Differential D20036 Diff 47865 src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php
Changeset View
Changeset View
Standalone View
Standalone View
src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php
| Show First 20 Lines • Show All 4,900 Lines • ▼ Show 20 Lines | foreach ($xactions as $xaction) { | ||||
| $xaction->setIsMFATransaction(true); | $xaction->setIsMFATransaction(true); | ||||
| } | } | ||||
| } | } | ||||
| private function newMFATransactions( | private function newMFATransactions( | ||||
| PhabricatorLiskDAO $object, | PhabricatorLiskDAO $object, | ||||
| array $xactions) { | array $xactions) { | ||||
| $is_mfa = ($object instanceof PhabricatorEditEngineMFAInterface); | $has_engine = ($object instanceof PhabricatorEditEngineMFAInterface); | ||||
| if (!$is_mfa) { | if ($has_engine) { | ||||
| return $xactions; | |||||
| } | |||||
| $engine = PhabricatorEditEngineMFAEngine::newEngineForObject($object) | $engine = PhabricatorEditEngineMFAEngine::newEngineForObject($object) | ||||
| ->setViewer($this->getActor()); | ->setViewer($this->getActor()); | ||||
| $require_mfa = $engine->shouldRequireMFA(); | $require_mfa = $engine->shouldRequireMFA(); | ||||
| $try_mfa = $engine->shouldTryMFA(); | |||||
| } else { | |||||
| $require_mfa = false; | |||||
| $try_mfa = false; | |||||
| } | |||||
| // If the user is mentioning an MFA object on another object or creating | |||||
| // a relationship like "parent" or "child" to this object, we always | |||||
| // allow the edit to move forward without requiring MFA. | |||||
| if ($this->getIsInverseEdgeEditor()) { | |||||
| return $xactions; | |||||
| } | |||||
| if (!$require_mfa) { | if (!$require_mfa) { | ||||
| $try_mfa = $engine->shouldTryMFA(); | // If the object hasn't already opted into MFA, see if any of the | ||||
| // transactions want it. | |||||
| if (!$try_mfa) { | |||||
| foreach ($xactions as $xaction) { | |||||
| $type = $xaction->getTransactionType(); | |||||
| $xtype = $this->getModularTransactionType($type); | |||||
| if ($xtype) { | |||||
| $xtype = clone $xtype; | |||||
| $xtype->setStorage($xaction); | |||||
| if ($xtype->shouldTryMFA($object, $xaction)) { | |||||
| $try_mfa = true; | |||||
| break; | |||||
| } | |||||
| } | |||||
| } | |||||
| } | |||||
| if ($try_mfa) { | if ($try_mfa) { | ||||
| $this->setShouldRequireMFA(true); | $this->setShouldRequireMFA(true); | ||||
| } | } | ||||
| return $xactions; | return $xactions; | ||||
| } | } | ||||
| $type_mfa = PhabricatorTransactions::TYPE_MFA; | $type_mfa = PhabricatorTransactions::TYPE_MFA; | ||||
| $has_mfa = false; | $has_mfa = false; | ||||
| foreach ($xactions as $xaction) { | foreach ($xactions as $xaction) { | ||||
| if ($xaction->getTransactionType() === $type_mfa) { | if ($xaction->getTransactionType() === $type_mfa) { | ||||
| $has_mfa = true; | $has_mfa = true; | ||||
| break; | break; | ||||
| } | } | ||||
| } | } | ||||
| if ($has_mfa) { | if ($has_mfa) { | ||||
| return $xactions; | return $xactions; | ||||
| } | } | ||||
| // If the user is mentioning an MFA object on another object or creating | |||||
| // a relationship like "parent" or "child" to this object, we allow the | |||||
| // edit to move forward without requiring MFA. | |||||
| if ($this->getIsInverseEdgeEditor()) { | |||||
| return $xactions; | |||||
| } | |||||
| $template = $object->getApplicationTransactionTemplate(); | $template = $object->getApplicationTransactionTemplate(); | ||||
| $mfa_xaction = id(clone $template) | $mfa_xaction = id(clone $template) | ||||
| ->setTransactionType($type_mfa) | ->setTransactionType($type_mfa) | ||||
| ->setNewValue(true); | ->setNewValue(true); | ||||
| array_unshift($xactions, $mfa_xaction); | array_unshift($xactions, $mfa_xaction); | ||||
| return $xactions; | return $xactions; | ||||
| } | } | ||||
| } | } | ||||