Changeset View
Changeset View
Standalone View
Standalone View
src/applications/phortune/storage/PhortuneCart.php
<?php | <?php | ||||
final class PhortuneCart extends PhortuneDAO | final class PhortuneCart extends PhortuneDAO | ||||
implements | implements | ||||
PhabricatorApplicationTransactionInterface, | PhabricatorApplicationTransactionInterface, | ||||
PhabricatorPolicyInterface { | PhabricatorPolicyInterface, | ||||
PhabricatorExtendedPolicyInterface { | |||||
const STATUS_BUILDING = 'cart:building'; | const STATUS_BUILDING = 'cart:building'; | ||||
const STATUS_READY = 'cart:ready'; | const STATUS_READY = 'cart:ready'; | ||||
const STATUS_PURCHASING = 'cart:purchasing'; | const STATUS_PURCHASING = 'cart:purchasing'; | ||||
const STATUS_CHARGED = 'cart:charged'; | const STATUS_CHARGED = 'cart:charged'; | ||||
const STATUS_HOLD = 'cart:hold'; | const STATUS_HOLD = 'cart:hold'; | ||||
const STATUS_REVIEW = 'cart:review'; | const STATUS_REVIEW = 'cart:review'; | ||||
const STATUS_PURCHASED = 'cart:purchased'; | const STATUS_PURCHASED = 'cart:purchased'; | ||||
▲ Show 20 Lines • Show All 632 Lines • ▼ Show 20 Lines | /* -( PhabricatorPolicyInterface )----------------------------------------- */ | ||||
public function getCapabilities() { | public function getCapabilities() { | ||||
return array( | return array( | ||||
PhabricatorPolicyCapability::CAN_VIEW, | PhabricatorPolicyCapability::CAN_VIEW, | ||||
PhabricatorPolicyCapability::CAN_EDIT, | PhabricatorPolicyCapability::CAN_EDIT, | ||||
); | ); | ||||
} | } | ||||
public function getPolicy($capability) { | public function getPolicy($capability) { | ||||
// NOTE: Both view and edit use the account's edit policy. We punch a hole | return PhabricatorPolicies::getMostOpenPolicy(); | ||||
// through this for merchants, below. | |||||
return $this | |||||
->getAccount() | |||||
->getPolicy(PhabricatorPolicyCapability::CAN_EDIT); | |||||
} | } | ||||
public function hasAutomaticCapability($capability, PhabricatorUser $viewer) { | public function hasAutomaticCapability($capability, PhabricatorUser $viewer) { | ||||
if ($this->getAccount()->hasAutomaticCapability($capability, $viewer)) { | if ($capability === PhabricatorPolicyCapability::CAN_VIEW) { | ||||
return true; | $any_edit = PhortuneMerchantQuery::canViewersEditMerchants( | ||||
} | array($viewer->getPHID()), | ||||
array($this->getMerchantPHID())); | |||||
// If the viewer controls the merchant this order was placed with, they | if ($any_edit) { | ||||
// can view the order. | |||||
if ($capability == PhabricatorPolicyCapability::CAN_VIEW) { | |||||
$can_admin = PhabricatorPolicyFilter::hasCapability( | |||||
$viewer, | |||||
$this->getMerchant(), | |||||
PhabricatorPolicyCapability::CAN_EDIT); | |||||
if ($can_admin) { | |||||
return true; | return true; | ||||
} | } | ||||
} | } | ||||
return false; | return false; | ||||
} | } | ||||
public function describeAutomaticCapability($capability) { | |||||
/* -( PhabricatorExtendedPolicyInterface )--------------------------------- */ | |||||
public function getExtendedPolicy($capability, PhabricatorUser $viewer) { | |||||
if ($this->hasAutomaticCapability($capability, $viewer)) { | |||||
return array(); | |||||
} | |||||
return array( | return array( | ||||
pht('Orders inherit the policies of the associated account.'), | array( | ||||
pht('The merchant you placed an order with can review and manage it.'), | $this->getAccount(), | ||||
PhabricatorPolicyCapability::CAN_EDIT, | |||||
), | |||||
); | ); | ||||
} | } | ||||
} | } |