Changeset View
Changeset View
Standalone View
Standalone View
src/applications/passphrase/storage/PassphraseCredential.php
| <?php | <?php | ||||
| final class PassphraseCredential extends PassphraseDAO | final class PassphraseCredential extends PassphraseDAO | ||||
| implements | implements | ||||
| PhabricatorApplicationTransactionInterface, | PhabricatorApplicationTransactionInterface, | ||||
| PhabricatorPolicyInterface, | PhabricatorPolicyInterface, | ||||
| PhabricatorFlaggableInterface, | PhabricatorFlaggableInterface, | ||||
| PhabricatorSubscribableInterface, | |||||
| PhabricatorDestructibleInterface, | PhabricatorDestructibleInterface, | ||||
| PhabricatorSpacesInterface { | PhabricatorSpacesInterface { | ||||
| protected $name; | protected $name; | ||||
| protected $credentialType; | protected $credentialType; | ||||
| protected $providesType; | protected $providesType; | ||||
| protected $viewPolicy; | protected $viewPolicy; | ||||
| protected $editPolicy; | protected $editPolicy; | ||||
| ▲ Show 20 Lines • Show All 126 Lines • ▼ Show 20 Lines | /* -( PhabricatorPolicyInterface )----------------------------------------- */ | ||||
| public function hasAutomaticCapability($capability, PhabricatorUser $viewer) { | public function hasAutomaticCapability($capability, PhabricatorUser $viewer) { | ||||
| return false; | return false; | ||||
| } | } | ||||
| public function describeAutomaticCapability($capability) { | public function describeAutomaticCapability($capability) { | ||||
| return null; | return null; | ||||
| } | } | ||||
| /* -( PhabricatorSubscribableInterface )----------------------------------- */ | |||||
| public function isAutomaticallySubscribed($phid) { | |||||
| return false; | |||||
epriestley: Maybe omit this (just `return false;`) because we don't give the author any other special… | |||||
| } | |||||
| public function shouldShowSubscribersProperty() { | |||||
| return true; | |||||
| } | |||||
| public function shouldAllowSubscription($phid) { | |||||
| return true; | |||||
| } | |||||
| /* -( PhabricatorDestructibleInterface )----------------------------------- */ | /* -( PhabricatorDestructibleInterface )----------------------------------- */ | ||||
| public function destroyObjectPermanently( | public function destroyObjectPermanently( | ||||
| PhabricatorDestructionEngine $engine) { | PhabricatorDestructionEngine $engine) { | ||||
| $this->openTransaction(); | $this->openTransaction(); | ||||
| $secrets = id(new PassphraseSecret())->loadAllWhere( | $secrets = id(new PassphraseSecret())->loadAllWhere( | ||||
| 'id = %d', | 'id = %d', | ||||
| Show All 17 Lines | |||||
Maybe omit this (just return false;) because we don't give the author any other special privileges for these object types.
In particular, if you're in charge of Twitter and move to the Devops team, it's reasonable to revoke your access to a Twitter credential even if you created it. It seems correct to sever the author from the credential completely at this point.