Page MenuHomePhabricator
Differential D15641 Diff 37701 src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php

Changeset View

Standalone View

View Options

src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php

Show First 20 LinesShow All 672 Lines▼ Show 20 Lines switch ($xaction->getTransactionType()) {
'data' => $edge['data'], 'data' => $edge['data'],
); );
$editor->addEdge($src, $const, $dst_phid, $data); $editor->addEdge($src, $const, $dst_phid, $data);
} }
$editor->save(); $editor->save();
break; break;
case PhabricatorTransactions::TYPE_VIEW_POLICY:
case PhabricatorTransactions::TYPE_SPACE:
$this->scrambleFileSecrets($object);
break;
} }
} }
/** /**
* Fill in a transaction's common values, like author and content source. * Fill in a transaction's common values, like author and content source.
*/ */
protected function populateTransaction( protected function populateTransaction(
PhabricatorLiskDAO $object, PhabricatorLiskDAO $object,
▲ Show 20 LinesShow All 220 Lines▼ Show 20 Lines if (!$transaction_open) {
$this->attachFiles($object, $file_phids); $this->attachFiles($object, $file_phids);
} }
foreach ($xactions as $xaction) { foreach ($xactions as $xaction) {
$this->applyExternalEffects($object, $xaction); $this->applyExternalEffects($object, $xaction);
} }
$xactions = $this->applyFinalEffects($object, $xactions); $xactions = $this->applyFinalEffects($object, $xactions);
if ($read_locking) { if ($read_locking) {
$object->endReadLocking(); $object->endReadLocking();
$read_locking = false; $read_locking = false;
} }
$object->saveTransaction(); $object->saveTransaction();
// Now that we've completely applied the core transaction set, try to apply // Now that we've completely applied the core transaction set, try to apply
▲ Show 20 LinesShow All 2,540 Lines▼ Show 20 Lines foreach ($phids as $phid => $ignored) {
continue 2; continue 2;
} }
} }
} }
return $phids; return $phids;
} }
/**
* When the view policy for an object is changed, scramble the secret keys
* for attached files to invalidate existing URIs.
*/
private function scrambleFileSecrets($object) {
// If this is a newly created object, we don't need to scramble anything
// since it couldn't have been previously published.
if ($this->getIsNewObject()) {
return;
}
// If the object is a file itself, scramble it.
if ($object instanceof PhabricatorFile) {
if ($this->shouldScramblePolicy($object->getViewPolicy())) {
$object->scrambleSecret();
$object->save();
}
}
$phid = $object->getPHID();
$attached_phids = PhabricatorEdgeQuery::loadDestinationPHIDs(
$phid,
PhabricatorObjectHasFileEdgeType::EDGECONST);
if (!$attached_phids) {
return;
}
$omnipotent_viewer = PhabricatorUser::getOmnipotentUser();
$files = id(new PhabricatorFileQuery())
->setViewer($omnipotent_viewer)
->withPHIDs($attached_phids)
->execute();
foreach ($files as $file) {
$view_policy = $file->getViewPolicy();
if ($this->shouldScramblePolicy($view_policy)) {
$file->scrambleSecret();
$file->save();
}
}
}
/**
* Check if a policy is strong enough to justify scrambling. Objects which
* are set to very open policies don't need to scramble their files, and
* files with very open policies don't need to be scrambled when associated
* objects change.
*/
private function shouldScramblePolicy($policy) {
switch ($policy) {
case PhabricatorPolicies::POLICY_PUBLIC:
case PhabricatorPolicies::POLICY_USER:
return false;
}
return true;
}
} }
Phabricator · Built by Phacility