last 20 Lines |