diff --git a/src/applications/policy/filter/PhabricatorPolicyFilter.php b/src/applications/policy/filter/PhabricatorPolicyFilter.php index a5c9f356f4..4ea7ce1549 100644 --- a/src/applications/policy/filter/PhabricatorPolicyFilter.php +++ b/src/applications/policy/filter/PhabricatorPolicyFilter.php @@ -1,974 +1,991 @@ setViewer($user) ->requireCapabilities(array($capability)) ->raisePolicyExceptions(true) ->apply(array($object)); } /** * Perform a capability check, acting as though an object had a specific * policy. This is primarily used to check if a policy is valid (for example, * to prevent users from editing away their ability to edit an object). * * Specifically, a check like this: * * PhabricatorPolicyFilter::requireCapabilityWithForcedPolicy( * $viewer, * $object, * PhabricatorPolicyCapability::CAN_EDIT, * $potential_new_policy); * * ...will throw a @{class:PhabricatorPolicyException} if the new policy would * remove the user's ability to edit the object. * * @param PhabricatorUser The viewer to perform a policy check for. * @param PhabricatorPolicyInterface The object to perform a policy check on. * @param string Capability to test. * @param string Perform the test as though the object has this * policy instead of the policy it actually has. * @return void */ public static function requireCapabilityWithForcedPolicy( PhabricatorUser $viewer, PhabricatorPolicyInterface $object, $capability, $forced_policy) { id(new PhabricatorPolicyFilter()) ->setViewer($viewer) ->requireCapabilities(array($capability)) ->raisePolicyExceptions(true) ->forcePolicy($forced_policy) ->apply(array($object)); } public static function hasCapability( PhabricatorUser $user, PhabricatorPolicyInterface $object, $capability) { $filter = new PhabricatorPolicyFilter(); $filter->setViewer($user); $filter->requireCapabilities(array($capability)); $result = $filter->apply(array($object)); return (count($result) == 1); } public static function canInteract( PhabricatorUser $user, PhabricatorPolicyInterface $object) { + $capabilities = self::getRequiredInteractCapabilities($object); + + foreach ($capabilities as $capability) { + if (!self::hasCapability($user, $object, $capability)) { + return false; + } + } + + return true; + } + + public static function requireCanInteract( + PhabricatorUser $user, + PhabricatorPolicyInterface $object) { + + $capabilities = self::getRequiredInteractCapabilities($object); + foreach ($capabilities as $capability) { + self::requireCapability($user, $object, $capability); + } + } + + private static function getRequiredInteractCapabilities( + PhabricatorPolicyInterface $object) { $capabilities = $object->getCapabilities(); $capabilities = array_fuse($capabilities); $can_interact = PhabricatorPolicyCapability::CAN_INTERACT; $can_view = PhabricatorPolicyCapability::CAN_VIEW; $require = array(); // If the object doesn't support a separate "Interact" capability, we // only use the "View" capability: for most objects, you can interact // with them if you can see them. $require[] = $can_view; if (isset($capabilities[$can_interact])) { $require[] = $can_interact; } - foreach ($require as $capability) { - if (!self::hasCapability($user, $object, $capability)) { - return false; - } - } - - return true; + return $require; } public function setViewer(PhabricatorUser $user) { $this->viewer = $user; return $this; } public function requireCapabilities(array $capabilities) { $this->capabilities = $capabilities; return $this; } public function raisePolicyExceptions($raise) { $this->raisePolicyExceptions = $raise; return $this; } public function forcePolicy($forced_policy) { $this->forcedPolicy = $forced_policy; return $this; } public function apply(array $objects) { assert_instances_of($objects, 'PhabricatorPolicyInterface'); $viewer = $this->viewer; $capabilities = $this->capabilities; if (!$viewer || !$capabilities) { throw new PhutilInvalidStateException('setViewer', 'requireCapabilities'); } // If the viewer is omnipotent, short circuit all the checks and just // return the input unmodified. This is an optimization; we know the // result already. if ($viewer->isOmnipotent()) { return $objects; } // Before doing any actual object checks, make sure the viewer can see // the applications that these objects belong to. This is normally enforced // in the Query layer before we reach object filtering, but execution // sometimes reaches policy filtering without running application checks. $objects = $this->applyApplicationChecks($objects); $filtered = array(); $viewer_phid = $viewer->getPHID(); if (empty($this->userProjects[$viewer_phid])) { $this->userProjects[$viewer_phid] = array(); } $need_projects = array(); $need_policies = array(); $need_objpolicies = array(); foreach ($objects as $key => $object) { $object_capabilities = $object->getCapabilities(); foreach ($capabilities as $capability) { if (!in_array($capability, $object_capabilities)) { throw new Exception( pht( 'Testing for capability "%s" on an object ("%s") which does '. 'not support that capability.', $capability, get_class($object))); } $policy = $this->getObjectPolicy($object, $capability); if (PhabricatorPolicyQuery::isObjectPolicy($policy)) { $need_objpolicies[$policy][] = $object; continue; } $type = phid_get_type($policy); if ($type == PhabricatorProjectProjectPHIDType::TYPECONST) { $need_projects[$policy] = $policy; continue; } if ($type == PhabricatorPolicyPHIDTypePolicy::TYPECONST) { $need_policies[$policy][] = $object; continue; } } } if ($need_objpolicies) { $this->loadObjectPolicies($need_objpolicies); } if ($need_policies) { $this->loadCustomPolicies($need_policies); } // If we need projects, check if any of the projects we need are also the // objects we're filtering. Because of how project rules work, this is a // common case. if ($need_projects) { foreach ($objects as $object) { if ($object instanceof PhabricatorProject) { $project_phid = $object->getPHID(); if (isset($need_projects[$project_phid])) { $is_member = $object->isUserMember($viewer_phid); $this->userProjects[$viewer_phid][$project_phid] = $is_member; unset($need_projects[$project_phid]); } } } } if ($need_projects) { $need_projects = array_unique($need_projects); // NOTE: We're using the omnipotent user here to avoid a recursive // descent into madness. We don't actually need to know if the user can // see these projects or not, since: the check is "user is member of // project", not "user can see project"; and membership implies // visibility anyway. Without this, we may load other projects and // re-enter the policy filter and generally create a huge mess. $projects = id(new PhabricatorProjectQuery()) ->setViewer(PhabricatorUser::getOmnipotentUser()) ->withMemberPHIDs(array($viewer->getPHID())) ->withPHIDs($need_projects) ->execute(); foreach ($projects as $project) { $this->userProjects[$viewer_phid][$project->getPHID()] = true; } } foreach ($objects as $key => $object) { foreach ($capabilities as $capability) { if (!$this->checkCapability($object, $capability)) { // If we're missing any capability, move on to the next object. continue 2; } } // If we make it here, we have all of the required capabilities. $filtered[$key] = $object; } // If we survived the primary checks, apply extended checks to objects // with extended policies. $results = array(); $extended = array(); foreach ($filtered as $key => $object) { if ($object instanceof PhabricatorExtendedPolicyInterface) { $extended[$key] = $object; } else { $results[$key] = $object; } } if ($extended) { $results += $this->applyExtendedPolicyChecks($extended); // Put results back in the original order. $results = array_select_keys($results, array_keys($filtered)); } return $results; } private function applyExtendedPolicyChecks(array $extended_objects) { $viewer = $this->viewer; $filter_capabilities = $this->capabilities; // Iterate over the objects we need to filter and pull all the nonempty // policies into a flat, structured list. $all_structs = array(); foreach ($extended_objects as $key => $extended_object) { foreach ($filter_capabilities as $extended_capability) { $extended_policies = $extended_object->getExtendedPolicy( $extended_capability, $viewer); if (!$extended_policies) { continue; } foreach ($extended_policies as $extended_policy) { list($object, $capabilities) = $extended_policy; // Build a description of the capabilities we need to check. This // will be something like `"view"`, or `"edit view"`, or possibly // a longer string with custom capabilities. Later, group the objects // up into groups which need the same capabilities tested. $capabilities = (array)$capabilities; $capabilities = array_fuse($capabilities); ksort($capabilities); $group = implode(' ', $capabilities); $struct = array( 'key' => $key, 'for' => $extended_capability, 'object' => $object, 'capabilities' => $capabilities, 'group' => $group, ); $all_structs[] = $struct; } } } // Extract any bare PHIDs from the structs; we need to load these objects. // These are objects which are required in order to perform an extended // policy check but which the original viewer did not have permission to // see (they presumably had other permissions which let them load the // object in the first place). $all_phids = array(); foreach ($all_structs as $idx => $struct) { $object = $struct['object']; if (is_string($object)) { $all_phids[$object] = $object; } } // If we have some bare PHIDs, we need to load the corresponding objects. if ($all_phids) { // We can pull these with the omnipotent user because we're immediately // filtering them. $ref_objects = id(new PhabricatorObjectQuery()) ->setViewer(PhabricatorUser::getOmnipotentUser()) ->withPHIDs($all_phids) ->execute(); $ref_objects = mpull($ref_objects, null, 'getPHID'); } else { $ref_objects = array(); } // Group the list of checks by the capabilities we need to check. $groups = igroup($all_structs, 'group'); foreach ($groups as $structs) { $head = head($structs); // All of the items in each group are checking for the same capabilities. $capabilities = $head['capabilities']; $key_map = array(); $objects_in = array(); foreach ($structs as $struct) { $extended_key = $struct['key']; if (empty($extended_objects[$extended_key])) { // If this object has already been rejected by an earlier filtering // pass, we don't need to do any tests on it. continue; } $object = $struct['object']; if (is_string($object)) { // This is really a PHID, so look it up. $object_phid = $object; if (empty($ref_objects[$object_phid])) { // We weren't able to load the corresponding object, so just // reject this result outright. $reject = $extended_objects[$extended_key]; unset($extended_objects[$extended_key]); // TODO: This could be friendlier. $this->rejectObject($reject, false, ''); continue; } $object = $ref_objects[$object_phid]; } $phid = $object->getPHID(); $key_map[$phid][] = $extended_key; $objects_in[$phid] = $object; } if ($objects_in) { $objects_out = $this->executeExtendedPolicyChecks( $viewer, $capabilities, $objects_in, $key_map); $objects_out = mpull($objects_out, null, 'getPHID'); } else { $objects_out = array(); } // If any objects were removed by filtering, we're going to reject all // of the original objects which needed them. foreach ($objects_in as $phid => $object_in) { if (isset($objects_out[$phid])) { // This object survived filtering, so we don't need to throw any // results away. continue; } foreach ($key_map[$phid] as $extended_key) { if (empty($extended_objects[$extended_key])) { // We've already rejected this object, so we don't need to reject // it again. continue; } $reject = $extended_objects[$extended_key]; unset($extended_objects[$extended_key]); // It's possible that we're rejecting this object for multiple // capability/policy failures, but just pick the first one to show // to the user. $first_capability = head($capabilities); $first_policy = $object_in->getPolicy($first_capability); $this->rejectObject($reject, $first_policy, $first_capability); } } } return $extended_objects; } private function executeExtendedPolicyChecks( PhabricatorUser $viewer, array $capabilities, array $objects, array $key_map) { // Do crude cycle detection by seeing if we have a huge stack depth. // Although more sophisticated cycle detection is possible in theory, // it is difficult with hierarchical objects like subprojects. Many other // checks make it difficult to create cycles normally, so just do a // simple check here to limit damage. static $depth; $depth++; if ($depth > 32) { foreach ($objects as $key => $object) { $this->rejectObject($objects[$key], false, ''); unset($objects[$key]); continue; } } if (!$objects) { return array(); } $caught = null; try { $result = id(new PhabricatorPolicyFilter()) ->setViewer($viewer) ->requireCapabilities($capabilities) ->apply($objects); } catch (Exception $ex) { $caught = $ex; } $depth--; if ($caught) { throw $caught; } return $result; } private function checkCapability( PhabricatorPolicyInterface $object, $capability) { $policy = $this->getObjectPolicy($object, $capability); if (!$policy) { // TODO: Formalize this somehow? $policy = PhabricatorPolicies::POLICY_USER; } if ($policy == PhabricatorPolicies::POLICY_PUBLIC) { // If the object is set to "public" but that policy is disabled for this // install, restrict the policy to "user". if (!PhabricatorEnv::getEnvConfig('policy.allow-public')) { $policy = PhabricatorPolicies::POLICY_USER; } // If the object is set to "public" but the capability is not a public // capability, restrict the policy to "user". $capobj = PhabricatorPolicyCapability::getCapabilityByKey($capability); if (!$capobj || !$capobj->shouldAllowPublicPolicySetting()) { $policy = PhabricatorPolicies::POLICY_USER; } } $viewer = $this->viewer; if ($viewer->isOmnipotent()) { return true; } if ($object instanceof PhabricatorSpacesInterface) { $space_phid = $object->getSpacePHID(); if (!$this->canViewerSeeObjectsInSpace($viewer, $space_phid)) { $this->rejectObjectFromSpace($object, $space_phid); return false; } } if ($object->hasAutomaticCapability($capability, $viewer)) { return true; } switch ($policy) { case PhabricatorPolicies::POLICY_PUBLIC: return true; case PhabricatorPolicies::POLICY_USER: if ($viewer->getPHID()) { return true; } else { $this->rejectObject($object, $policy, $capability); } break; case PhabricatorPolicies::POLICY_ADMIN: if ($viewer->getIsAdmin()) { return true; } else { $this->rejectObject($object, $policy, $capability); } break; case PhabricatorPolicies::POLICY_NOONE: $this->rejectObject($object, $policy, $capability); break; default: if (PhabricatorPolicyQuery::isObjectPolicy($policy)) { if ($this->checkObjectPolicy($policy, $object)) { return true; } else { $this->rejectObject($object, $policy, $capability); break; } } $type = phid_get_type($policy); if ($type == PhabricatorProjectProjectPHIDType::TYPECONST) { if (!empty($this->userProjects[$viewer->getPHID()][$policy])) { return true; } else { $this->rejectObject($object, $policy, $capability); } } else if ($type == PhabricatorPeopleUserPHIDType::TYPECONST) { if ($viewer->getPHID() == $policy) { return true; } else { $this->rejectObject($object, $policy, $capability); } } else if ($type == PhabricatorPolicyPHIDTypePolicy::TYPECONST) { if ($this->checkCustomPolicy($policy, $object)) { return true; } else { $this->rejectObject($object, $policy, $capability); } } else { // Reject objects with unknown policies. $this->rejectObject($object, false, $capability); } } return false; } public function rejectObject( PhabricatorPolicyInterface $object, $policy, $capability) { if (!$this->raisePolicyExceptions) { return; } if ($this->viewer->isOmnipotent()) { // Never raise policy exceptions for the omnipotent viewer. Although we // will never normally issue a policy rejection for the omnipotent // viewer, we can end up here when queries blanket reject objects that // have failed to load, without distinguishing between nonexistent and // nonvisible objects. return; } $capobj = PhabricatorPolicyCapability::getCapabilityByKey($capability); $rejection = null; if ($capobj) { $rejection = $capobj->describeCapabilityRejection(); $capability_name = $capobj->getCapabilityName(); } else { $capability_name = $capability; } if (!$rejection) { // We couldn't find the capability object, or it doesn't provide a // tailored rejection string. $rejection = pht( 'You do not have the required capability ("%s") to do whatever you '. 'are trying to do.', $capability); } $more = PhabricatorPolicy::getPolicyExplanation($this->viewer, $policy); $more = (array)$more; $more = array_filter($more); $exceptions = PhabricatorPolicy::getSpecialRules( $object, $this->viewer, $capability, true); $details = array_filter(array_merge($more, $exceptions)); $access_denied = $this->renderAccessDenied($object); $full_message = pht( '[%s] (%s) %s // %s', $access_denied, $capability_name, $rejection, implode(' ', $details)); $exception = id(new PhabricatorPolicyException($full_message)) ->setTitle($access_denied) ->setObjectPHID($object->getPHID()) ->setRejection($rejection) ->setCapability($capability) ->setCapabilityName($capability_name) ->setMoreInfo($details); throw $exception; } private function loadObjectPolicies(array $map) { $viewer = $this->viewer; $viewer_phid = $viewer->getPHID(); $rules = PhabricatorPolicyQuery::getObjectPolicyRules(null); // Make sure we have clean, empty policy rule objects. foreach ($rules as $key => $rule) { $rules[$key] = clone $rule; } $results = array(); foreach ($map as $key => $object_list) { $rule = idx($rules, $key); if (!$rule) { continue; } foreach ($object_list as $object_key => $object) { if (!$rule->canApplyToObject($object)) { unset($object_list[$object_key]); } } $rule->willApplyRules($viewer, array(), $object_list); $results[$key] = $rule; } $this->objectPolicies[$viewer_phid] = $results; } private function loadCustomPolicies(array $map) { $viewer = $this->viewer; $viewer_phid = $viewer->getPHID(); $custom_policies = id(new PhabricatorPolicyQuery()) ->setViewer($viewer) ->withPHIDs(array_keys($map)) ->execute(); $custom_policies = mpull($custom_policies, null, 'getPHID'); $classes = array(); $values = array(); $objects = array(); foreach ($custom_policies as $policy_phid => $policy) { foreach ($policy->getCustomRuleClasses() as $class) { $classes[$class] = $class; $values[$class][] = $policy->getCustomRuleValues($class); foreach (idx($map, $policy_phid, array()) as $object) { $objects[$class][] = $object; } } } foreach ($classes as $class => $ignored) { $rule_object = newv($class, array()); // Filter out any objects which the rule can't apply to. $target_objects = idx($objects, $class, array()); foreach ($target_objects as $key => $target_object) { if (!$rule_object->canApplyToObject($target_object)) { unset($target_objects[$key]); } } $rule_object->willApplyRules( $viewer, array_mergev($values[$class]), $target_objects); $classes[$class] = $rule_object; } foreach ($custom_policies as $policy) { $policy->attachRuleObjects($classes); } if (empty($this->customPolicies[$viewer_phid])) { $this->customPolicies[$viewer_phid] = array(); } $this->customPolicies[$viewer->getPHID()] += $custom_policies; } private function checkObjectPolicy( $policy_phid, PhabricatorPolicyInterface $object) { $viewer = $this->viewer; $viewer_phid = $viewer->getPHID(); $rule = idx($this->objectPolicies[$viewer_phid], $policy_phid); if (!$rule) { return false; } if (!$rule->canApplyToObject($object)) { return false; } return $rule->applyRule($viewer, null, $object); } private function checkCustomPolicy( $policy_phid, PhabricatorPolicyInterface $object) { $viewer = $this->viewer; $viewer_phid = $viewer->getPHID(); $policy = idx($this->customPolicies[$viewer_phid], $policy_phid); if (!$policy) { // Reject, this policy is bogus. return false; } $objects = $policy->getRuleObjects(); $action = null; foreach ($policy->getRules() as $rule) { if (!is_array($rule)) { // Reject, this policy rule is invalid. return false; } $rule_object = idx($objects, idx($rule, 'rule')); if (!$rule_object) { // Reject, this policy has a bogus rule. return false; } if (!$rule_object->canApplyToObject($object)) { // Reject, this policy rule can't be applied to the given object. return false; } // If the user matches this rule, use this action. if ($rule_object->applyRule($viewer, idx($rule, 'value'), $object)) { $action = idx($rule, 'action'); break; } } if ($action === null) { $action = $policy->getDefaultAction(); } if ($action === PhabricatorPolicy::ACTION_ALLOW) { return true; } return false; } private function getObjectPolicy( PhabricatorPolicyInterface $object, $capability) { if ($this->forcedPolicy) { return $this->forcedPolicy; } else { return $object->getPolicy($capability); } } private function renderAccessDenied(PhabricatorPolicyInterface $object) { // NOTE: Not every type of policy object has a real PHID; just load an // empty handle if a real PHID isn't available. $phid = nonempty($object->getPHID(), PhabricatorPHIDConstants::PHID_VOID); $handle = id(new PhabricatorHandleQuery()) ->setViewer($this->viewer) ->withPHIDs(array($phid)) ->executeOne(); $object_name = $handle->getObjectName(); $is_serious = PhabricatorEnv::getEnvConfig('phabricator.serious-business'); if ($is_serious) { $access_denied = pht( 'Access Denied: %s', $object_name); } else { $access_denied = pht( 'You Shall Not Pass: %s', $object_name); } return $access_denied; } private function canViewerSeeObjectsInSpace( PhabricatorUser $viewer, $space_phid) { $spaces = PhabricatorSpacesNamespaceQuery::getAllSpaces(); // If there are no spaces, everything exists in an implicit default space // with no policy controls. This is the default state. if (!$spaces) { if ($space_phid !== null) { return false; } else { return true; } } if ($space_phid === null) { $space = PhabricatorSpacesNamespaceQuery::getDefaultSpace(); } else { $space = idx($spaces, $space_phid); } if (!$space) { return false; } // This may be more involved later, but for now being able to see the // space is equivalent to being able to see everything in it. return self::hasCapability( $viewer, $space, PhabricatorPolicyCapability::CAN_VIEW); } private function rejectObjectFromSpace( PhabricatorPolicyInterface $object, $space_phid) { if (!$this->raisePolicyExceptions) { return; } if ($this->viewer->isOmnipotent()) { return; } $access_denied = $this->renderAccessDenied($object); $rejection = pht( 'This object is in a space you do not have permission to access.'); $full_message = pht('[%s] %s', $access_denied, $rejection); $exception = id(new PhabricatorPolicyException($full_message)) ->setTitle($access_denied) ->setObjectPHID($object->getPHID()) ->setRejection($rejection) ->setCapability(PhabricatorPolicyCapability::CAN_VIEW); throw $exception; } private function applyApplicationChecks(array $objects) { $viewer = $this->viewer; foreach ($objects as $key => $object) { // Don't filter handles: users are allowed to see handles from an // application they can't see even if they can not see objects from // that application. Note that the application policies still apply to // the underlying object, so these will be "Restricted Object" handles. // If we don't let these through, PhabricatorHandleQuery will completely // fail to load results for PHIDs that are part of applications which // the viewer can not see, but a fundamental property of handles is that // we always load something and they can safely be assumed to load. if ($object instanceof PhabricatorObjectHandle) { continue; } $phid = $object->getPHID(); if (!$phid) { continue; } $application_class = $this->getApplicationForPHID($phid); if ($application_class === null) { continue; } $can_see = PhabricatorApplication::isClassInstalledForViewer( $application_class, $viewer); if ($can_see) { continue; } unset($objects[$key]); $application = newv($application_class, array()); $this->rejectObject( $application, $application->getPolicy(PhabricatorPolicyCapability::CAN_VIEW), PhabricatorPolicyCapability::CAN_VIEW); } return $objects; } private function getApplicationForPHID($phid) { static $class_map = array(); $phid_type = phid_get_type($phid); if (!isset($class_map[$phid_type])) { $type_objects = PhabricatorPHIDType::getTypes(array($phid_type)); $type_object = idx($type_objects, $phid_type); if (!$type_object) { $class = false; } else { $class = $type_object->getPHIDTypeApplicationClass(); } $class_map[$phid_type] = $class; } $class = $class_map[$phid_type]; if ($class === false) { return null; } return $class; } } diff --git a/src/applications/transactions/controller/PhabricatorApplicationTransactionCommentEditController.php b/src/applications/transactions/controller/PhabricatorApplicationTransactionCommentEditController.php index 4529704c2f..84fcecfa6f 100644 --- a/src/applications/transactions/controller/PhabricatorApplicationTransactionCommentEditController.php +++ b/src/applications/transactions/controller/PhabricatorApplicationTransactionCommentEditController.php @@ -1,103 +1,102 @@ getViewer(); $xaction = id(new PhabricatorObjectQuery()) ->setViewer($viewer) ->withPHIDs(array($request->getURIData('phid'))) ->executeOne(); if (!$xaction) { return new Aphront404Response(); } if (!$xaction->getComment()) { // You can't currently edit a transaction which doesn't have a comment. // Some day you may be able to edit the visibility. return new Aphront404Response(); } if ($xaction->getComment()->getIsRemoved()) { // You can't edit history of a transaction with a removed comment. return new Aphront400Response(); } $phid = $xaction->getObjectPHID(); $handles = $viewer->loadHandles(array($phid)); $obj_handle = $handles[$phid]; $done_uri = $obj_handle->getURI(); // If an object is locked, you can't edit comments on it. Two reasons to // lock threads are to calm contentious issues and to freeze state for // auditing, and editing comments serves neither goal. $object = $xaction->getObject(); - $can_interact = PhabricatorPolicyFilter::hasCapability( + $can_interact = PhabricatorPolicyFilter::canInteract( $viewer, - $object, - PhabricatorPolicyCapability::CAN_INTERACT); + $object); if (!$can_interact) { return $this->newDialog() ->setTitle(pht('Conversation Locked')) ->appendParagraph( pht( 'You can not edit this comment because the conversation is '. 'locked.')) ->addCancelButton($done_uri); } if ($request->isFormOrHisecPost()) { $text = $request->getStr('text'); $comment = $xaction->getApplicationTransactionCommentObject(); $comment->setContent($text); if (!strlen($text)) { $comment->setIsDeleted(true); } $editor = id(new PhabricatorApplicationTransactionCommentEditor()) ->setActor($viewer) ->setContentSource(PhabricatorContentSource::newFromRequest($request)) ->setRequest($request) ->setCancelURI($done_uri) ->applyEdit($xaction, $comment); if ($request->isAjax()) { return id(new AphrontAjaxResponse())->setContent(array()); } else { return id(new AphrontReloadResponse())->setURI($done_uri); } } $errors = array(); if ($xaction->getIsMFATransaction()) { $message = pht( 'This comment was signed with MFA, so you will be required to '. 'provide MFA credentials to make changes.'); $errors[] = id(new PHUIInfoView()) ->setSeverity(PHUIInfoView::SEVERITY_MFA) ->setErrors(array($message)); } $form = id(new AphrontFormView()) ->setUser($viewer) ->setFullWidth(true) ->appendControl( id(new PhabricatorRemarkupControl()) ->setName('text') ->setValue($xaction->getComment()->getContent())); return $this->newDialog() ->setTitle(pht('Edit Comment')) ->appendChild($errors) ->appendForm($form) ->addSubmitButton(pht('Save Changes')) ->addCancelButton($done_uri); } } diff --git a/src/applications/transactions/editor/PhabricatorApplicationTransactionCommentEditor.php b/src/applications/transactions/editor/PhabricatorApplicationTransactionCommentEditor.php index 22acb3312f..b2405d90c4 100644 --- a/src/applications/transactions/editor/PhabricatorApplicationTransactionCommentEditor.php +++ b/src/applications/transactions/editor/PhabricatorApplicationTransactionCommentEditor.php @@ -1,289 +1,289 @@ actingAsPHID = $acting_as_phid; return $this; } public function getActingAsPHID() { if ($this->actingAsPHID) { return $this->actingAsPHID; } return $this->getActor()->getPHID(); } public function setContentSource(PhabricatorContentSource $content_source) { $this->contentSource = $content_source; return $this; } public function getContentSource() { return $this->contentSource; } public function setRequest(AphrontRequest $request) { $this->request = $request; return $this; } public function getRequest() { return $this->request; } public function setCancelURI($cancel_uri) { $this->cancelURI = $cancel_uri; return $this; } public function getCancelURI() { return $this->cancelURI; } public function setIsNewComment($is_new) { $this->isNewComment = $is_new; return $this; } public function getIsNewComment() { return $this->isNewComment; } /** * Edit a transaction's comment. This method effects the required create, * update or delete to set the transaction's comment to the provided comment. */ public function applyEdit( PhabricatorApplicationTransaction $xaction, PhabricatorApplicationTransactionComment $comment) { $this->validateEdit($xaction, $comment); $actor = $this->requireActor(); $this->applyMFAChecks($xaction, $comment); $comment->setContentSource($this->getContentSource()); $comment->setAuthorPHID($this->getActingAsPHID()); // TODO: This needs to be more sophisticated once we have meta-policies. $comment->setViewPolicy(PhabricatorPolicies::POLICY_PUBLIC); $comment->setEditPolicy($this->getActingAsPHID()); $file_phids = PhabricatorMarkupEngine::extractFilePHIDsFromEmbeddedFiles( $actor, array( $comment->getContent(), )); $xaction->openTransaction(); $xaction->beginReadLocking(); if ($xaction->getID()) { $xaction->reload(); } $new_version = $xaction->getCommentVersion() + 1; $comment->setCommentVersion($new_version); $comment->setTransactionPHID($xaction->getPHID()); $comment->save(); $old_comment = $xaction->getComment(); $comment->attachOldComment($old_comment); $xaction->setCommentVersion($new_version); $xaction->setCommentPHID($comment->getPHID()); $xaction->setViewPolicy($comment->getViewPolicy()); $xaction->setEditPolicy($comment->getEditPolicy()); $xaction->save(); $xaction->attachComment($comment); // For comment edits, we need to make sure there are no automagical // transactions like adding mentions or projects. if ($new_version > 1) { $object = id(new PhabricatorObjectQuery()) ->withPHIDs(array($xaction->getObjectPHID())) ->setViewer($this->getActor()) ->executeOne(); if ($object && $object instanceof PhabricatorApplicationTransactionInterface) { $editor = $object->getApplicationTransactionEditor(); $editor->setActor($this->getActor()); $support_xactions = $editor->getExpandedSupportTransactions( $object, $xaction); if ($support_xactions) { $editor ->setContentSource($this->getContentSource()) ->setContinueOnNoEffect(true) ->setContinueOnMissingFields(true) ->applyTransactions($object, $support_xactions); } } } $xaction->endReadLocking(); $xaction->saveTransaction(); // Add links to any files newly referenced by the edit. if ($file_phids) { $editor = new PhabricatorEdgeEditor(); foreach ($file_phids as $file_phid) { $editor->addEdge( $xaction->getObjectPHID(), PhabricatorObjectHasFileEdgeType::EDGECONST , $file_phid); } $editor->save(); } return $this; } /** * Validate that the edit is permissible, and the actor has permission to * perform it. */ private function validateEdit( PhabricatorApplicationTransaction $xaction, PhabricatorApplicationTransactionComment $comment) { if (!$xaction->getPHID()) { throw new Exception( pht( 'Transaction must have a PHID before calling %s!', 'applyEdit()')); } $type_comment = PhabricatorTransactions::TYPE_COMMENT; if ($xaction->getTransactionType() == $type_comment) { if ($comment->getPHID()) { throw new Exception( pht('Transaction comment must not yet have a PHID!')); } } if (!$this->getContentSource()) { throw new PhutilInvalidStateException('applyEdit'); } $actor = $this->requireActor(); PhabricatorPolicyFilter::requireCapability( $actor, $xaction, PhabricatorPolicyCapability::CAN_VIEW); if ($comment->getIsRemoved() && $actor->getIsAdmin()) { // NOTE: Administrators can remove comments by any user, and don't need // to pass the edit check. } else { PhabricatorPolicyFilter::requireCapability( $actor, $xaction, PhabricatorPolicyCapability::CAN_EDIT); - PhabricatorPolicyFilter::requireCapability( + + PhabricatorPolicyFilter::requireCanInteract( $actor, - $xaction->getObject(), - PhabricatorPolicyCapability::CAN_INTERACT); + $xaction->getObject()); } } private function applyMFAChecks( PhabricatorApplicationTransaction $xaction, PhabricatorApplicationTransactionComment $comment) { $actor = $this->requireActor(); // We don't do any MFA checks here when you're creating a comment for the // first time (the parent editor handles them for us), so we can just bail // out if this is the creation flow. if ($this->getIsNewComment()) { return; } $request = $this->getRequest(); if (!$request) { throw new PhutilInvalidStateException('setRequest'); } $cancel_uri = $this->getCancelURI(); if (!strlen($cancel_uri)) { throw new PhutilInvalidStateException('setCancelURI'); } // If you're deleting a comment, we try to prompt you for MFA if you have // it configured, but do not require that you have it configured. In most // cases, this is administrators removing content. // See PHI1173. If you're editing a comment you authored and the original // comment was signed with MFA, you MUST have MFA on your account and you // MUST sign the edit with MFA. Otherwise, we can end up with an MFA badge // on different content than what was signed. $want_mfa = false; $need_mfa = false; if ($comment->getIsRemoved()) { // Try to prompt on removal. $want_mfa = true; } if ($xaction->getIsMFATransaction()) { if ($actor->getPHID() === $xaction->getAuthorPHID()) { // Strictly require MFA if the original transaction was signed and // you're the author. $want_mfa = true; $need_mfa = true; } } if (!$want_mfa) { return; } if ($need_mfa) { $factors = id(new PhabricatorAuthFactorConfigQuery()) ->setViewer($actor) ->withUserPHIDs(array($this->getActingAsPHID())) ->withFactorProviderStatuses( array( PhabricatorAuthFactorProviderStatus::STATUS_ACTIVE, PhabricatorAuthFactorProviderStatus::STATUS_DEPRECATED, )) ->execute(); if (!$factors) { $error = new PhabricatorApplicationTransactionValidationError( $xaction->getTransactionType(), pht('No MFA'), pht( 'This comment was signed with MFA, so edits to it must also be '. 'signed with MFA. You do not have any MFA factors attached to '. 'your account, so you can not sign this edit. Add MFA to your '. 'account in Settings.'), $xaction); throw new PhabricatorApplicationTransactionValidationException( array( $error, )); } } $workflow_key = sprintf( 'comment.edit(%s, %d)', $xaction->getPHID(), $xaction->getComment()->getID()); $hisec_token = id(new PhabricatorAuthSessionEngine()) ->setWorkflowKey($workflow_key) ->requireHighSecurityToken($actor, $request, $cancel_uri); } } diff --git a/src/applications/transactions/view/PhabricatorApplicationTransactionView.php b/src/applications/transactions/view/PhabricatorApplicationTransactionView.php index 7a24bf8ff8..209b6baf64 100644 --- a/src/applications/transactions/view/PhabricatorApplicationTransactionView.php +++ b/src/applications/transactions/view/PhabricatorApplicationTransactionView.php @@ -1,549 +1,548 @@ renderAsFeed = $feed; return $this; } public function setQuoteRef($quote_ref) { $this->quoteRef = $quote_ref; return $this; } public function getQuoteRef() { return $this->quoteRef; } public function setQuoteTargetID($quote_target_id) { $this->quoteTargetID = $quote_target_id; return $this; } public function getQuoteTargetID() { return $this->quoteTargetID; } public function setObjectPHID($object_phid) { $this->objectPHID = $object_phid; return $this; } public function getObjectPHID() { return $this->objectPHID; } public function setIsPreview($is_preview) { $this->isPreview = $is_preview; return $this; } public function getIsPreview() { return $this->isPreview; } public function setShowEditActions($show_edit_actions) { $this->showEditActions = $show_edit_actions; return $this; } public function getShowEditActions() { return $this->showEditActions; } public function setMarkupEngine(PhabricatorMarkupEngine $engine) { $this->engine = $engine; return $this; } public function setTransactions(array $transactions) { assert_instances_of($transactions, 'PhabricatorApplicationTransaction'); $this->transactions = $transactions; return $this; } public function getTransactions() { return $this->transactions; } public function setShouldTerminate($term) { $this->shouldTerminate = $term; return $this; } public function setPager(AphrontCursorPagerView $pager) { $this->pager = $pager; return $this; } public function getPager() { return $this->pager; } public function setHideCommentOptions($hide_comment_options) { $this->hideCommentOptions = $hide_comment_options; return $this; } public function getHideCommentOptions() { return $this->hideCommentOptions; } public function setViewData(array $view_data) { $this->viewData = $view_data; return $this; } public function getViewData() { return $this->viewData; } public function buildEvents($with_hiding = false) { $user = $this->getUser(); $xactions = $this->transactions; $xactions = $this->filterHiddenTransactions($xactions); $xactions = $this->groupRelatedTransactions($xactions); $groups = $this->groupDisplayTransactions($xactions); // If the viewer has interacted with this object, we hide things from // before their most recent interaction by default. This tends to make // very long threads much more manageable, because you don't have to // scroll through a lot of history and can focus on just new stuff. $show_group = null; if ($with_hiding) { // Find the most recent comment by the viewer. $group_keys = array_keys($groups); $group_keys = array_reverse($group_keys); // If we would only hide a small number of transactions, don't hide // anything. Just don't examine the last few keys. Also, we always // want to show the most recent pieces of activity, so don't examine // the first few keys either. $group_keys = array_slice($group_keys, 2, -2); $type_comment = PhabricatorTransactions::TYPE_COMMENT; foreach ($group_keys as $group_key) { $group = $groups[$group_key]; foreach ($group as $xaction) { if ($xaction->getAuthorPHID() == $user->getPHID() && $xaction->getTransactionType() == $type_comment) { // This is the most recent group where the user commented. $show_group = $group_key; break 2; } } } } $events = array(); $hide_by_default = ($show_group !== null); $set_next_page_id = false; foreach ($groups as $group_key => $group) { if ($hide_by_default && ($show_group === $group_key)) { $hide_by_default = false; $set_next_page_id = true; } $group_event = null; foreach ($group as $xaction) { $event = $this->renderEvent($xaction, $group); $event->setHideByDefault($hide_by_default); if (!$group_event) { $group_event = $event; } else { $group_event->addEventToGroup($event); } if ($set_next_page_id) { $set_next_page_id = false; $pager = $this->getPager(); if ($pager) { $pager->setNextPageID($xaction->getID()); } } } $events[] = $group_event; } return $events; } public function render() { if (!$this->getObjectPHID()) { throw new PhutilInvalidStateException('setObjectPHID'); } $view = $this->buildPHUITimelineView(); if ($this->getShowEditActions()) { Javelin::initBehavior('phabricator-transaction-list'); } return $view->render(); } public function buildPHUITimelineView($with_hiding = true) { if (!$this->getObjectPHID()) { throw new PhutilInvalidStateException('setObjectPHID'); } $view = id(new PHUITimelineView()) ->setViewer($this->getViewer()) ->setShouldTerminate($this->shouldTerminate) ->setQuoteTargetID($this->getQuoteTargetID()) ->setQuoteRef($this->getQuoteRef()) ->setViewData($this->getViewData()); $events = $this->buildEvents($with_hiding); foreach ($events as $event) { $view->addEvent($event); } if ($this->getPager()) { $view->setPager($this->getPager()); } return $view; } public function isTimelineEmpty() { return !count($this->buildEvents(true)); } protected function getOrBuildEngine() { if (!$this->engine) { $field = PhabricatorApplicationTransactionComment::MARKUP_FIELD_COMMENT; $engine = id(new PhabricatorMarkupEngine()) ->setViewer($this->getViewer()); foreach ($this->transactions as $xaction) { if (!$xaction->hasComment()) { continue; } $engine->addObject($xaction->getComment(), $field); } $engine->process(); $this->engine = $engine; } return $this->engine; } private function buildChangeDetailsLink( PhabricatorApplicationTransaction $xaction) { return javelin_tag( 'a', array( 'href' => $xaction->getChangeDetailsURI(), 'sigil' => 'workflow', ), pht('(Show Details)')); } private function buildExtraInformationLink( PhabricatorApplicationTransaction $xaction) { $link = $xaction->renderExtraInformationLink(); if (!$link) { return null; } return phutil_tag( 'span', array( 'class' => 'phui-timeline-extra-information', ), array(" \xC2\xB7 ", $link)); } protected function shouldGroupTransactions( PhabricatorApplicationTransaction $u, PhabricatorApplicationTransaction $v) { return false; } protected function renderTransactionContent( PhabricatorApplicationTransaction $xaction) { $field = PhabricatorApplicationTransactionComment::MARKUP_FIELD_COMMENT; $engine = $this->getOrBuildEngine(); $comment = $xaction->getComment(); if ($comment) { if ($comment->getIsRemoved()) { return javelin_tag( 'span', array( 'class' => 'comment-deleted', 'sigil' => 'transaction-comment', 'meta' => array('phid' => $comment->getTransactionPHID()), ), pht( 'This comment was removed by %s.', $xaction->getHandle($comment->getAuthorPHID())->renderLink())); } else if ($comment->getIsDeleted()) { return javelin_tag( 'span', array( 'class' => 'comment-deleted', 'sigil' => 'transaction-comment', 'meta' => array('phid' => $comment->getTransactionPHID()), ), pht('This comment has been deleted.')); } else if ($xaction->hasComment()) { return javelin_tag( 'span', array( 'class' => 'transaction-comment', 'sigil' => 'transaction-comment', 'meta' => array('phid' => $comment->getTransactionPHID()), ), $engine->getOutput($comment, $field)); } else { // This is an empty, non-deleted comment. Usually this happens when // rendering previews. return null; } } return null; } private function filterHiddenTransactions(array $xactions) { foreach ($xactions as $key => $xaction) { if ($xaction->shouldHide()) { unset($xactions[$key]); } } return $xactions; } private function groupRelatedTransactions(array $xactions) { $last = null; $last_key = null; $groups = array(); foreach ($xactions as $key => $xaction) { if ($last && $this->shouldGroupTransactions($last, $xaction)) { $groups[$last_key][] = $xaction; unset($xactions[$key]); } else { $last = $xaction; $last_key = $key; } } foreach ($xactions as $key => $xaction) { $xaction->attachTransactionGroup(idx($groups, $key, array())); } return $xactions; } private function groupDisplayTransactions(array $xactions) { $groups = array(); $group = array(); foreach ($xactions as $xaction) { if ($xaction->shouldDisplayGroupWith($group)) { $group[] = $xaction; } else { if ($group) { $groups[] = $group; } $group = array($xaction); } } if ($group) { $groups[] = $group; } foreach ($groups as $key => $group) { $results = array(); // Sort transactions within the group by action strength, then by // chronological order. This makes sure that multiple actions of the // same type (like a close, then a reopen) render in the order they // were performed. $strength_groups = mgroup($group, 'getActionStrength'); krsort($strength_groups); foreach ($strength_groups as $strength_group) { foreach (msort($strength_group, 'getID') as $xaction) { $results[] = $xaction; } } $groups[$key] = $results; } return $groups; } private function renderEvent( PhabricatorApplicationTransaction $xaction, array $group) { $viewer = $this->getViewer(); $event = id(new PHUITimelineEventView()) ->setViewer($viewer) ->setAuthorPHID($xaction->getAuthorPHID()) ->setTransactionPHID($xaction->getPHID()) ->setUserHandle($xaction->getHandle($xaction->getAuthorPHID())) ->setIcon($xaction->getIcon()) ->setColor($xaction->getColor()) ->setHideCommentOptions($this->getHideCommentOptions()) ->setIsSilent($xaction->getIsSilentTransaction()) ->setIsMFA($xaction->getIsMFATransaction()) ->setIsLockOverride($xaction->getIsLockOverrideTransaction()); list($token, $token_removed) = $xaction->getToken(); if ($token) { $event->setToken($token, $token_removed); } if (!$this->shouldSuppressTitle($xaction, $group)) { if ($this->renderAsFeed) { $title = $xaction->getTitleForFeed(); } else { $title = $xaction->getTitle(); } if ($xaction->hasChangeDetails()) { if (!$this->isPreview) { $details = $this->buildChangeDetailsLink($xaction); $title = array( $title, ' ', $details, ); } } if (!$this->isPreview) { $more = $this->buildExtraInformationLink($xaction); if ($more) { $title = array($title, ' ', $more); } } $event->setTitle($title); } if ($this->isPreview) { $event->setIsPreview(true); } else { $event ->setDateCreated($xaction->getDateCreated()) ->setContentSource($xaction->getContentSource()) ->setAnchor($xaction->getID()); } $transaction_type = $xaction->getTransactionType(); $comment_type = PhabricatorTransactions::TYPE_COMMENT; $is_normal_comment = ($transaction_type == $comment_type); if ($this->getShowEditActions() && !$this->isPreview && $is_normal_comment) { $has_deleted_comment = $xaction->getComment() && $xaction->getComment()->getIsDeleted(); $has_removed_comment = $xaction->getComment() && $xaction->getComment()->getIsRemoved(); if ($xaction->getCommentVersion() > 1 && !$has_removed_comment) { $event->setIsEdited(true); } if (!$has_removed_comment) { $event->setIsNormalComment(true); } // If we have a place for quoted text to go and this is a quotable // comment, pass the quote target ID to the event view. if ($this->getQuoteTargetID()) { if ($xaction->hasComment()) { if (!$has_removed_comment && !$has_deleted_comment) { $event->setQuoteTargetID($this->getQuoteTargetID()); $event->setQuoteRef($this->getQuoteRef()); } } } $can_edit = PhabricatorPolicyCapability::CAN_EDIT; if ($xaction->hasComment() || $has_deleted_comment) { $has_edit_capability = PhabricatorPolicyFilter::hasCapability( $viewer, $xaction, $can_edit); if ($has_edit_capability && !$has_removed_comment) { $event->setIsEditable(true); } if ($has_edit_capability || $viewer->getIsAdmin()) { if (!$has_removed_comment) { $event->setIsRemovable(true); } } } - $can_interact = PhabricatorPolicyFilter::hasCapability( + $can_interact = PhabricatorPolicyFilter::canInteract( $viewer, - $xaction->getObject(), - PhabricatorPolicyCapability::CAN_INTERACT); + $xaction->getObject()); $event->setCanInteract($can_interact); } $comment = $this->renderTransactionContent($xaction); if ($comment) { $event->appendChild($comment); } return $event; } private function shouldSuppressTitle( PhabricatorApplicationTransaction $xaction, array $group) { // This is a little hard-coded, but we don't have any other reasonable // cases for now. Suppress "commented on" if there are other actions in // the display group. if (count($group) > 1) { $type_comment = PhabricatorTransactions::TYPE_COMMENT; if ($xaction->getTransactionType() == $type_comment) { return true; } } return false; } }