Changeset View
Changeset View
Standalone View
Standalone View
src/applications/phortune/storage/PhortunePaymentMethod.php
<?php | <?php | ||||
/** | /** | ||||
* A payment method is a credit card; it is associated with an account and | * A payment method is a credit card; it is associated with an account and | ||||
* charges can be made against it. | * charges can be made against it. | ||||
*/ | */ | ||||
final class PhortunePaymentMethod extends PhortuneDAO | final class PhortunePaymentMethod | ||||
implements PhabricatorPolicyInterface { | extends PhortuneDAO | ||||
implements | |||||
PhabricatorPolicyInterface, | |||||
PhabricatorExtendedPolicyInterface, | |||||
PhabricatorPolicyCodexInterface { | |||||
const STATUS_ACTIVE = 'payment:active'; | const STATUS_ACTIVE = 'payment:active'; | ||||
const STATUS_DISABLED = 'payment:disabled'; | const STATUS_DISABLED = 'payment:disabled'; | ||||
protected $name = ''; | protected $name = ''; | ||||
protected $status; | protected $status; | ||||
protected $accountPHID; | protected $accountPHID; | ||||
protected $authorPHID; | protected $authorPHID; | ||||
▲ Show 20 Lines • Show All 126 Lines • ▼ Show 20 Lines | /* -( PhabricatorPolicyInterface )----------------------------------------- */ | ||||
public function getCapabilities() { | public function getCapabilities() { | ||||
return array( | return array( | ||||
PhabricatorPolicyCapability::CAN_VIEW, | PhabricatorPolicyCapability::CAN_VIEW, | ||||
PhabricatorPolicyCapability::CAN_EDIT, | PhabricatorPolicyCapability::CAN_EDIT, | ||||
); | ); | ||||
} | } | ||||
public function getPolicy($capability) { | public function getPolicy($capability) { | ||||
return $this->getAccount()->getPolicy($capability); | return PhabricatorPolicies::getMostOpenPolicy(); | ||||
} | } | ||||
public function hasAutomaticCapability($capability, PhabricatorUser $viewer) { | public function hasAutomaticCapability($capability, PhabricatorUser $viewer) { | ||||
return $this->getAccount()->hasAutomaticCapability( | |||||
$capability, | // See T13366. If you can edit the merchant associated with this payment | ||||
$viewer); | // method, you can view the payment method. | ||||
if ($capability === PhabricatorPolicyCapability::CAN_VIEW) { | |||||
$any_edit = PhortuneMerchantQuery::canViewersEditMerchants( | |||||
array($viewer->getPHID()), | |||||
array($this->getMerchantPHID())); | |||||
if ($any_edit) { | |||||
return true; | |||||
} | |||||
} | |||||
return false; | |||||
} | |||||
/* -( PhabricatorExtendedPolicyInterface )--------------------------------- */ | |||||
public function getExtendedPolicy($capability, PhabricatorUser $viewer) { | |||||
if ($this->hasAutomaticCapability($capability, $viewer)) { | |||||
return array(); | |||||
} | } | ||||
public function describeAutomaticCapability($capability) { | // See T13366. For blanket view and edit permissions on all payment | ||||
return pht( | // methods, you must be able to edit the associated account. | ||||
'Members of an account can always view and edit its payment methods.'); | return array( | ||||
array( | |||||
$this->getAccount(), | |||||
PhabricatorPolicyCapability::CAN_EDIT, | |||||
), | |||||
); | |||||
} | |||||
/* -( PhabricatorPolicyCodexInterface )------------------------------------ */ | |||||
public function newPolicyCodex() { | |||||
return new PhortunePaymentMethodPolicyCodex(); | |||||
} | } | ||||
} | } |