public function renderView()
{
$view = $this->newStoryView();
$handle = $this->getHandle($this->getPrimaryObjectPHID());
$view->setHref($handle->getURI());
$type = phid_get_type($handle->getPHID());
$phid_types = PhabricatorPHIDType::getAllTypes();
$icon = null;
if (!empty($phid_types[$type])) {
$phid_type = $phid_types[$type];
$class = $phid_type->getPHIDTypeApplicationClass();
if ($class) {
$application = PhabricatorApplication::getByClass($class);
$icon = $application->getIcon();
}
}
$view->setAppIcon($icon);
$xaction_phids = $this->getValue('transactionPHIDs');
$xaction = $this->getPrimaryTransaction();
$xaction->setHandles($this->getHandles());
$view->setTitle($xaction->getTitleForFeed());
foreach ($xaction_phids as $xaction_phid) {
$secondary_xaction = $this->getObject($xaction_phid);
$secondary_xaction->setHandles($this->getHandles());
$body = $secondary_xaction->getBodyForFeed($this);
if (nonempty($body)) {
$view->appendChild($body);
}
}
$view->setImage($this->getHandle($xaction->getAuthorPHID())->getImageURI());
return $view;
}
public function getRoutingMaps()
{
$app = PhabricatorApplication::getByClass('PhabricatorPhameApplication');
$maps = array();
$maps[] = $this->newRoutingMap()->setApplication($app)->setRoutes($app->getBlogRoutes());
return $maps;
}
public function buildNav()
{
$user = $this->getRequest()->getUser();
$nav = new AphrontSideNavFilterView();
$nav->setBaseURI(new PhutilURI('/'));
$applications = id(new PhabricatorApplicationQuery())->setViewer($user)->withInstalled(true)->withUnlisted(false)->withLaunchable(true)->execute();
$pinned = $user->loadPreferences()->getPinnedApplications($applications, $user);
// Force "Applications" to appear at the bottom.
$meta_app = 'PhabricatorApplicationsApplication';
$pinned = array_fuse($pinned);
unset($pinned[$meta_app]);
$pinned[$meta_app] = $meta_app;
$applications[$meta_app] = PhabricatorApplication::getByClass($meta_app);
$tiles = array();
$home_app = new PhabricatorHomeApplication();
$tiles[] = id(new PhabricatorApplicationLaunchView())->setApplication($home_app)->setApplicationStatus($home_app->loadStatus($user))->addClass('phabricator-application-launch-phone-only')->setUser($user);
foreach ($pinned as $pinned_application) {
if (empty($applications[$pinned_application])) {
continue;
}
$application = $applications[$pinned_application];
$tile = id(new PhabricatorApplicationLaunchView())->setApplication($application)->setApplicationStatus($application->loadStatus($user))->setUser($user);
$tiles[] = $tile;
}
$nav->addCustomBlock(phutil_tag('div', array('class' => 'application-tile-group'), $tiles));
$nav->addFilter('', pht('Customize Applications...'), '/settings/panel/home/');
$nav->addClass('phabricator-side-menu-home');
$nav->selectFilter(null);
return $nav;
}
public function renderModuleStatus(AphrontRequest $request)
{
$viewer = $request->getViewer();
$types = PhabricatorPHIDType::getAllTypes();
$types = msort($types, 'getTypeConstant');
$rows = array();
foreach ($types as $key => $type) {
$class_name = $type->getPHIDTypeApplicationClass();
if ($class_name !== null) {
$app = PhabricatorApplication::getByClass($class_name);
$app_name = $app->getName();
$icon = $app->getFontIcon();
if ($icon) {
$app_icon = id(new PHUIIconView())->setIcon($icon);
} else {
$app_icon = null;
}
} else {
$app_name = null;
$app_icon = null;
}
$icon = $type->getTypeIcon();
if ($icon) {
$type_icon = id(new PHUIIconView())->setIcon($icon);
} else {
$type_icon = null;
}
$rows[] = array($type->getTypeConstant(), get_class($type), $app_icon, $app_name, $type_icon, $type->getTypeName());
}
$table = id(new AphrontTableView($rows))->setHeaders(array(pht('Constant'), pht('Class'), null, pht('Application'), null, pht('Name')))->setColumnClasses(array(null, 'pri', 'icon', null, 'icon', 'wide'));
return id(new PHUIObjectBoxView())->setHeaderText(pht('PHID Types'))->setTable($table);
}
public function handleRequestException(AphrontRequest $request, Exception $ex)
{
$viewer = $this->getViewer($request);
if (!$viewer->isLoggedIn()) {
// If the user isn't logged in, just give them a login form. This is
// probably a generally more useful response than a policy dialog that
// they have to click through to get a login form.
//
// Possibly we should add a header here like "you need to login to see
// the thing you are trying to look at".
$auth_app_class = 'PhabricatorAuthApplication';
$auth_app = PhabricatorApplication::getByClass($auth_app_class);
return id(new PhabricatorAuthStartController())->setRequest($request)->setCurrentApplication($auth_app)->handleRequest($request);
}
$content = array(phutil_tag('div', array('class' => 'aphront-policy-rejection'), $ex->getRejection()));
$list = null;
if ($ex->getCapabilityName()) {
$list = $ex->getMoreInfo();
foreach ($list as $key => $item) {
$list[$key] = $item;
}
$content[] = phutil_tag('div', array('class' => 'aphront-capability-details'), pht('Users with the "%s" capability:', $ex->getCapabilityName()));
}
$dialog = id(new AphrontDialogView())->setTitle($ex->getTitle())->setClass('aphront-access-dialog')->setUser($viewer)->appendChild($content);
if ($list) {
$dialog->appendList($list);
}
if ($request->isAjax()) {
$dialog->addCancelButton('/', pht('Close'));
} else {
$dialog->addCancelButton('/', pht('OK'));
}
return $dialog;
}
public function processRequest()
{
$request = $this->getRequest();
$user = $request->getUser();
$selected = PhabricatorApplication::getByClass($this->application);
if (!$selected) {
return new Aphront404Response();
}
$view_uri = $this->getApplicationURI('view/' . $this->application);
$beta_enabled = PhabricatorEnv::getEnvConfig('phabricator.show-beta-applications');
$dialog = id(new AphrontDialogView())->setUser($user)->addCancelButton($view_uri);
if ($selected->isBeta() && !$beta_enabled) {
$dialog->setTitle(pht('Beta Applications Not Enabled'))->appendChild(pht('To manage beta applications, enable them by setting %s in your ' . 'Phabricator configuration.', phutil_tag('tt', array(), 'phabricator.show-beta-applications')));
return id(new AphrontDialogResponse())->setDialog($dialog);
}
if ($request->isDialogFormPost()) {
$this->manageApplication();
return id(new AphrontRedirectResponse())->setURI($view_uri);
}
if ($this->action == 'install') {
if ($selected->canUninstall()) {
$dialog->setTitle('Confirmation')->appendChild('Install ' . $selected->getName() . ' application?')->addSubmitButton('Install');
} else {
$dialog->setTitle('Information')->appendChild('You cannot install an installed application.');
}
} else {
if ($selected->canUninstall()) {
$dialog->setTitle('Confirmation')->appendChild('Really Uninstall ' . $selected->getName() . ' application?')->addSubmitButton('Uninstall');
} else {
$dialog->setTitle('Information')->appendChild('This application cannot be uninstalled,
because it is required for Phabricator to work.');
}
}
return id(new AphrontDialogResponse())->setDialog($dialog);
}
public function testControllerAccessControls()
{
$root = dirname(phutil_get_library_root('phabricator'));
require_once $root . '/support/PhabricatorStartup.php';
$application_configuration = new AphrontDefaultApplicationConfiguration();
$host = 'meow.example.com';
$_SERVER['REQUEST_METHOD'] = 'GET';
$request = id(new AphrontRequest($host, '/'))->setApplicationConfiguration($application_configuration)->setRequestData(array());
$controller = new PhabricatorTestController();
$controller->setRequest($request);
$u_public = id(new PhabricatorUser())->setUsername('public');
$u_unverified = $this->generateNewTestUser()->setUsername('unverified')->save();
$u_unverified->setIsEmailVerified(0)->save();
$u_normal = $this->generateNewTestUser()->setUsername('normal')->save();
$u_disabled = $this->generateNewTestUser()->setIsDisabled(true)->setUsername('disabled')->save();
$u_admin = $this->generateNewTestUser()->setIsAdmin(true)->setUsername('admin')->save();
$u_notapproved = $this->generateNewTestUser()->setIsApproved(0)->setUsername('notapproved')->save();
$env = PhabricatorEnv::beginScopedEnv();
$env->overrideEnvConfig('phabricator.base-uri', 'http://' . $host);
$env->overrideEnvConfig('policy.allow-public', false);
$env->overrideEnvConfig('auth.require-email-verification', false);
$env->overrideEnvConfig('auth.email-domains', array());
$env->overrideEnvConfig('security.require-multi-factor-auth', false);
// Test standard defaults.
$this->checkAccess(pht('Default'), id(clone $controller), $request, array($u_normal, $u_admin, $u_unverified), array($u_public, $u_disabled, $u_notapproved));
// Test email verification.
$env->overrideEnvConfig('auth.require-email-verification', true);
$this->checkAccess(pht('Email Verification Required'), id(clone $controller), $request, array($u_normal, $u_admin), array($u_unverified, $u_public, $u_disabled, $u_notapproved));
$this->checkAccess(pht('Email Verification Required, With Exception'), id(clone $controller)->setConfig('email', false), $request, array($u_normal, $u_admin, $u_unverified), array($u_public, $u_disabled, $u_notapproved));
$env->overrideEnvConfig('auth.require-email-verification', false);
// Test admin access.
$this->checkAccess(pht('Admin Required'), id(clone $controller)->setConfig('admin', true), $request, array($u_admin), array($u_normal, $u_unverified, $u_public, $u_disabled, $u_notapproved));
// Test disabled access.
$this->checkAccess(pht('Allow Disabled'), id(clone $controller)->setConfig('enabled', false), $request, array($u_normal, $u_unverified, $u_admin, $u_disabled, $u_notapproved), array($u_public));
// Test no login required.
$this->checkAccess(pht('No Login Required'), id(clone $controller)->setConfig('login', false), $request, array($u_normal, $u_unverified, $u_admin, $u_public), array($u_disabled, $u_notapproved));
// Test public access.
$this->checkAccess(pht('Public Access'), id(clone $controller)->setConfig('public', true), $request, array($u_normal, $u_unverified, $u_admin), array($u_disabled, $u_public));
$env->overrideEnvConfig('policy.allow-public', true);
$this->checkAccess(pht('Public + configured'), id(clone $controller)->setConfig('public', true), $request, array($u_normal, $u_unverified, $u_admin, $u_public), array($u_disabled, $u_notapproved));
$env->overrideEnvConfig('policy.allow-public', false);
$app = PhabricatorApplication::getByClass('PhabricatorTestApplication');
$app->reset();
$app->setPolicy(PhabricatorPolicyCapability::CAN_VIEW, PhabricatorPolicies::POLICY_NOONE);
$app_controller = id(clone $controller)->setCurrentApplication($app);
$this->checkAccess(pht('Application Controller'), $app_controller, $request, array(), array($u_normal, $u_unverified, $u_admin, $u_public, $u_disabled, $u_notapproved));
$this->checkAccess(pht('Application Controller'), id(clone $app_controller)->setConfig('login', false), $request, array($u_normal, $u_unverified, $u_admin, $u_public), array($u_disabled, $u_notapproved));
}
private function buildResults()
{
$viewer = $this->getViewer();
$types = PhabricatorSearchApplicationSearchEngine::getIndexableDocumentTypes($viewer);
$phid_types = mpull(PhabricatorPHIDType::getAllTypes(), null, 'getTypeConstant');
$results = array();
foreach ($types as $type => $name) {
$type_object = idx($phid_types, $type);
if (!$type_object) {
continue;
}
$application_class = $type_object->getPHIDTypeApplicationClass();
$application = PhabricatorApplication::getByClass($application_class);
$application_name = $application->getName();
$results[$type] = id(new PhabricatorTypeaheadResult())->setPHID($type)->setName($name)->addAttribute($application_name)->setIcon($type_object->getTypeIcon());
}
return $results;
}
public function processRequest()
{
$request = $this->getRequest();
$user = $request->getUser();
$selected = PhabricatorApplication::getByClass($this->application);
if (!$selected) {
return new Aphront404Response();
}
$view_uri = $this->getApplicationURI('view/' . $this->application);
$prototypes_enabled = PhabricatorEnv::getEnvConfig('phabricator.show-prototypes');
$dialog = id(new AphrontDialogView())->setUser($user)->addCancelButton($view_uri);
if ($selected->isPrototype() && !$prototypes_enabled) {
$dialog->setTitle(pht('Prototypes Not Enabled'))->appendChild(pht('To manage prototypes, enable them by setting %s in your ' . 'Phabricator configuration.', phutil_tag('tt', array(), 'phabricator.show-prototypes')));
return id(new AphrontDialogResponse())->setDialog($dialog);
}
if ($request->isDialogFormPost()) {
$this->manageApplication();
return id(new AphrontRedirectResponse())->setURI($view_uri);
}
if ($this->action == 'install') {
if ($selected->canUninstall()) {
$dialog->setTitle(pht('Confirmation'))->appendChild(pht('Install %s application?', $selected->getName()))->addSubmitButton(pht('Install'));
} else {
$dialog->setTitle(pht('Information'))->appendChild(pht('You cannot install an installed application.'));
}
} else {
if ($selected->canUninstall()) {
$dialog->setTitle(pht('Really Uninstall Application?'));
if ($selected instanceof PhabricatorHomeApplication) {
$dialog->appendParagraph(pht('Are you absolutely certain you want to uninstall the Home ' . 'application?'))->appendParagraph(pht('This is very unusual and will leave you without any ' . 'content on the Phabricator home page. You should only ' . 'do this if you are certain you know what you are doing.'))->addSubmitButton(pht('Completely Break Phabricator'));
} else {
$dialog->appendParagraph(pht('Really uninstall the %s application?', $selected->getName()))->addSubmitButton(pht('Uninstall'));
}
} else {
$dialog->setTitle(pht('Information'))->appendChild(pht('This application cannot be uninstalled, ' . 'because it is required for Phabricator to work.'));
}
}
return id(new AphrontDialogResponse())->setDialog($dialog);
}
public function getPolicy($capability)
{
if ($capability == PhabricatorPolicyCapability::CAN_VIEW) {
return PhabricatorPolicies::getMostOpenPolicy();
}
if ($this->isGlobalRule()) {
$app = 'PhabricatorHeraldApplication';
$herald = PhabricatorApplication::getByClass($app);
$global = HeraldManageGlobalRulesCapability::CAPABILITY;
return $herald->getPolicy($global);
} else {
if ($this->isObjectRule()) {
return $this->getTriggerObject()->getPolicy($capability);
} else {
return $this->getAuthorPHID();
}
}
}
public final function getApplication()
{
$app_class = $this->getEngineApplicationClass();
return PhabricatorApplication::getByClass($app_class);
}
public final function getApplication()
{
return PhabricatorApplication::getByClass('PhabricatorOwnersApplication');
}
public final function getApplication()
{
return PhabricatorApplication::getByClass('PhabricatorPhrequentApplication');
}
<?php
$app = PhabricatorApplication::getByClass('PhabricatorProjectApplication');
$view_policy = $app->getPolicy(ProjectDefaultViewCapability::CAPABILITY);
$edit_policy = $app->getPolicy(ProjectDefaultEditCapability::CAPABILITY);
$join_policy = $app->getPolicy(ProjectDefaultJoinCapability::CAPABILITY);
$table = new PhabricatorProject();
$conn_w = $table->establishConnection('w');
queryfx($conn_w, 'UPDATE %T SET viewPolicy = %s WHERE viewPolicy IS NULL', $table->getTableName(), $view_policy);
queryfx($conn_w, 'UPDATE %T SET editPolicy = %s WHERE editPolicy IS NULL', $table->getTableName(), $edit_policy);
queryfx($conn_w, 'UPDATE %T SET joinPolicy = %s WHERE joinPolicy IS NULL', $table->getTableName(), $join_policy);
public final function getApplication()
{
return PhabricatorApplication::getByClass('PhabricatorManiphestApplication');
}
public function testAllQueriesBelongToActualApplications()
{
$queries = id(new PhutilClassMapQuery())->setAncestorClass('PhabricatorPolicyAwareQuery')->execute();
foreach ($queries as $qclass => $query) {
$class = $query->getQueryApplicationClass();
if (!$class) {
continue;
}
$this->assertTrue((bool) PhabricatorApplication::getByClass($class), pht("Application class '%s' for query '%s'.", $class, $qclass));
}
}
public final function getApplication()
{
return PhabricatorApplication::getByClass('PhabricatorDifferentialApplication');
}
public final function getApplication()
{
return PhabricatorApplication::getByClass('PhabricatorSlowvoteApplication');
}
public function getApplication()
{
$engine = $this->newSearchEngine();
$class = $engine->getApplicationClassName();
return PhabricatorApplication::getByClass($class);
}
public function getPolicy($capability)
{
switch ($capability) {
case PhabricatorPolicyCapability::CAN_VIEW:
return $this->getQuestion()->getPolicy($capability);
case PhabricatorPolicyCapability::CAN_EDIT:
$app = PhabricatorApplication::getByClass('PhabricatorPonderApplication');
return $app->getPolicy(PonderModerateCapability::CAPABILITY);
}
}
public final function getApplication()
{
return PhabricatorApplication::getByClass('PhabricatorConpherenceApplication');
}
private function buildColumnMenu(PhabricatorProject $project, PhabricatorProjectColumn $column)
{
$request = $this->getRequest();
$viewer = $request->getViewer();
$can_edit = PhabricatorPolicyFilter::hasCapability($viewer, $project, PhabricatorPolicyCapability::CAN_EDIT);
$column_items = array();
$column_items[] = id(new PhabricatorActionView())->setIcon('fa-plus')->setName(pht('Create Task...'))->setHref('/maniphest/task/create/')->addSigil('column-add-task')->setMetadata(array('columnPHID' => $column->getPHID()))->setDisabled(!$can_edit);
$batch_edit_uri = $request->getRequestURI();
$batch_edit_uri->setQueryParam('batch', $column->getID());
$can_batch_edit = PhabricatorPolicyFilter::hasCapability($viewer, PhabricatorApplication::getByClass('PhabricatorManiphestApplication'), ManiphestBulkEditCapability::CAPABILITY);
$column_items[] = id(new PhabricatorActionView())->setIcon('fa-list-ul')->setName(pht('Batch Edit Tasks...'))->setHref($batch_edit_uri)->setDisabled(!$can_batch_edit);
$edit_uri = $this->getApplicationURI('board/' . $this->id . '/column/' . $column->getID() . '/');
$column_items[] = id(new PhabricatorActionView())->setIcon('fa-pencil')->setName(pht('Edit Column'))->setHref($edit_uri)->setDisabled(!$can_edit)->setWorkflow(!$can_edit);
$can_hide = $can_edit && !$column->isDefaultColumn();
$hide_uri = 'board/' . $this->id . '/hide/' . $column->getID() . '/';
$hide_uri = $this->getApplicationURI($hide_uri);
$hide_uri = $this->getURIWithState($hide_uri);
if (!$column->isHidden()) {
$column_items[] = id(new PhabricatorActionView())->setName(pht('Hide Column'))->setIcon('fa-eye-slash')->setHref($hide_uri)->setDisabled(!$can_hide)->setWorkflow(true);
} else {
$column_items[] = id(new PhabricatorActionView())->setName(pht('Show Column'))->setIcon('fa-eye')->setHref($hide_uri)->setDisabled(!$can_hide)->setWorkflow(true);
}
$column_menu = id(new PhabricatorActionListView())->setUser($viewer);
foreach ($column_items as $item) {
$column_menu->addAction($item);
}
$column_button = id(new PHUIIconView())->setIconFont('fa-caret-down')->setHref('#')->addSigil('boards-dropdown-menu')->setMetadata(array('items' => hsprintf('%s', $column_menu)));
return $column_button;
}
public function getPolicy($capability)
{
if ($this->isGlobalRule()) {
switch ($capability) {
case PhabricatorPolicyCapability::CAN_VIEW:
return PhabricatorPolicies::POLICY_USER;
case PhabricatorPolicyCapability::CAN_EDIT:
$app = 'PhabricatorHeraldApplication';
$herald = PhabricatorApplication::getByClass($app);
$global = HeraldManageGlobalRulesCapability::CAPABILITY;
return $herald->getPolicy($global);
}
} else {
if ($this->isObjectRule()) {
return $this->getTriggerObject()->getPolicy($capability);
} else {
return PhabricatorPolicies::POLICY_NOONE;
}
}
}
public function getStartURI()
{
$app = PhabricatorApplication::getByClass('PhabricatorAuthApplication');
$uri = $app->getApplicationURI('/start/');
return $uri;
}
public function willBeginExecution()
{
$request = $this->getRequest();
if ($request->getUser()) {
// NOTE: Unit tests can set a user explicitly. Normal requests are not
// permitted to do this.
PhabricatorTestCase::assertExecutingUnitTests();
$user = $request->getUser();
} else {
$user = new PhabricatorUser();
$session_engine = new PhabricatorAuthSessionEngine();
$phsid = $request->getCookie(PhabricatorCookies::COOKIE_SESSION);
if (strlen($phsid)) {
$session_user = $session_engine->loadUserForSession(PhabricatorAuthSession::TYPE_WEB, $phsid);
if ($session_user) {
$user = $session_user;
}
} else {
// If the client doesn't have a session token, generate an anonymous
// session. This is used to provide CSRF protection to logged-out users.
$phsid = $session_engine->establishSession(PhabricatorAuthSession::TYPE_WEB, null, $partial = false);
// This may be a resource request, in which case we just don't set
// the cookie.
if ($request->canSetCookies()) {
$request->setCookie(PhabricatorCookies::COOKIE_SESSION, $phsid);
}
}
if (!$user->isLoggedIn()) {
$user->attachAlternateCSRFString(PhabricatorHash::digest($phsid));
}
$request->setUser($user);
}
PhabricatorEnv::setLocaleCode($user->getTranslation());
$preferences = $user->loadPreferences();
if (PhabricatorEnv::getEnvConfig('darkconsole.enabled')) {
$dark_console = PhabricatorUserPreferences::PREFERENCE_DARK_CONSOLE;
if ($preferences->getPreference($dark_console) || PhabricatorEnv::getEnvConfig('darkconsole.always-on')) {
$console = new DarkConsoleCore();
$request->getApplicationConfiguration()->setConsole($console);
}
}
// NOTE: We want to set up the user first so we can render a real page
// here, but fire this before any real logic.
$restricted = array('code');
foreach ($restricted as $parameter) {
if ($request->getExists($parameter)) {
if (!$this->shouldAllowRestrictedParameter($parameter)) {
throw new Exception(pht('Request includes restricted parameter "%s", but this ' . 'controller ("%s") does not whitelist it. Refusing to ' . 'serve this request because it might be part of a redirection ' . 'attack.', $parameter, get_class($this)));
}
}
}
if ($this->shouldRequireEnabledUser()) {
if ($user->isLoggedIn() && !$user->getIsApproved()) {
$controller = new PhabricatorAuthNeedsApprovalController();
return $this->delegateToController($controller);
}
if ($user->getIsDisabled()) {
$controller = new PhabricatorDisabledUserController();
return $this->delegateToController($controller);
}
}
$auth_class = 'PhabricatorAuthApplication';
$auth_application = PhabricatorApplication::getByClass($auth_class);
// Require partial sessions to finish login before doing anything.
if (!$this->shouldAllowPartialSessions()) {
if ($user->hasSession() && $user->getSession()->getIsPartial()) {
$login_controller = new PhabricatorAuthFinishController();
$this->setCurrentApplication($auth_application);
return $this->delegateToController($login_controller);
}
}
// Check if the user needs to configure MFA.
$need_mfa = $this->shouldRequireMultiFactorEnrollment();
$have_mfa = $user->getIsEnrolledInMultiFactor();
if ($need_mfa && !$have_mfa) {
// Check if the cache is just out of date. Otherwise, roadblock the user
// and require MFA enrollment.
$user->updateMultiFactorEnrollment();
if (!$user->getIsEnrolledInMultiFactor()) {
$mfa_controller = new PhabricatorAuthNeedsMultiFactorController();
$this->setCurrentApplication($auth_application);
return $this->delegateToController($mfa_controller);
}
}
if ($this->shouldRequireLogin()) {
// This actually means we need either:
// - a valid user, or a public controller; and
// - permission to see the application; and
// - permission to see at least one Space if spaces are configured.
$allow_public = $this->shouldAllowPublic() && PhabricatorEnv::getEnvConfig('policy.allow-public');
// If this controller isn't public, and the user isn't logged in, require
// login.
if (!$allow_public && !$user->isLoggedIn()) {
$login_controller = new PhabricatorAuthStartController();
$this->setCurrentApplication($auth_application);
return $this->delegateToController($login_controller);
}
if ($user->isLoggedIn()) {
if ($this->shouldRequireEmailVerification()) {
if (!$user->getIsEmailVerified()) {
$controller = new PhabricatorMustVerifyEmailController();
$this->setCurrentApplication($auth_application);
return $this->delegateToController($controller);
}
}
}
// If Spaces are configured, require that the user have access to at
// least one. If we don't do this, they'll get confusing error messages
// later on.
$spaces = PhabricatorSpacesNamespaceQuery::getSpacesExist();
if ($spaces) {
$viewer_spaces = PhabricatorSpacesNamespaceQuery::getViewerSpaces($user);
if (!$viewer_spaces) {
$controller = new PhabricatorSpacesNoAccessController();
return $this->delegateToController($controller);
}
}
// If the user doesn't have access to the application, don't let them use
// any of its controllers. We query the application in order to generate
// a policy exception if the viewer doesn't have permission.
$application = $this->getCurrentApplication();
if ($application) {
id(new PhabricatorApplicationQuery())->setViewer($user)->withPHIDs(array($application->getPHID()))->executeOne();
}
}
if (!$this->shouldAllowLegallyNonCompliantUsers()) {
$legalpad_class = 'PhabricatorLegalpadApplication';
$legalpad = id(new PhabricatorApplicationQuery())->setViewer($user)->withClasses(array($legalpad_class))->withInstalled(true)->execute();
$legalpad = head($legalpad);
$doc_query = id(new LegalpadDocumentQuery())->setViewer($user)->withSignatureRequired(1)->needViewerSignatures(true);
if ($user->hasSession() && !$user->getSession()->getIsPartial() && !$user->getSession()->getSignedLegalpadDocuments() && $user->isLoggedIn() && $legalpad) {
$sign_docs = $doc_query->execute();
$must_sign_docs = array();
foreach ($sign_docs as $sign_doc) {
if (!$sign_doc->getUserSignature($user->getPHID())) {
$must_sign_docs[] = $sign_doc;
}
}
if ($must_sign_docs) {
$controller = new LegalpadDocumentSignController();
$this->getRequest()->setURIMap(array('id' => head($must_sign_docs)->getID()));
$this->setCurrentApplication($legalpad);
return $this->delegateToController($controller);
} else {
$engine = id(new PhabricatorAuthSessionEngine())->signLegalpadDocuments($user, $sign_docs);
}
}
}
// NOTE: We do this last so that users get a login page instead of a 403
// if they need to login.
if ($this->shouldRequireAdmin() && !$user->getIsAdmin()) {
return new Aphront403Response();
}
}
public final function getApplication()
{
return PhabricatorApplication::getByClass('PhabricatorHarbormasterApplication');
}
private function buildQuicksandConfig()
{
$viewer = $this->getRequest()->getUser();
$controller = $this->getController();
$dropdown_query = id(new AphlictDropdownDataQuery())->setViewer($viewer);
$dropdown_query->execute();
$rendered_dropdowns = array();
$applications = array('PhabricatorHelpApplication');
foreach ($applications as $application_class) {
if (!PhabricatorApplication::isClassInstalledForViewer($application_class, $viewer)) {
continue;
}
$application = PhabricatorApplication::getByClass($application_class);
$rendered_dropdowns[$application_class] = $application->buildMainMenuExtraNodes($viewer, $controller);
}
$hisec_warning_config = $this->getHighSecurityWarningConfig();
$console_config = null;
$console = $this->getConsole();
if ($console) {
$console_config = $this->getConsoleConfig();
}
$upload_enabled = false;
if ($controller) {
$upload_enabled = $controller->isGlobalDragAndDropUploadEnabled();
}
$application_class = null;
$application_search_icon = null;
$controller = $this->getController();
if ($controller) {
$application = $controller->getCurrentApplication();
if ($application) {
$application_class = get_class($application);
if ($application->getApplicationSearchDocumentTypes()) {
$application_search_icon = $application->getIcon();
}
}
}
return array('title' => $this->getTitle(), 'aphlictDropdownData' => array($dropdown_query->getNotificationData(), $dropdown_query->getConpherenceData()), 'globalDragAndDrop' => $upload_enabled, 'aphlictDropdowns' => $rendered_dropdowns, 'hisecWarningConfig' => $hisec_warning_config, 'consoleConfig' => $console_config, 'applicationClass' => $application_class, 'applicationSearchIcon' => $application_search_icon) + $this->buildAphlictListenConfigData();
}
public function testAllQueriesBelongToActualApplications()
{
$queries = id(new PhutilSymbolLoader())->setAncestorClass('PhabricatorPolicyAwareQuery')->loadObjects();
foreach ($queries as $qclass => $query) {
$class = $query->getQueryApplicationClass();
if (!$class) {
continue;
}
$this->assertTrue((bool) PhabricatorApplication::getByClass($class), "Application class '{$class}' for query '{$qclass}'");
}
}
public final function getControllerURI($action, array $params = array(), $local = false)
{
$id = $this->getProviderConfig()->getID();
$app = PhabricatorApplication::getByClass('PhabricatorPhortuneApplication');
$path = $app->getBaseURI() . 'provider/' . $id . '/' . $action . '/';
$uri = new PhutilURI($path);
$uri->setQueryParams($params);
if ($local) {
return $uri;
} else {
return PhabricatorEnv::getURI((string) $uri);
}
}
public final function getApplication()
{
return PhabricatorApplication::getByClass('SprintApplication');
}
