Differential D20737 Diff 49450 src/applications/phortune/controller/external/PhortuneExternalController.php

Changeset View

Standalone View

src/applications/phortune/controller/external/PhortuneExternalController.php

This file was added.

				<?php

				abstract class PhortuneExternalController
				extends PhortuneController {

				private $email;

				final public function shouldAllowPublic() {
				return true;
				}

				abstract protected function handleExternalRequest(AphrontRequest $request);

				final protected function hasAccountEmail() {
				return (bool)$this->email;
				}

				final protected function getAccountEmail() {
				return $this->email;
				}

				final protected function getExternalViewer() {
				return PhabricatorUser::getOmnipotentUser();
				}

				final public function handleRequest(AphrontRequest $request) {
				$address_key = $request->getURIData('addressKey');
				$access_key = $request->getURIData('accessKey');

				$viewer = $this->getViewer();
				$xviewer = $this->getExternalViewer();

				$email = id(new PhortuneAccountEmailQuery())
				->setViewer($xviewer)
				->withAddressKeys(array($address_key))
				->executeOne();
				if (!$email) {
				return new Aphront404Response();
				}

				$account = $email->getAccount();

				$can_see = PhabricatorPolicyFilter::hasCapability(
				$viewer,
				$account,
				PhabricatorPolicyCapability::CAN_EDIT);

				$email_display = phutil_tag('strong', array(), $email->getAddress());
				$user_display = phutil_tag('strong', array(), $viewer->getUsername());

				$actual_key = $email->getAccessKey();
				if (!phutil_hashes_are_identical($access_key, $actual_key)) {
				$dialog = $this->newDialog()
				->setTitle(pht('Email Access Link Out of Date'))
				->appendParagraph(
				pht(
				'You are trying to access this payment account as: %s',
				$email_display))
				->appendParagraph(
				pht(
				'The access link you have followed is out of date and no longer '.
				'works.'));

				if ($can_see) {
				$dialog->appendParagraph(
				pht(
				'You are currently logged in as a user (%s) who has '.
				'permission to manage the payment account, so you can '.
				'continue to the updated link.',
				$user_display));

				$dialog->addCancelButton(
				$email->getExternalURI(),
				pht('Continue to Updated Link'));
				} else {
				$dialog->appendParagraph(
				pht(
				'To access information about this payment account, follow '.
				'a more recent link or ask a user with access to give you '.
				'an updated link.'));
				}

				return $dialog;
				}

				// TODO: Test that status is good.

				$this->email = $email;

				return $this->handleExternalRequest($request);
				}

				final protected function newExternalCrumbs() {
				$viewer = $this->getViewer();

				$crumbs = new PHUICrumbsView();

				if ($this->hasAccountEmail()) {
				$email = $this->getAccountEmail();
				$account = $email->getAccount();

				$crumb_name = pht(
				'Payment Account: %s',
				$account->getName());

				$crumb = id(new PHUICrumbView())
				->setIcon('fa-diamond')
				->setName($crumb_name);

				$can_see = PhabricatorPolicyFilter::hasCapability(
				$viewer,
				$account,
				PhabricatorPolicyCapability::CAN_VIEW);
				if ($can_see) {
				$crumb->setHref($account->getURI());
				}

				$crumbs
				->addCrumb($crumb)
				->addTextCrumb(pht('Viewing As "%s"', $email->getAddress()));
				} else {
				$crumb = id(new PHUICrumbView())
				->setIcon('fa-diamond')
				->setText(pht('External Account View'));

				$crumbs->addCrumb($crumb);
				}

				return $crumbs;
				}

				final protected function newExternalView() {
				$email = $this->getAccountEmail();

				$messages = array();
				$messages[] = pht(
				'You are viewing this payment account as: %s',
				phutil_tag('strong', array(), $email->getAddress()));
				$messages[] = pht(
				'Anyone who has a link to this page can view order history for '.
				'this payment account.');

				return id(new PHUIInfoView())
				->setSeverity(PHUIInfoView::SEVERITY_WARNING)
				->setErrors($messages);
				}
				}