Changeset View
Changeset View
Standalone View
Standalone View
src/applications/phortune/storage/PhortuneAccount.php
Show First 20 Lines • Show All 173 Lines • ▼ Show 20 Lines | /* -( PhabricatorPolicyInterface )----------------------------------------- */ | ||||
} | } | ||||
public function hasAutomaticCapability($capability, PhabricatorUser $viewer) { | public function hasAutomaticCapability($capability, PhabricatorUser $viewer) { | ||||
$members = array_fuse($this->getMemberPHIDs()); | $members = array_fuse($this->getMemberPHIDs()); | ||||
if (isset($members[$viewer->getPHID()])) { | if (isset($members[$viewer->getPHID()])) { | ||||
return true; | return true; | ||||
} | } | ||||
// If the viewer is acting on behalf of a merchant, they can see | // See T13366. If the viewer can edit any merchant that this payment | ||||
// payment accounts. | // account has a relationship with, they can see the payment account. | ||||
if ($capability == PhabricatorPolicyCapability::CAN_VIEW) { | if ($capability == PhabricatorPolicyCapability::CAN_VIEW) { | ||||
foreach ($viewer->getAuthorities() as $authority) { | $viewer_phids = array($viewer->getPHID()); | ||||
if ($authority instanceof PhortuneMerchant) { | $merchant_phids = $this->getMerchantPHIDs(); | ||||
$any_edit = PhortuneMerchantQuery::canViewersEditMerchants( | |||||
$viewer_phids, | |||||
$merchant_phids); | |||||
if ($any_edit) { | |||||
return true; | return true; | ||||
} | } | ||||
} | } | ||||
} | |||||
return false; | return false; | ||||
} | } | ||||
public function describeAutomaticCapability($capability) { | public function describeAutomaticCapability($capability) { | ||||
return pht('Members of an account can always view and edit it.'); | return array( | ||||
pht('Members of an account can always view and edit it.'), | |||||
pht('Merchants an account has established a relationship can view it.'), | |||||
); | |||||
} | } | ||||
} | } |