Changeset View
Changeset View
Standalone View
Standalone View
src/applications/policy/filter/PhabricatorPolicyFilter.php
| Show First 20 Lines • Show All 647 Lines • ▼ Show 20 Lines | if ($capability === $view_capability) { | ||||
| $show_details = false; | $show_details = false; | ||||
| } else { | } else { | ||||
| $show_details = self::hasCapability( | $show_details = self::hasCapability( | ||||
| $viewer, | $viewer, | ||||
| $object, | $object, | ||||
| $view_capability); | $view_capability); | ||||
| } | } | ||||
| // TODO: This is a bit clumsy. We're producing HTML and text versions of | |||||
| // this message, but can't render the full policy rules in text today. | |||||
| // Users almost never get a text-only version of this exception anyway. | |||||
| $head = null; | |||||
| $more = null; | |||||
| if ($show_details) { | if ($show_details) { | ||||
| $more = PhabricatorPolicy::getPolicyExplanation($viewer, $policy); | $head = PhabricatorPolicy::getPolicyExplanation($viewer, $policy); | ||||
| $policy_type = PhabricatorPolicyPHIDTypePolicy::TYPECONST; | |||||
| $is_custom = (phid_get_type($policy) === $policy_type); | |||||
| if ($is_custom) { | |||||
| $policy_map = PhabricatorPolicyQuery::loadPolicies( | |||||
| $viewer, | |||||
| $object); | |||||
| if (isset($policy_map[$capability])) { | |||||
| require_celerity_resource('phui-policy-section-view-css'); | |||||
| $more = id(new PhabricatorPolicyRulesView()) | |||||
| ->setViewer($viewer) | |||||
| ->setPolicy($policy_map[$capability]); | |||||
| $more = phutil_tag( | |||||
| 'div', | |||||
| array( | |||||
| 'class' => 'phui-policy-section-view-rules', | |||||
| ), | |||||
| $more); | |||||
| } | |||||
| } | |||||
| } else { | } else { | ||||
| $more = PhabricatorPolicy::getOpaquePolicyExplanation($viewer, $policy); | $head = PhabricatorPolicy::getOpaquePolicyExplanation($viewer, $policy); | ||||
| } | } | ||||
| $more = (array)$more; | $head = (array)$head; | ||||
| $more = array_filter($more); | |||||
| $exceptions = PhabricatorPolicy::getSpecialRules( | $exceptions = PhabricatorPolicy::getSpecialRules( | ||||
| $object, | $object, | ||||
| $this->viewer, | $this->viewer, | ||||
| $capability, | $capability, | ||||
| true); | true); | ||||
| $details = array_filter(array_merge($more, $exceptions)); | $text_details = array_filter(array_merge($head, $exceptions)); | ||||
| $text_details = implode(' ', $text_details); | |||||
| $html_details = array($head, $more, $exceptions); | |||||
| $access_denied = $this->renderAccessDenied($object); | $access_denied = $this->renderAccessDenied($object); | ||||
| $full_message = pht( | $full_message = pht( | ||||
| '[%s] (%s) %s // %s', | '[%s] (%s) %s // %s', | ||||
| $access_denied, | $access_denied, | ||||
| $capability_name, | $capability_name, | ||||
| $rejection, | $rejection, | ||||
| implode(' ', $details)); | $text_details); | ||||
| $exception = id(new PhabricatorPolicyException($full_message)) | $exception = id(new PhabricatorPolicyException($full_message)) | ||||
| ->setTitle($access_denied) | ->setTitle($access_denied) | ||||
| ->setObjectPHID($object->getPHID()) | ->setObjectPHID($object->getPHID()) | ||||
| ->setRejection($rejection) | ->setRejection($rejection) | ||||
| ->setCapability($capability) | ->setCapability($capability) | ||||
| ->setCapabilityName($capability_name) | ->setCapabilityName($capability_name) | ||||
| ->setMoreInfo($details); | ->setMoreInfo($html_details); | ||||
| throw $exception; | throw $exception; | ||||
| } | } | ||||
| private function loadObjectPolicies(array $map) { | private function loadObjectPolicies(array $map) { | ||||
| $viewer = $this->viewer; | $viewer = $this->viewer; | ||||
| $viewer_phid = $viewer->getPHID(); | $viewer_phid = $viewer->getPHID(); | ||||
| ▲ Show 20 Lines • Show All 319 Lines • Show Last 20 Lines | |||||