Changeset View
Changeset View
Standalone View
Standalone View
src/applications/policy/filter/PhabricatorPolicyFilter.php
Show First 20 Lines • Show All 647 Lines • ▼ Show 20 Lines | if ($capability === $view_capability) { | ||||
$show_details = false; | $show_details = false; | ||||
} else { | } else { | ||||
$show_details = self::hasCapability( | $show_details = self::hasCapability( | ||||
$viewer, | $viewer, | ||||
$object, | $object, | ||||
$view_capability); | $view_capability); | ||||
} | } | ||||
// TODO: This is a bit clumsy. We're producing HTML and text versions of | |||||
// this message, but can't render the full policy rules in text today. | |||||
// Users almost never get a text-only version of this exception anyway. | |||||
$head = null; | |||||
$more = null; | |||||
if ($show_details) { | if ($show_details) { | ||||
$more = PhabricatorPolicy::getPolicyExplanation($viewer, $policy); | $head = PhabricatorPolicy::getPolicyExplanation($viewer, $policy); | ||||
$policy_type = PhabricatorPolicyPHIDTypePolicy::TYPECONST; | |||||
$is_custom = (phid_get_type($policy) === $policy_type); | |||||
if ($is_custom) { | |||||
$policy_map = PhabricatorPolicyQuery::loadPolicies( | |||||
$viewer, | |||||
$object); | |||||
if (isset($policy_map[$capability])) { | |||||
require_celerity_resource('phui-policy-section-view-css'); | |||||
$more = id(new PhabricatorPolicyRulesView()) | |||||
->setViewer($viewer) | |||||
->setPolicy($policy_map[$capability]); | |||||
$more = phutil_tag( | |||||
'div', | |||||
array( | |||||
'class' => 'phui-policy-section-view-rules', | |||||
), | |||||
$more); | |||||
} | |||||
} | |||||
} else { | } else { | ||||
$more = PhabricatorPolicy::getOpaquePolicyExplanation($viewer, $policy); | $head = PhabricatorPolicy::getOpaquePolicyExplanation($viewer, $policy); | ||||
} | } | ||||
$more = (array)$more; | $head = (array)$head; | ||||
$more = array_filter($more); | |||||
$exceptions = PhabricatorPolicy::getSpecialRules( | $exceptions = PhabricatorPolicy::getSpecialRules( | ||||
$object, | $object, | ||||
$this->viewer, | $this->viewer, | ||||
$capability, | $capability, | ||||
true); | true); | ||||
$details = array_filter(array_merge($more, $exceptions)); | $text_details = array_filter(array_merge($head, $exceptions)); | ||||
$text_details = implode(' ', $text_details); | |||||
$html_details = array($head, $more, $exceptions); | |||||
$access_denied = $this->renderAccessDenied($object); | $access_denied = $this->renderAccessDenied($object); | ||||
$full_message = pht( | $full_message = pht( | ||||
'[%s] (%s) %s // %s', | '[%s] (%s) %s // %s', | ||||
$access_denied, | $access_denied, | ||||
$capability_name, | $capability_name, | ||||
$rejection, | $rejection, | ||||
implode(' ', $details)); | $text_details); | ||||
$exception = id(new PhabricatorPolicyException($full_message)) | $exception = id(new PhabricatorPolicyException($full_message)) | ||||
->setTitle($access_denied) | ->setTitle($access_denied) | ||||
->setObjectPHID($object->getPHID()) | ->setObjectPHID($object->getPHID()) | ||||
->setRejection($rejection) | ->setRejection($rejection) | ||||
->setCapability($capability) | ->setCapability($capability) | ||||
->setCapabilityName($capability_name) | ->setCapabilityName($capability_name) | ||||
->setMoreInfo($details); | ->setMoreInfo($html_details); | ||||
throw $exception; | throw $exception; | ||||
} | } | ||||
private function loadObjectPolicies(array $map) { | private function loadObjectPolicies(array $map) { | ||||
$viewer = $this->viewer; | $viewer = $this->viewer; | ||||
$viewer_phid = $viewer->getPHID(); | $viewer_phid = $viewer->getPHID(); | ||||
▲ Show 20 Lines • Show All 319 Lines • Show Last 20 Lines |