Changeset View
Changeset View
Standalone View
Standalone View
src/applications/policy/filter/PhabricatorPolicyFilter.php
Show First 20 Lines • Show All 541 Lines • ▼ Show 20 Lines | if (!$rejection) { | ||||
$capability); | $capability); | ||||
} | } | ||||
$more = PhabricatorPolicy::getPolicyExplanation($this->viewer, $policy); | $more = PhabricatorPolicy::getPolicyExplanation($this->viewer, $policy); | ||||
$exceptions = $object->describeAutomaticCapability($capability); | $exceptions = $object->describeAutomaticCapability($capability); | ||||
$details = array_filter(array_merge(array($more), (array)$exceptions)); | $details = array_filter(array_merge(array($more), (array)$exceptions)); | ||||
// NOTE: Not every type of policy object has a real PHID; just load an | $access_denied = $this->renderAccessDenied($object); | ||||
// empty handle if a real PHID isn't available. | |||||
$phid = nonempty($object->getPHID(), PhabricatorPHIDConstants::PHID_VOID); | |||||
$handle = id(new PhabricatorHandleQuery()) | |||||
->setViewer($this->viewer) | |||||
->withPHIDs(array($phid)) | |||||
->executeOne(); | |||||
$is_serious = PhabricatorEnv::getEnvConfig('phabricator.serious-business'); | |||||
if ($is_serious) { | |||||
$title = pht( | |||||
'Access Denied: %s', | |||||
$handle->getObjectName()); | |||||
} else { | |||||
$title = pht( | |||||
'You Shall Not Pass: %s', | |||||
$handle->getObjectName()); | |||||
} | |||||
$full_message = pht( | $full_message = pht( | ||||
'[%s] (%s) %s // %s', | '[%s] (%s) %s // %s', | ||||
$title, | $access_denied, | ||||
$capability_name, | $capability_name, | ||||
$rejection, | $rejection, | ||||
implode(' ', $details)); | implode(' ', $details)); | ||||
$exception = id(new PhabricatorPolicyException($full_message)) | $exception = id(new PhabricatorPolicyException($full_message)) | ||||
->setTitle($title) | ->setTitle($access_denied) | ||||
->setRejection($rejection) | ->setRejection($rejection) | ||||
->setCapabilityName($capability_name) | ->setCapabilityName($capability_name) | ||||
->setMoreInfo($details); | ->setMoreInfo($details); | ||||
throw $exception; | throw $exception; | ||||
} | } | ||||
private function loadCustomPolicies(array $phids) { | private function loadCustomPolicies(array $phids) { | ||||
▲ Show 20 Lines • Show All 76 Lines • ▼ Show 20 Lines | private function getObjectPolicy( | ||||
if ($this->forcedPolicy) { | if ($this->forcedPolicy) { | ||||
return $this->forcedPolicy; | return $this->forcedPolicy; | ||||
} else { | } else { | ||||
return $object->getPolicy($capability); | return $object->getPolicy($capability); | ||||
} | } | ||||
} | } | ||||
private function renderAccessDenied(PhabricatorPolicyInterface $object) { | |||||
// NOTE: Not every type of policy object has a real PHID; just load an | |||||
// empty handle if a real PHID isn't available. | |||||
$phid = nonempty($object->getPHID(), PhabricatorPHIDConstants::PHID_VOID); | |||||
btrahan: I don't think this really matters / I assume what's actually getting passed in here makes sense… | |||||
Not Done Inline ActionsPhabricatorPolicyInterface extends PhabricatorPHIDInterface which does guarantee that getPHID() exists, so this shouldn't ever fatal, at least. However, this is probably at least somewhat wrong/sketchy/out-of-date; I don't know which types of objects the comment was talking about offhand. Two cases I can think of:
epriestley: `PhabricatorPolicyInterface` extends `PhabricatorPHIDInterface` which does guarantee that… | |||||
$handle = id(new PhabricatorHandleQuery()) | |||||
->setViewer($this->viewer) | |||||
->withPHIDs(array($phid)) | |||||
->executeOne(); | |||||
$object_name = $handle->getObjectName(); | |||||
$is_serious = PhabricatorEnv::getEnvConfig('phabricator.serious-business'); | |||||
if ($is_serious) { | |||||
$access_denied = pht( | |||||
'Access Denied: %s', | |||||
$object_name); | |||||
} else { | |||||
$access_denied = pht( | |||||
'You Shall Not Pass: %s', | |||||
$object_name); | |||||
} | |||||
return $access_denied; | |||||
} | |||||
} | } |
I don't think this really matters / I assume what's actually getting passed in here makes sense, but when I was wondering about correctness I looked up PhabricatorPolicyInterface and it doesn't have getPHID. Ergo / I guess at this anyway, isn't a method_exists sort of check maybe? Part of this is I think getPHID() usually returns something unless the object hasn't been saved yet.