Changeset View
Changeset View
Standalone View
Standalone View
src/applications/phortune/storage/PhortunePaymentMethod.php
| <?php | <?php | ||||
| /** | /** | ||||
| * A payment method is a credit card; it is associated with an account and | * A payment method is a credit card; it is associated with an account and | ||||
| * charges can be made against it. | * charges can be made against it. | ||||
| */ | */ | ||||
| final class PhortunePaymentMethod extends PhortuneDAO | final class PhortunePaymentMethod | ||||
| implements PhabricatorPolicyInterface { | extends PhortuneDAO | ||||
| implements | |||||
| PhabricatorPolicyInterface, | |||||
| PhabricatorExtendedPolicyInterface, | |||||
| PhabricatorPolicyCodexInterface { | |||||
| const STATUS_ACTIVE = 'payment:active'; | const STATUS_ACTIVE = 'payment:active'; | ||||
| const STATUS_DISABLED = 'payment:disabled'; | const STATUS_DISABLED = 'payment:disabled'; | ||||
| protected $name = ''; | protected $name = ''; | ||||
| protected $status; | protected $status; | ||||
| protected $accountPHID; | protected $accountPHID; | ||||
| protected $authorPHID; | protected $authorPHID; | ||||
| ▲ Show 20 Lines • Show All 126 Lines • ▼ Show 20 Lines | /* -( PhabricatorPolicyInterface )----------------------------------------- */ | ||||
| public function getCapabilities() { | public function getCapabilities() { | ||||
| return array( | return array( | ||||
| PhabricatorPolicyCapability::CAN_VIEW, | PhabricatorPolicyCapability::CAN_VIEW, | ||||
| PhabricatorPolicyCapability::CAN_EDIT, | PhabricatorPolicyCapability::CAN_EDIT, | ||||
| ); | ); | ||||
| } | } | ||||
| public function getPolicy($capability) { | public function getPolicy($capability) { | ||||
| return $this->getAccount()->getPolicy($capability); | return PhabricatorPolicies::getMostOpenPolicy(); | ||||
| } | } | ||||
| public function hasAutomaticCapability($capability, PhabricatorUser $viewer) { | public function hasAutomaticCapability($capability, PhabricatorUser $viewer) { | ||||
| return $this->getAccount()->hasAutomaticCapability( | |||||
| $capability, | // See T13366. If you can edit the merchant associated with this payment | ||||
| $viewer); | // method, you can view the payment method. | ||||
| if ($capability === PhabricatorPolicyCapability::CAN_VIEW) { | |||||
| $any_edit = PhortuneMerchantQuery::canViewersEditMerchants( | |||||
| array($viewer->getPHID()), | |||||
| array($this->getMerchantPHID())); | |||||
| if ($any_edit) { | |||||
| return true; | |||||
| } | |||||
| } | |||||
| return false; | |||||
| } | |||||
| /* -( PhabricatorExtendedPolicyInterface )--------------------------------- */ | |||||
| public function getExtendedPolicy($capability, PhabricatorUser $viewer) { | |||||
| if ($this->hasAutomaticCapability($capability, $viewer)) { | |||||
| return array(); | |||||
| } | } | ||||
| public function describeAutomaticCapability($capability) { | // See T13366. For blanket view and edit permissions on all payment | ||||
| return pht( | // methods, you must be able to edit the associated account. | ||||
| 'Members of an account can always view and edit its payment methods.'); | return array( | ||||
| array( | |||||
| $this->getAccount(), | |||||
| PhabricatorPolicyCapability::CAN_EDIT, | |||||
| ), | |||||
| ); | |||||
| } | |||||
| /* -( PhabricatorPolicyCodexInterface )------------------------------------ */ | |||||
| public function newPolicyCodex() { | |||||
| return new PhortunePaymentMethodPolicyCodex(); | |||||
| } | } | ||||
| } | } | ||||