Changeset View
Changeset View
Standalone View
Standalone View
src/applications/policy/filter/PhabricatorPolicyFilter.php
| Show First 20 Lines • Show All 541 Lines • ▼ Show 20 Lines | if (!$rejection) { | ||||
| $capability); | $capability); | ||||
| } | } | ||||
| $more = PhabricatorPolicy::getPolicyExplanation($this->viewer, $policy); | $more = PhabricatorPolicy::getPolicyExplanation($this->viewer, $policy); | ||||
| $exceptions = $object->describeAutomaticCapability($capability); | $exceptions = $object->describeAutomaticCapability($capability); | ||||
| $details = array_filter(array_merge(array($more), (array)$exceptions)); | $details = array_filter(array_merge(array($more), (array)$exceptions)); | ||||
| // NOTE: Not every type of policy object has a real PHID; just load an | $access_denied = $this->renderAccessDenied($object); | ||||
| // empty handle if a real PHID isn't available. | |||||
| $phid = nonempty($object->getPHID(), PhabricatorPHIDConstants::PHID_VOID); | |||||
| $handle = id(new PhabricatorHandleQuery()) | |||||
| ->setViewer($this->viewer) | |||||
| ->withPHIDs(array($phid)) | |||||
| ->executeOne(); | |||||
| $is_serious = PhabricatorEnv::getEnvConfig('phabricator.serious-business'); | |||||
| if ($is_serious) { | |||||
| $title = pht( | |||||
| 'Access Denied: %s', | |||||
| $handle->getObjectName()); | |||||
| } else { | |||||
| $title = pht( | |||||
| 'You Shall Not Pass: %s', | |||||
| $handle->getObjectName()); | |||||
| } | |||||
| $full_message = pht( | $full_message = pht( | ||||
| '[%s] (%s) %s // %s', | '[%s] (%s) %s // %s', | ||||
| $title, | $access_denied, | ||||
| $capability_name, | $capability_name, | ||||
| $rejection, | $rejection, | ||||
| implode(' ', $details)); | implode(' ', $details)); | ||||
| $exception = id(new PhabricatorPolicyException($full_message)) | $exception = id(new PhabricatorPolicyException($full_message)) | ||||
| ->setTitle($title) | ->setTitle($access_denied) | ||||
| ->setRejection($rejection) | ->setRejection($rejection) | ||||
| ->setCapabilityName($capability_name) | ->setCapabilityName($capability_name) | ||||
| ->setMoreInfo($details); | ->setMoreInfo($details); | ||||
| throw $exception; | throw $exception; | ||||
| } | } | ||||
| private function loadCustomPolicies(array $phids) { | private function loadCustomPolicies(array $phids) { | ||||
| ▲ Show 20 Lines • Show All 76 Lines • ▼ Show 20 Lines | private function getObjectPolicy( | ||||
| if ($this->forcedPolicy) { | if ($this->forcedPolicy) { | ||||
| return $this->forcedPolicy; | return $this->forcedPolicy; | ||||
| } else { | } else { | ||||
| return $object->getPolicy($capability); | return $object->getPolicy($capability); | ||||
| } | } | ||||
| } | } | ||||
| private function renderAccessDenied(PhabricatorPolicyInterface $object) { | |||||
| // NOTE: Not every type of policy object has a real PHID; just load an | |||||
| // empty handle if a real PHID isn't available. | |||||
| $phid = nonempty($object->getPHID(), PhabricatorPHIDConstants::PHID_VOID); | |||||
btrahan: I don't think this really matters / I assume what's actually getting passed in here makes sense… | |||||
Not Done Inline ActionsPhabricatorPolicyInterface extends PhabricatorPHIDInterface which does guarantee that getPHID() exists, so this shouldn't ever fatal, at least. However, this is probably at least somewhat wrong/sketchy/out-of-date; I don't know which types of objects the comment was talking about offhand. Two cases I can think of:
epriestley: `PhabricatorPolicyInterface` extends `PhabricatorPHIDInterface` which does guarantee that… | |||||
| $handle = id(new PhabricatorHandleQuery()) | |||||
| ->setViewer($this->viewer) | |||||
| ->withPHIDs(array($phid)) | |||||
| ->executeOne(); | |||||
| $object_name = $handle->getObjectName(); | |||||
| $is_serious = PhabricatorEnv::getEnvConfig('phabricator.serious-business'); | |||||
| if ($is_serious) { | |||||
| $access_denied = pht( | |||||
| 'Access Denied: %s', | |||||
| $object_name); | |||||
| } else { | |||||
| $access_denied = pht( | |||||
| 'You Shall Not Pass: %s', | |||||
| $object_name); | |||||
| } | |||||
| return $access_denied; | |||||
| } | |||||
| } | } | ||||
I don't think this really matters / I assume what's actually getting passed in here makes sense, but when I was wondering about correctness I looked up PhabricatorPolicyInterface and it doesn't have getPHID. Ergo / I guess at this anyway, isn't a method_exists sort of check maybe? Part of this is I think getPHID() usually returns something unless the object hasn't been saved yet.