Changeset View
Changeset View
Standalone View
Standalone View
src/applications/phame/conduit/PhameCreatePostConduitAPIMethod.php
| Show First 20 Lines • Show All 66 Lines • ▼ Show 20 Lines | protected function execute(ConduitAPIRequest $request) { | ||||
| } else { | } else { | ||||
| $blogger = $user; | $blogger = $user; | ||||
| } | } | ||||
| $blog = id(new PhameBlogQuery()) | $blog = id(new PhameBlogQuery()) | ||||
| ->setViewer($blogger) | ->setViewer($blogger) | ||||
| ->withPHIDs(array($blog_phid)) | ->withPHIDs(array($blog_phid)) | ||||
| ->requireCapabilities( | ->requireCapabilities( | ||||
| array( | array( | ||||
| PhabricatorPolicyCapability::CAN_JOIN, | PhabricatorPolicyCapability::CAN_VIEW, | ||||
| PhabricatorPolicyCapability::CAN_EDIT, | |||||
| )) | )) | ||||
epriestley: You should also require CAN_VIEW here. | |||||
| ->executeOne(); | ->executeOne(); | ||||
| if (!$blog) { | if (!$blog) { | ||||
| throw new ConduitException('ERR-INVALID-BLOG'); | throw new ConduitException('ERR-INVALID-BLOG'); | ||||
| } | } | ||||
| $post = PhamePost::initializePost($blogger, $blog); | $post = PhamePost::initializePost($blogger, $blog); | ||||
| $is_draft = $request->getValue('isDraft', false); | $is_draft = $request->getValue('isDraft', false); | ||||
| Show All 18 Lines | |||||
You should also require CAN_VIEW here.