private function buildProperties(PhabricatorProject $project)
 {
     $viewer = $this->getViewer();
     $view = id(new PHUIPropertyListView())->setUser($viewer)->setObject($project);
     if ($project->isMilestone()) {
         $icon_key = PhabricatorProjectIconSet::getMilestoneIconKey();
         $icon = PhabricatorProjectIconSet::getIconIcon($icon_key);
         $target = PhabricatorProjectIconSet::getIconName($icon_key);
         $note = pht('Members of the parent project are members of this project.');
         $show_join = false;
     } else {
         if ($project->getHasSubprojects()) {
             $icon = 'fa-sitemap';
             $target = pht('Parent Project');
             $note = pht('Members of all subprojects are members of this project.');
             $show_join = false;
         } else {
             if ($project->getIsMembershipLocked()) {
                 $icon = 'fa-lock';
                 $target = pht('Locked Project');
                 $note = pht('Users with access may join this project, but may not leave.');
                 $show_join = true;
             } else {
                 $icon = 'fa-briefcase';
                 $target = pht('Normal Project');
                 $note = pht('Users with access may join and leave this project.');
                 $show_join = true;
             }
         }
     }
     $item = id(new PHUIStatusItemView())->setIcon($icon)->setTarget(phutil_tag('strong', array(), $target))->setNote($note);
     $status = id(new PHUIStatusListView())->addItem($item);
     $view->addProperty(pht('Membership'), $status);
     if ($show_join) {
         $descriptions = PhabricatorPolicyQuery::renderPolicyDescriptions($viewer, $project);
         $view->addProperty(pht('Joinable By'), $descriptions[PhabricatorPolicyCapability::CAN_JOIN]);
     }
     $viewer_phid = $viewer->getPHID();
     if ($project->isUserWatcher($viewer_phid)) {
         $watch_item = id(new PHUIStatusItemView())->setIcon('fa-eye green')->setTarget(phutil_tag('strong', array(), pht('Watching')))->setNote(pht('You will receive mail about changes made to any related ' . 'object.'));
         $watch_status = id(new PHUIStatusListView())->addItem($watch_item);
         $view->addProperty(pht('Watching'), $watch_status);
     }
     if ($project->isUserMember($viewer_phid)) {
         $is_silenced = $this->isProjectSilenced($project);
         if ($is_silenced) {
             $mail_icon = 'fa-envelope-o grey';
             $mail_target = pht('Disabled');
             $mail_note = pht('When mail is sent to project members, you will not receive ' . 'a copy.');
         } else {
             $mail_icon = 'fa-envelope-o green';
             $mail_target = pht('Enabled');
             $mail_note = pht('You will receive mail that is sent to project members.');
         }
         $mail_item = id(new PHUIStatusItemView())->setIcon($mail_icon)->setTarget(phutil_tag('strong', array(), $mail_target))->setNote($mail_note);
         $mail_status = id(new PHUIStatusListView())->addItem($mail_item);
         $view->addProperty(pht('Mail to Members'), $mail_status);
     }
     return $view;
 }
 protected function getOptions()
 {
     $capability = $this->capability;
     $policies = $this->policies;
     // Exclude object policies which don't make sense here. This primarily
     // filters object policies associated from template capabilities (like
     // "Default Task View Policy" being set to "Task Author") so they aren't
     // made available on non-template capabilities (like "Can Bulk Edit").
     foreach ($policies as $key => $policy) {
         if ($policy->getType() != PhabricatorPolicyType::TYPE_OBJECT) {
             continue;
         }
         $rule = PhabricatorPolicyQuery::getObjectPolicyRule($policy->getPHID());
         if (!$rule) {
             continue;
         }
         $target = nonempty($this->templateObject, $this->object);
         if (!$rule->canApplyToObject($target)) {
             unset($policies[$key]);
             continue;
         }
     }
     $options = array();
     foreach ($policies as $policy) {
         if ($policy->getPHID() == PhabricatorPolicies::POLICY_PUBLIC) {
             // Never expose "Public" for capabilities which don't support it.
             $capobj = PhabricatorPolicyCapability::getCapabilityByKey($capability);
             if (!$capobj || !$capobj->shouldAllowPublicPolicySetting()) {
                 continue;
             }
         }
         $policy_short_name = id(new PhutilUTF8StringTruncator())->setMaximumGlyphs(28)->truncateString($policy->getName());
         $options[$policy->getType()][$policy->getPHID()] = array('name' => $policy_short_name, 'full' => $policy->getName(), 'icon' => $policy->getIcon());
     }
     // If we were passed several custom policy options, throw away the ones
     // which aren't the value for this capability. For example, an object might
     // have a custom view pollicy and a custom edit policy. When we render
     // the selector for "Can View", we don't want to show the "Can Edit"
     // custom policy -- if we did, the menu would look like this:
     //
     //   Custom
     //     Custom Policy
     //     Custom Policy
     //
     // ...where one is the "view" custom policy, and one is the "edit" custom
     // policy.
     $type_custom = PhabricatorPolicyType::TYPE_CUSTOM;
     if (!empty($options[$type_custom])) {
         $options[$type_custom] = array_select_keys($options[$type_custom], array($this->getValue()));
     }
     // If there aren't any custom policies, add a placeholder policy so we
     // render a menu item. This allows the user to switch to a custom policy.
     if (empty($options[$type_custom])) {
         $placeholder = new PhabricatorPolicy();
         $placeholder->setName(pht('Custom Policy...'));
         $options[$type_custom][$this->getCustomPolicyPlaceholder()] = array('name' => $placeholder->getName(), 'full' => $placeholder->getName(), 'icon' => $placeholder->getIcon());
     }
     $options = array_select_keys($options, array(PhabricatorPolicyType::TYPE_GLOBAL, PhabricatorPolicyType::TYPE_OBJECT, PhabricatorPolicyType::TYPE_USER, PhabricatorPolicyType::TYPE_CUSTOM, PhabricatorPolicyType::TYPE_PROJECT));
     return $options;
 }
 private function buildPropertyView(PhameBlog $blog)
 {
     $viewer = $this->getViewer();
     require_celerity_resource('aphront-tooltip-css');
     Javelin::initBehavior('phabricator-tooltips');
     $properties = id(new PHUIPropertyListView())->setUser($viewer)->setObject($blog);
     $domain = $blog->getDomain();
     if (!$domain) {
         $domain = phutil_tag('em', array(), pht('No external domain'));
     }
     $properties->addProperty(pht('Domain'), $domain);
     $feed_uri = PhabricatorEnv::getProductionURI($this->getApplicationURI('blog/feed/' . $blog->getID() . '/'));
     $properties->addProperty(pht('Atom URI'), javelin_tag('a', array('href' => $feed_uri, 'sigil' => 'has-tooltip', 'meta' => array('tip' => pht('Atom URI does not support custom domains.'), 'size' => 320)), $feed_uri));
     $descriptions = PhabricatorPolicyQuery::renderPolicyDescriptions($viewer, $blog);
     $properties->addProperty(pht('Editable By'), $descriptions[PhabricatorPolicyCapability::CAN_EDIT]);
     $engine = id(new PhabricatorMarkupEngine())->setViewer($viewer)->addObject($blog, PhameBlog::MARKUP_FIELD_DESCRIPTION)->process();
     $properties->invokeWillRenderEvent();
     $description = $blog->getDescription();
     if (strlen($description)) {
         $description = new PHUIRemarkupView($viewer, $description);
         $properties->addSectionHeader(pht('Description'), PHUIPropertyListView::ICON_SUMMARY);
         $properties->addTextContent($description);
     }
     return $properties;
 }
 private function buildPropertyView(PhabricatorApplication $application, PhabricatorActionListView $actions)
 {
     $viewer = $this->getRequest()->getUser();
     $properties = id(new PHUIPropertyListView());
     $properties->setActionList($actions);
     $properties->addProperty(pht('Description'), $application->getShortDescription());
     if ($application->getFlavorText()) {
         $properties->addProperty(null, phutil_tag('em', array(), $application->getFlavorText()));
     }
     if ($application->isPrototype()) {
         $proto_href = PhabricatorEnv::getDoclink('User Guide: Prototype Applications');
         $learn_more = phutil_tag('a', array('href' => $proto_href, 'target' => '_blank'), pht('Learn More'));
         $properties->addProperty(pht('Prototype'), pht('This application is a prototype. %s', $learn_more));
     }
     $overview = $application->getOverview();
     if (strlen($overview)) {
         $overview = new PHUIRemarkupView($viewer, $overview);
         $properties->addSectionHeader(pht('Overview'), PHUIPropertyListView::ICON_SUMMARY);
         $properties->addTextContent($overview);
     }
     $descriptions = PhabricatorPolicyQuery::renderPolicyDescriptions($viewer, $application);
     $properties->addSectionHeader(pht('Policies'), 'fa-lock');
     foreach ($application->getCapabilities() as $capability) {
         $properties->addProperty($application->getCapabilityLabel($capability), idx($descriptions, $capability));
     }
     return $properties;
 }
 private function buildPropertyList(DivinerLiveBook $book)
 {
     $viewer = $this->getRequest()->getUser();
     $view = id(new PHUIPropertyListView())->setUser($viewer);
     $policies = PhabricatorPolicyQuery::renderPolicyDescriptions($viewer, $book);
     $view->addProperty(pht('Updated'), phabricator_datetime($book->getDateModified(), $viewer));
     return $view;
 }
 private function buildPropertyView(PhabricatorDashboard $dashboard)
 {
     $viewer = $this->getViewer();
     $properties = id(new PHUIPropertyListView())->setUser($viewer);
     $descriptions = PhabricatorPolicyQuery::renderPolicyDescriptions($viewer, $dashboard);
     $properties->addProperty(pht('Editable By'), $descriptions[PhabricatorPolicyCapability::CAN_EDIT]);
     $properties->addProperty(pht('Panels'), $viewer->renderHandleList($dashboard->getPanelPHIDs()));
     return id(new PHUIObjectBoxView())->setHeaderText(pht('Details'))->setBackground(PHUIObjectBoxView::BLUE_PROPERTY)->addPropertyList($properties);
 }
 private function buildPropertyView(PhabricatorDashboard $dashboard)
 {
     $viewer = $this->getRequest()->getUser();
     $properties = id(new PHUIPropertyListView())->setUser($viewer)->setObject($dashboard);
     $descriptions = PhabricatorPolicyQuery::renderPolicyDescriptions($viewer, $dashboard);
     $properties->addProperty(pht('Editable By'), $descriptions[PhabricatorPolicyCapability::CAN_EDIT]);
     $properties->addProperty(pht('Panels'), $viewer->renderHandleList($dashboard->getPanelPHIDs()));
     return $properties;
 }
 private function buildPropertyView(NuanceSource $source, PhabricatorActionListView $actions)
 {
     $viewer = $this->getRequest()->getUser();
     $properties = id(new PHUIPropertyListView())->setUser($viewer)->setObject($source)->setActionList($actions);
     $definition = $source->requireDefinition();
     $properties->addProperty(pht('Source Type'), $definition->getName());
     $descriptions = PhabricatorPolicyQuery::renderPolicyDescriptions($viewer, $source);
     $properties->addProperty(pht('Editable By'), $descriptions[PhabricatorPolicyCapability::CAN_EDIT]);
     return $properties;
 }
 private function buildPropertyView(PhabricatorProjectColumn $column, PhabricatorActionListView $actions)
 {
     $viewer = $this->getRequest()->getUser();
     $properties = id(new PHUIPropertyListView())->setUser($viewer)->setObject($column)->setActionList($actions);
     $descriptions = PhabricatorPolicyQuery::renderPolicyDescriptions($viewer, $column);
     $properties->addProperty(pht('Editable By'), $descriptions[PhabricatorPolicyCapability::CAN_EDIT]);
     $limit = $column->getPointLimit();
     $properties->addProperty(pht('Point Limit'), $limit ? $limit : pht('No Limit'));
     return $properties;
 }
 private function buildPolicyView(PhabricatorApplication $application)
 {
     $viewer = $this->getViewer();
     $properties = id(new PHUIPropertyListView());
     $header = id(new PHUIHeaderView())->setHeader(pht('POLICIES'))->setHeaderIcon('fa-lock');
     $descriptions = PhabricatorPolicyQuery::renderPolicyDescriptions($viewer, $application);
     foreach ($application->getCapabilities() as $capability) {
         $properties->addProperty($application->getCapabilityLabel($capability), idx($descriptions, $capability));
     }
     return id(new PHUIObjectBoxView())->setHeader($header)->setBackground(PHUIObjectBoxView::BLUE_PROPERTY)->appendChild($properties);
 }
 private function buildPropertyListView(PhabricatorProject $project, PhabricatorActionListView $actions)
 {
     $request = $this->getRequest();
     $viewer = $request->getUser();
     $view = id(new PHUIPropertyListView())->setUser($viewer)->setObject($project)->setActionList($actions);
     $descriptions = PhabricatorPolicyQuery::renderPolicyDescriptions($viewer, $project);
     $this->loadHandles(array($project->getPHID()));
     $view->addProperty(pht('Looks Like'), $this->getHandle($project->getPHID())->renderTag());
     $view->addProperty(pht('Visible To'), $descriptions[PhabricatorPolicyCapability::CAN_VIEW]);
     $view->addProperty(pht('Editable By'), $descriptions[PhabricatorPolicyCapability::CAN_EDIT]);
     $view->addProperty(pht('Joinable By'), $descriptions[PhabricatorPolicyCapability::CAN_JOIN]);
     return $view;
 }
 private function buildPropertyView(PhabricatorPaste $paste, array $child_phids, PhabricatorActionListView $actions)
 {
     $viewer = $this->getViewer();
     $properties = id(new PHUIPropertyListView())->setUser($viewer)->setObject($paste)->setActionList($actions);
     $properties->addProperty(pht('Author'), $viewer->renderHandle($paste->getAuthorPHID()));
     $properties->addProperty(pht('Created'), phabricator_datetime($paste->getDateCreated(), $viewer));
     if ($paste->getParentPHID()) {
         $properties->addProperty(pht('Forked From'), $viewer->renderHandle($paste->getParentPHID()));
     }
     if ($child_phids) {
         $properties->addProperty(pht('Forks'), $viewer->renderHandleList($child_phids));
     }
     $descriptions = PhabricatorPolicyQuery::renderPolicyDescriptions($viewer, $paste);
     return $properties;
 }
 private function buildPropertyListView(PhabricatorSpacesNamespace $space)
 {
     $viewer = $this->getRequest()->getUser();
     $list = id(new PHUIPropertyListView())->setUser($viewer);
     $list->addProperty(pht('Default Space'), $space->getIsDefaultNamespace() ? pht('Yes') : pht('No'));
     $descriptions = PhabricatorPolicyQuery::renderPolicyDescriptions($viewer, $space);
     $list->addProperty(pht('Editable By'), $descriptions[PhabricatorPolicyCapability::CAN_EDIT]);
     $description = $space->getDescription();
     if (strlen($description)) {
         $description = PhabricatorMarkupEngine::renderOneObject(id(new PhabricatorMarkupOneOff())->setContent($description), 'default', $viewer);
         $list->addSectionHeader(pht('Description'), PHUIPropertyListView::ICON_SUMMARY);
         $list->addTextContent($description);
     }
     return $list;
 }
 private function buildPropertyView(PhabricatorPaste $paste, array $child_phids)
 {
     $user = $this->getRequest()->getUser();
     $properties = new PhabricatorPropertyListView();
     $properties->addProperty(pht('Author'), $this->getHandle($paste->getAuthorPHID())->renderLink());
     $properties->addProperty(pht('Created'), phabricator_datetime($paste->getDateCreated(), $user));
     if ($paste->getParentPHID()) {
         $properties->addProperty(pht('Forked From'), $this->getHandle($paste->getParentPHID())->renderLink());
     }
     if ($child_phids) {
         $properties->addProperty(pht('Forks'), $this->renderHandlesForPHIDs($child_phids));
     }
     $descriptions = PhabricatorPolicyQuery::renderPolicyDescriptions($user, $paste);
     $properties->addProperty(pht('Visible To'), $descriptions[PhabricatorPolicyCapability::CAN_VIEW]);
     return $properties;
 }
 private function renderProperties(PhameBlog $blog, PhabricatorUser $user, PhabricatorActionListView $actions)
 {
     require_celerity_resource('aphront-tooltip-css');
     Javelin::initBehavior('phabricator-tooltips');
     $properties = new PHUIPropertyListView();
     $properties->setActionList($actions);
     $properties->addProperty(pht('Skin'), $blog->getSkin());
     $properties->addProperty(pht('Domain'), $blog->getDomain());
     $feed_uri = PhabricatorEnv::getProductionURI($this->getApplicationURI('blog/feed/' . $blog->getID() . '/'));
     $properties->addProperty(pht('Atom URI'), javelin_tag('a', array('href' => $feed_uri, 'sigil' => 'has-tooltip', 'meta' => array('tip' => pht('Atom URI does not support custom domains.'), 'size' => 320)), $feed_uri));
     $descriptions = PhabricatorPolicyQuery::renderPolicyDescriptions($user, $blog);
     $properties->addProperty(pht('Editable By'), $descriptions[PhabricatorPolicyCapability::CAN_EDIT]);
     $properties->addProperty(pht('Joinable By'), $descriptions[PhabricatorPolicyCapability::CAN_JOIN]);
     $engine = id(new PhabricatorMarkupEngine())->setViewer($user)->addObject($blog, PhameBlog::MARKUP_FIELD_DESCRIPTION)->process();
     $properties->addTextContent(phutil_tag('div', array('class' => 'phabricator-remarkup'), $engine->getOutput($blog, PhameBlog::MARKUP_FIELD_DESCRIPTION)));
     return $properties;
 }
 public function buildManagementPanelContent()
 {
     $repository = $this->getRepository();
     $viewer = $this->getViewer();
     $view = id(new PHUIPropertyListView())->setViewer($viewer)->setActionList($this->newActions());
     $descriptions = PhabricatorPolicyQuery::renderPolicyDescriptions($viewer, $repository);
     $view_parts = array();
     if (PhabricatorSpacesNamespaceQuery::getViewerSpacesExist($viewer)) {
         $space_phid = PhabricatorSpacesNamespaceQuery::getObjectSpacePHID($repository);
         $view_parts[] = $viewer->renderHandle($space_phid);
     }
     $view_parts[] = $descriptions[PhabricatorPolicyCapability::CAN_VIEW];
     $view->addProperty(pht('Visible To'), phutil_implode_html(" · ", $view_parts));
     $view->addProperty(pht('Editable By'), $descriptions[PhabricatorPolicyCapability::CAN_EDIT]);
     $pushable = $repository->isHosted() ? $descriptions[DiffusionPushCapability::CAPABILITY] : phutil_tag('em', array(), pht('Not a Hosted Repository'));
     $view->addProperty(pht('Pushable By'), $pushable);
     return $this->newBox(pht('Policies'), $view);
 }
 private function buildPropertyView(PhabricatorDashboardPanel $panel)
 {
     $viewer = $this->getRequest()->getUser();
     $properties = id(new PHUIPropertyListView())->setUser($viewer)->setObject($panel);
     $descriptions = PhabricatorPolicyQuery::renderPolicyDescriptions($viewer, $panel);
     $panel_type = $panel->getImplementation();
     if ($panel_type) {
         $type_name = $panel_type->getPanelTypeName();
     } else {
         $type_name = phutil_tag('em', array(), nonempty($panel->getPanelType(), pht('null')));
     }
     $properties->addProperty(pht('Panel Type'), $type_name);
     $properties->addProperty(pht('Editable By'), $descriptions[PhabricatorPolicyCapability::CAN_EDIT]);
     $dashboard_phids = PhabricatorEdgeQuery::loadDestinationPHIDs($panel->getPHID(), PhabricatorDashboardPanelHasDashboardEdgeType::EDGECONST);
     $does_not_appear = pht('This panel does not appear on any dashboards.');
     $properties->addProperty(pht('Appears On'), $dashboard_phids ? $viewer->renderHandleList($dashboard_phids) : phutil_tag('em', array(), $does_not_appear));
     return $properties;
 }
 private function buildPropertyView(PassphraseCredential $credential, PassphraseCredentialType $type, PhabricatorActionListView $actions)
 {
     $viewer = $this->getRequest()->getUser();
     $properties = id(new PHUIPropertyListView())->setUser($viewer)->setObject($credential)->setActionList($actions);
     $properties->addProperty(pht('Credential Type'), $type->getCredentialTypeName());
     $descriptions = PhabricatorPolicyQuery::renderPolicyDescriptions($viewer, $credential);
     $properties->addProperty(pht('Editable By'), $descriptions[PhabricatorPolicyCapability::CAN_EDIT]);
     $properties->addProperty(pht('Username'), $credential->getUsername());
     $used_by_phids = PhabricatorEdgeQuery::loadDestinationPHIDs($credential->getPHID(), PhabricatorEdgeConfig::TYPE_CREDENTIAL_USED_BY_OBJECT);
     if ($used_by_phids) {
         $this->loadHandles($used_by_phids);
         $properties->addProperty(pht('Used By'), $this->renderHandlesForPHIDs($used_by_phids));
     }
     $description = $credential->getDescription();
     if (strlen($description)) {
         $properties->addSectionHeader(pht('Description'), PHUIPropertyListView::ICON_SUMMARY);
         $properties->addTextContent(PhabricatorMarkupEngine::renderOneObject(id(new PhabricatorMarkupOneOff())->setContent($description), 'default', $viewer));
     }
     return $properties;
 }
 private function getStrengthInformation(PhabricatorPolicyInterface $object, PhabricatorPolicy $policy, $capability)
 {
     $viewer = $this->getViewer();
     $default_policy = PhabricatorPolicyQuery::getDefaultPolicyForObject($viewer, $object, $capability);
     if (!$default_policy) {
         return;
     }
     if ($default_policy->getPHID() == $policy->getPHID()) {
         return;
     }
     if ($default_policy->isStrongerThan($policy)) {
         $info = pht('This object has a less restrictive policy ("%s") than the default ' . 'policy for similar objects (which is "%s").', $policy->getShortName(), $default_policy->getShortName());
     } else {
         if ($policy->isStrongerThan($default_policy)) {
             $info = pht('This object has a more restrictive policy ("%s") than the default ' . 'policy for similar objects (which is "%s").', $policy->getShortName(), $default_policy->getShortName());
         } else {
             $info = pht('This object has a different policy ("%s") than the default policy ' . 'for similar objects (which is "%s").', $policy->getShortName(), $default_policy->getShortName());
         }
     }
     return $info;
 }
 private function buildPropertyView(PassphraseCredential $credential, PassphraseCredentialType $type, PhabricatorActionListView $actions)
 {
     $viewer = $this->getRequest()->getUser();
     $properties = id(new PHUIPropertyListView())->setUser($viewer)->setObject($credential)->setActionList($actions);
     $properties->addProperty(pht('Credential Type'), $type->getCredentialTypeName());
     $descriptions = PhabricatorPolicyQuery::renderPolicyDescriptions($viewer, $credential);
     $properties->addProperty(pht('Editable By'), $descriptions[PhabricatorPolicyCapability::CAN_EDIT]);
     if ($type->shouldRequireUsername()) {
         $properties->addProperty(pht('Username'), $credential->getUsername());
     }
     $used_by_phids = PhabricatorEdgeQuery::loadDestinationPHIDs($credential->getPHID(), PhabricatorCredentialsUsedByObjectEdgeType::EDGECONST);
     if ($used_by_phids) {
         $properties->addProperty(pht('Used By'), $viewer->renderHandleList($used_by_phids));
     }
     $properties->invokeWillRenderEvent();
     $description = $credential->getDescription();
     if (strlen($description)) {
         $properties->addSectionHeader(pht('Description'), PHUIPropertyListView::ICON_SUMMARY);
         $properties->addTextContent(new PHUIRemarkupView($viewer, $description));
     }
     return $properties;
 }
 public static function newFromPolicyAndHandle($policy_identifier, PhabricatorObjectHandle $handle = null)
 {
     $is_global = PhabricatorPolicyQuery::isGlobalPolicy($policy_identifier);
     if ($is_global) {
         return PhabricatorPolicyQuery::getGlobalPolicy($policy_identifier);
     }
     if (!$handle) {
         throw new Exception("Policy identifier is an object PHID ('{$policy_identifier}'), but no " . "object handle was provided. A handle must be provided for object " . "policies.");
     }
     $handle_phid = $handle->getPHID();
     if ($policy_identifier != $handle_phid) {
         throw new Exception("Policy identifier is an object PHID ('{$policy_identifier}'), but " . "the provided handle has a different PHID ('{$handle_phid}'). The " . "handle must correspond to the policy identifier.");
     }
     $policy = id(new PhabricatorPolicy())->setPHID($policy_identifier)->setHref($handle->getURI());
     $phid_type = phid_get_type($policy_identifier);
     switch ($phid_type) {
         case PhabricatorProjectProjectPHIDType::TYPECONST:
             $policy->setType(PhabricatorPolicyType::TYPE_PROJECT);
             $policy->setName($handle->getName());
             break;
         case PhabricatorPeopleUserPHIDType::TYPECONST:
             $policy->setType(PhabricatorPolicyType::TYPE_USER);
             $policy->setName($handle->getFullName());
             break;
         case PhabricatorPolicyPHIDTypePolicy::TYPECONST:
             // TODO: This creates a weird handle-based version of a rule policy.
             // It behaves correctly, but can't be applied since it doesn't have
             // any rules. It is used to render transactions, and might need some
             // cleanup.
             break;
         default:
             $policy->setType(PhabricatorPolicyType::TYPE_MASKED);
             $policy->setName($handle->getFullName());
             break;
     }
     $policy->makeEphemeral();
     return $policy;
 }
 public function validateOption(PhabricatorConfigOption $option, $value)
 {
     $capabilities = id(new PhutilSymbolLoader())->setAncestorClass('PhabricatorPolicyCapability')->loadObjects();
     $capabilities = mpull($capabilities, null, 'getCapabilityKey');
     $policy_phids = array();
     foreach ($value as $capability_key => $policy) {
         $capability = idx($capabilities, $capability_key);
         if (!$capability) {
             throw new Exception(pht('Capability "%s" does not exist.', $capability_key));
         }
         if (phid_get_type($policy) != PhabricatorPHIDConstants::PHID_TYPE_UNKNOWN) {
             $policy_phids[$policy] = $policy;
         } else {
             try {
                 $policy_object = PhabricatorPolicyQuery::getGlobalPolicy($policy);
                 // this exception is not helpful here as its about global policy;
                 // throw a better exception
             } catch (Exception $ex) {
                 throw new Exception(pht('Capability "%s" has invalid policy "%s".', $capability_key, $policy));
             }
         }
         if ($policy == PhabricatorPolicies::POLICY_PUBLIC) {
             if (!$capability->shouldAllowPublicPolicySetting()) {
                 throw new Exception(pht('Capability "%s" does not support public policy.', $capability_key));
             }
         }
     }
     if ($policy_phids) {
         $handles = id(new PhabricatorHandleQuery())->setViewer(PhabricatorUser::getOmnipotentUser())->withPhids($policy_phids)->execute();
         $handles = mpull($handles, null, 'getPHID');
         foreach ($value as $capability_key => $policy) {
             $handle = $handles[$policy];
             if (!$handle->isComplete()) {
                 throw new Exception(pht('Capability "%s" has invalid policy "%s"; "%s" does not exist.', $capability_key, $policy, $policy));
             }
         }
     }
 }
 public function processRequest()
 {
     $request = $this->getRequest();
     $viewer = $request->getUser();
     $phid = $this->phid;
     $capability = $this->capability;
     $object = id(new PhabricatorObjectQuery())->setViewer($viewer)->withPHIDs(array($phid))->executeOne();
     if (!$object) {
         return new Aphront404Response();
     }
     $policies = PhabricatorPolicyQuery::loadPolicies($viewer, $object);
     $policy = idx($policies, $capability);
     if (!$policy) {
         return new Aphront404Response();
     }
     $handle = id(new PhabricatorHandleQuery())->setViewer($viewer)->withPHIDs(array($phid))->executeOne();
     $object_uri = nonempty($handle->getURI(), '/');
     $explanation = PhabricatorPolicy::getPolicyExplanation($viewer, $policy->getPHID());
     $auto_info = (array) $object->describeAutomaticCapability($capability);
     $auto_info = array_merge(array($explanation), $auto_info);
     $auto_info = array_filter($auto_info);
     foreach ($auto_info as $key => $info) {
         $auto_info[$key] = phutil_tag('li', array(), $info);
     }
     if ($auto_info) {
         $auto_info = phutil_tag('ul', array(), $auto_info);
     }
     $capability_name = $capability;
     $capobj = PhabricatorPolicyCapability::getCapabilityByKey($capability);
     if ($capobj) {
         $capability_name = $capobj->getCapabilityName();
     }
     $content = array(pht('Users with the "%s" capability:', $capability_name), $auto_info);
     $object_name = pht('%s %s', $handle->getTypeName(), $handle->getObjectName());
     $dialog = id(new AphrontDialogView())->setUser($viewer)->setClass('aphront-access-dialog')->setTitle(pht('Policy Details: %s', $object_name))->appendChild($content)->addCancelButton($object_uri, pht('Done'));
     return id(new AphrontDialogResponse())->setDialog($dialog);
 }
 public function execute(PhutilArgumentParser $args)
 {
     $console = PhutilConsole::getConsole();
     $viewer = $this->getViewer();
     $obj_names = $args->getArg('objects');
     if (!$obj_names) {
         throw new PhutilArgumentUsageException(pht('Specify the name of an object to show policy information for.'));
     } else {
         if (count($obj_names) > 1) {
             throw new PhutilArgumentUsageException(pht('Specify the name of exactly one object to show policy information ' . 'for.'));
         }
     }
     $object = id(new PhabricatorObjectQuery())->setViewer($viewer)->withNames($obj_names)->executeOne();
     if (!$object) {
         $name = head($obj_names);
         throw new PhutilArgumentUsageException(pht("No such object '%s'!", $name));
     }
     $handle = id(new PhabricatorHandleQuery())->setViewer($viewer)->withPHIDs(array($object->getPHID()))->executeOne();
     $policies = PhabricatorPolicyQuery::loadPolicies($viewer, $object);
     $console->writeOut("__%s__\n\n", pht('OBJECT'));
     $console->writeOut("  %s\n", $handle->getFullName());
     $console->writeOut("\n");
     $console->writeOut("__%s__\n\n", pht('CAPABILITIES'));
     foreach ($policies as $capability => $policy) {
         $console->writeOut("  **%s**\n", $capability);
         $console->writeOut("    %s\n", $policy->renderDescription());
         $console->writeOut("    %s\n", PhabricatorPolicy::getPolicyExplanation($viewer, $policy->getPHID()));
         $console->writeOut("\n");
         $more = (array) $object->describeAutomaticCapability($capability);
         if ($more) {
             foreach ($more as $line) {
                 $console->writeOut("    %s\n", $line);
             }
             $console->writeOut("\n");
         }
     }
 }
 private function buildPropertyView(PhabricatorApplication $application, PhabricatorActionListView $actions)
 {
     $viewer = $this->getRequest()->getUser();
     $properties = id(new PHUIPropertyListView());
     $properties->setActionList($actions);
     $properties->addProperty(pht('Description'), $application->getShortDescription());
     if ($application->getFlavorText()) {
         $properties->addProperty(null, phutil_tag('em', array(), $application->getFlavorText()));
     }
     if ($application->isBeta()) {
         $properties->addProperty(pht('Release'), pht('Beta'));
     }
     $overview = $application->getOverview();
     if ($overview) {
         $properties->addSectionHeader(pht('Overview'), PHUIPropertyListView::ICON_SUMMARY);
         $properties->addTextContent(PhabricatorMarkupEngine::renderOneObject(id(new PhabricatorMarkupOneOff())->setContent($overview), 'default', $viewer));
     }
     $descriptions = PhabricatorPolicyQuery::renderPolicyDescriptions($viewer, $application);
     $properties->addSectionHeader(pht('Policies'));
     foreach ($application->getCapabilities() as $capability) {
         $properties->addProperty($application->getCapabilityLabel($capability), idx($descriptions, $capability));
     }
     return $properties;
 }
 private function buildPropertyListView(PhabricatorProject $project, PhabricatorActionListView $actions)
 {
     $request = $this->getRequest();
     $viewer = $request->getUser();
     $view = id(new PHUIPropertyListView())->setUser($viewer)->setObject($project)->setActionList($actions);
     $hashtags = array();
     foreach ($project->getSlugs() as $slug) {
         $hashtags[] = id(new PHUITagView())->setType(PHUITagView::TYPE_OBJECT)->setName('#' . $slug->getSlug());
     }
     $view->addProperty(pht('Hashtags'), phutil_implode_html(' ', $hashtags));
     $view->addProperty(pht('Members'), $project->getMemberPHIDs() ? $viewer->renderHandleList($project->getMemberPHIDs())->setAsInline(true) : phutil_tag('em', array(), pht('None')));
     $view->addProperty(pht('Watchers'), $project->getWatcherPHIDs() ? $viewer->renderHandleList($project->getWatcherPHIDs())->setAsInline(true) : phutil_tag('em', array(), pht('None')));
     $descriptions = PhabricatorPolicyQuery::renderPolicyDescriptions($viewer, $project);
     $view->addProperty(pht('Looks Like'), $viewer->renderHandle($project->getPHID())->setAsTag(true));
     $view->addProperty(pht('Joinable By'), $descriptions[PhabricatorPolicyCapability::CAN_JOIN]);
     $field_list = PhabricatorCustomField::getObjectFields($project, PhabricatorCustomField::ROLE_VIEW);
     $field_list->appendFieldsToPropertyList($project, $viewer, $view);
     return $view;
 }
 private function loadObjectPolicies(array $map)
 {
     $viewer = $this->viewer;
     $viewer_phid = $viewer->getPHID();
     $rules = PhabricatorPolicyQuery::getObjectPolicyRules(null);
     $results = array();
     foreach ($map as $key => $object_list) {
         $rule = idx($rules, $key);
         if (!$rule) {
             continue;
         }
         foreach ($object_list as $object_key => $object) {
             if (!$rule->canApplyToObject($object)) {
                 unset($object_list[$object_key]);
             }
         }
         $rule->willApplyRules($viewer, array(), $object_list);
         $results[$key] = $rule;
     }
     $this->objectPolicies[$viewer_phid] = $results;
 }
Beispiel #28
0
 private function renderPolicyProperty(PhabricatorPolicyInterface $object)
 {
     $viewer = $this->getUser();
     $policies = PhabricatorPolicyQuery::loadPolicies($viewer, $object);
     $view_capability = PhabricatorPolicyCapability::CAN_VIEW;
     $policy = idx($policies, $view_capability);
     if (!$policy) {
         return null;
     }
     // If an object is in a Space with a strictly stronger (more restrictive)
     // policy, we show the more restrictive policy. This better aligns the
     // UI hint with the actual behavior.
     // NOTE: We'll do this even if the viewer has access to only one space, and
     // show them information about the existence of spaces if they click
     // through.
     $use_space_policy = false;
     if ($object instanceof PhabricatorSpacesInterface) {
         $space_phid = PhabricatorSpacesNamespaceQuery::getObjectSpacePHID($object);
         $spaces = PhabricatorSpacesNamespaceQuery::getViewerSpaces($viewer);
         $space = idx($spaces, $space_phid);
         if ($space) {
             $space_policies = PhabricatorPolicyQuery::loadPolicies($viewer, $space);
             $space_policy = idx($space_policies, $view_capability);
             if ($space_policy) {
                 if ($space_policy->isStrongerThan($policy)) {
                     $policy = $space_policy;
                     $use_space_policy = true;
                 }
             }
         }
     }
     $container_classes = array();
     $container_classes[] = 'policy-header-callout';
     $phid = $object->getPHID();
     // If we're going to show the object policy, try to determine if the object
     // policy differs from the default policy. If it does, we'll call it out
     // as changed.
     if (!$use_space_policy) {
         $default_policy = PhabricatorPolicyQuery::getDefaultPolicyForObject($viewer, $object, $view_capability);
         if ($default_policy) {
             if ($default_policy->getPHID() != $policy->getPHID()) {
                 $container_classes[] = 'policy-adjusted';
                 if ($default_policy->isStrongerThan($policy)) {
                     // The policy has strictly been weakened. For example, the
                     // default might be "All Users" and the current policy is "Public".
                     $container_classes[] = 'policy-adjusted-weaker';
                 } else {
                     if ($policy->isStrongerThan($default_policy)) {
                         // The policy has strictly been strengthened, and is now more
                         // restrictive than the default. For example, "All Users" has
                         // been replaced with "No One".
                         $container_classes[] = 'policy-adjusted-stronger';
                     } else {
                         // The policy has been adjusted but not strictly strengthened
                         // or weakened. For example, "Members of X" has been replaced with
                         // "Members of Y".
                         $container_classes[] = 'policy-adjusted-different';
                     }
                 }
             }
         }
     }
     $icon = id(new PHUIIconView())->setIcon($policy->getIcon() . ' bluegrey');
     $link = javelin_tag('a', array('class' => 'policy-link', 'href' => '/policy/explain/' . $phid . '/' . $view_capability . '/', 'sigil' => 'workflow'), $policy->getShortName());
     return phutil_tag('span', array('class' => implode(' ', $container_classes)), array($icon, $link));
 }
 public function getRequiredHandlePHIDs()
 {
     $phids = array();
     $old = $this->getOldValue();
     $new = $this->getNewValue();
     $phids[] = array($this->getAuthorPHID());
     $phids[] = array($this->getObjectPHID());
     switch ($this->getTransactionType()) {
         case PhabricatorTransactions::TYPE_CUSTOMFIELD:
             $field = $this->getTransactionCustomField();
             if ($field) {
                 $phids[] = $field->getApplicationTransactionRequiredHandlePHIDs($this);
             }
             break;
         case PhabricatorTransactions::TYPE_SUBSCRIBERS:
             $phids[] = $old;
             $phids[] = $new;
             break;
         case PhabricatorTransactions::TYPE_EDGE:
             $phids[] = ipull($old, 'dst');
             $phids[] = ipull($new, 'dst');
             break;
         case PhabricatorTransactions::TYPE_COLUMNS:
             foreach ($new as $move) {
                 $phids[] = array($move['columnPHID'], $move['boardPHID']);
                 $phids[] = $move['fromColumnPHIDs'];
             }
             break;
         case PhabricatorTransactions::TYPE_EDIT_POLICY:
         case PhabricatorTransactions::TYPE_VIEW_POLICY:
         case PhabricatorTransactions::TYPE_JOIN_POLICY:
             if (!PhabricatorPolicyQuery::isSpecialPolicy($old)) {
                 $phids[] = array($old);
             }
             if (!PhabricatorPolicyQuery::isSpecialPolicy($new)) {
                 $phids[] = array($new);
             }
             break;
         case PhabricatorTransactions::TYPE_SPACE:
             if ($old) {
                 $phids[] = array($old);
             }
             if ($new) {
                 $phids[] = array($new);
             }
             break;
         case PhabricatorTransactions::TYPE_TOKEN:
             break;
         case PhabricatorTransactions::TYPE_BUILDABLE:
             $phid = $this->getMetadataValue('harbormaster:buildablePHID');
             if ($phid) {
                 $phids[] = array($phid);
             }
             break;
     }
     if ($this->getComment()) {
         $phids[] = array($this->getComment()->getAuthorPHID());
     }
     return array_mergev($phids);
 }
 public function handleRequest(AphrontRequest $request)
 {
     $user = $request->getUser();
     $application = $request->getURIData('application');
     $application = id(new PhabricatorApplicationQuery())->setViewer($user)->withClasses(array($application))->requireCapabilities(array(PhabricatorPolicyCapability::CAN_VIEW, PhabricatorPolicyCapability::CAN_EDIT))->executeOne();
     if (!$application) {
         return new Aphront404Response();
     }
     $title = $application->getName();
     $view_uri = $this->getApplicationURI('view/' . get_class($application) . '/');
     $policies = id(new PhabricatorPolicyQuery())->setViewer($user)->setObject($application)->execute();
     if ($request->isFormPost()) {
         $result = array();
         foreach ($application->getCapabilities() as $capability) {
             $old = $application->getPolicy($capability);
             $new = $request->getStr('policy:' . $capability);
             if ($old == $new) {
                 // No change to the setting.
                 continue;
             }
             if (empty($policies[$new])) {
                 // Not a standard policy, check for a custom policy.
                 $policy = id(new PhabricatorPolicyQuery())->setViewer($user)->withPHIDs(array($new))->executeOne();
                 if (!$policy) {
                     // Not a custom policy either. Can't set the policy to something
                     // invalid, so skip this.
                     continue;
                 }
             }
             if ($new == PhabricatorPolicies::POLICY_PUBLIC) {
                 $capobj = PhabricatorPolicyCapability::getCapabilityByKey($capability);
                 if (!$capobj || !$capobj->shouldAllowPublicPolicySetting()) {
                     // Can't set non-public policies to public.
                     continue;
                 }
             }
             $result[$capability] = $new;
         }
         if ($result) {
             $key = 'phabricator.application-settings';
             $config_entry = PhabricatorConfigEntry::loadConfigEntry($key);
             $value = $config_entry->getValue();
             $phid = $application->getPHID();
             if (empty($value[$phid])) {
                 $value[$application->getPHID()] = array();
             }
             if (empty($value[$phid]['policy'])) {
                 $value[$phid]['policy'] = array();
             }
             $value[$phid]['policy'] = $result + $value[$phid]['policy'];
             // Don't allow users to make policy edits which would lock them out of
             // applications, since they would be unable to undo those actions.
             PhabricatorEnv::overrideConfig($key, $value);
             PhabricatorPolicyFilter::mustRetainCapability($user, $application, PhabricatorPolicyCapability::CAN_VIEW);
             PhabricatorPolicyFilter::mustRetainCapability($user, $application, PhabricatorPolicyCapability::CAN_EDIT);
             PhabricatorConfigEditor::storeNewValue($user, $config_entry, $value, PhabricatorContentSource::newFromRequest($request));
         }
         return id(new AphrontRedirectResponse())->setURI($view_uri);
     }
     $descriptions = PhabricatorPolicyQuery::renderPolicyDescriptions($user, $application);
     $form = id(new AphrontFormView())->setUser($user);
     $locked_policies = PhabricatorEnv::getEnvConfig('policy.locked');
     foreach ($application->getCapabilities() as $capability) {
         $label = $application->getCapabilityLabel($capability);
         $can_edit = $application->isCapabilityEditable($capability);
         $locked = idx($locked_policies, $capability);
         $caption = $application->getCapabilityCaption($capability);
         if (!$can_edit || $locked) {
             $form->appendChild(id(new AphrontFormStaticControl())->setLabel($label)->setValue(idx($descriptions, $capability))->setCaption($caption));
         } else {
             $control = id(new AphrontFormPolicyControl())->setUser($user)->setDisabled($locked)->setCapability($capability)->setPolicyObject($application)->setPolicies($policies)->setLabel($label)->setName('policy:' . $capability)->setCaption($caption);
             $template = $application->getCapabilityTemplatePHIDType($capability);
             if ($template) {
                 $phid_types = PhabricatorPHIDType::getAllTypes();
                 $phid_type = idx($phid_types, $template);
                 if ($phid_type) {
                     $template_object = $phid_type->newObject();
                     if ($template_object) {
                         $template_policies = id(new PhabricatorPolicyQuery())->setViewer($user)->setObject($template_object)->execute();
                         // NOTE: We want to expose both any object template policies
                         // (like "Subscribers") and any custom policy.
                         $all_policies = $template_policies + $policies;
                         $control->setPolicies($all_policies);
                         $control->setTemplateObject($template_object);
                     }
                 }
                 $control->setTemplatePHIDType($template);
             }
             $form->appendControl($control);
         }
     }
     $form->appendChild(id(new AphrontFormSubmitControl())->setValue(pht('Save Policies'))->addCancelButton($view_uri));
     $crumbs = $this->buildApplicationCrumbs();
     $crumbs->addTextCrumb($application->getName(), $view_uri);
     $crumbs->addTextCrumb(pht('Edit Policies'));
     $header = id(new PHUIHeaderView())->setHeader(pht('Edit Policies: %s', $application->getName()));
     $object_box = id(new PHUIObjectBoxView())->setHeader($header)->setForm($form);
     return $this->buildApplicationPage(array($crumbs, $object_box), array('title' => $title));
 }