public function processRequest() { $request = $this->getRequest(); $user = $request->getUser(); if ($this->id) { $blog = id(new PhameBlogQuery())->setViewer($user)->withIDs(array($this->id))->requireCapabilities(array(PhabricatorPolicyCapability::CAN_EDIT))->executeOne(); if (!$blog) { return new Aphront404Response(); } $submit_button = pht('Save Changes'); $page_title = pht('Edit Blog'); $cancel_uri = $this->getApplicationURI('blog/view/' . $blog->getID() . '/'); } else { $blog = id(new PhameBlog())->setCreatorPHID($user->getPHID()); $blog->setViewPolicy(PhabricatorPolicies::POLICY_USER); $blog->setEditPolicy(PhabricatorPolicies::POLICY_USER); $blog->setJoinPolicy(PhabricatorPolicies::POLICY_USER); $submit_button = pht('Create Blog'); $page_title = pht('Create Blog'); $cancel_uri = $this->getApplicationURI(); } $e_name = true; $e_custom_domain = null; $errors = array(); if ($request->isFormPost()) { $name = $request->getStr('name'); $description = $request->getStr('description'); $custom_domain = $request->getStr('custom_domain'); $skin = $request->getStr('skin'); if (empty($name)) { $errors[] = pht('You must give the blog a name.'); $e_name = pht('Required'); } else { $e_name = null; } $blog->setName($name); $blog->setDescription($description); $blog->setDomain(nonempty($custom_domain, null)); $blog->setSkin($skin); $blog->setViewPolicy($request->getStr('can_view')); $blog->setEditPolicy($request->getStr('can_edit')); $blog->setJoinPolicy($request->getStr('can_join')); if (!empty($custom_domain)) { list($error_label, $error_text) = $blog->validateCustomDomain($custom_domain); if ($error_label) { $errors[] = $error_text; $e_custom_domain = $error_label; } if ($blog->getViewPolicy() != PhabricatorPolicies::POLICY_PUBLIC) { $errors[] = pht('For custom domains to work, the blog must have a view policy of ' . 'public.'); // Prefer earlier labels for the multiple error scenario. if (!$e_custom_domain) { $e_custom_domain = pht('Invalid Policy'); } } } // Don't let users remove their ability to edit blogs. PhabricatorPolicyFilter::mustRetainCapability($user, $blog, PhabricatorPolicyCapability::CAN_EDIT); if (!$errors) { try { $blog->save(); return id(new AphrontRedirectResponse())->setURI($this->getApplicationURI('blog/view/' . $blog->getID() . '/')); } catch (AphrontDuplicateKeyQueryException $ex) { $errors[] = pht('Domain must be unique.'); $e_custom_domain = pht('Not Unique'); } } } $policies = id(new PhabricatorPolicyQuery())->setViewer($user)->setObject($blog)->execute(); $skins = PhameSkinSpecification::loadAllSkinSpecifications(); $skins = mpull($skins, 'getName'); $form = id(new AphrontFormView())->setUser($user)->appendChild(id(new AphrontFormTextControl())->setLabel(pht('Name'))->setName('name')->setValue($blog->getName())->setID('blog-name')->setError($e_name))->appendChild(id(new PhabricatorRemarkupControl())->setLabel(pht('Description'))->setName('description')->setValue($blog->getDescription())->setID('blog-description')->setUser($user)->setDisableMacros(true))->appendChild(id(new AphrontFormPolicyControl())->setUser($user)->setCapability(PhabricatorPolicyCapability::CAN_VIEW)->setPolicyObject($blog)->setPolicies($policies)->setName('can_view'))->appendChild(id(new AphrontFormPolicyControl())->setUser($user)->setCapability(PhabricatorPolicyCapability::CAN_EDIT)->setPolicyObject($blog)->setPolicies($policies)->setName('can_edit'))->appendChild(id(new AphrontFormPolicyControl())->setUser($user)->setCapability(PhabricatorPolicyCapability::CAN_JOIN)->setPolicyObject($blog)->setPolicies($policies)->setName('can_join'))->appendChild(id(new AphrontFormTextControl())->setLabel(pht('Custom Domain'))->setName('custom_domain')->setValue($blog->getDomain())->setCaption(pht('Must include at least one dot (.), e.g. blog.example.com'))->setError($e_custom_domain))->appendChild(id(new AphrontFormSelectControl())->setLabel(pht('Skin'))->setName('skin')->setValue($blog->getSkin())->setOptions($skins))->appendChild(id(new AphrontFormSubmitControl())->addCancelButton($cancel_uri)->setValue($submit_button)); $form_box = id(new PHUIObjectBoxView())->setHeaderText($page_title)->setFormErrors($errors)->setForm($form); $crumbs = $this->buildApplicationCrumbs(); $crumbs->addTextCrumb($page_title, $this->getApplicationURI('blog/new')); $nav = $this->renderSideNavFilterView(); $nav->selectFilter($this->id ? null : 'blog/new'); $nav->appendChild(array($crumbs, $form_box)); return $this->buildApplicationPage($nav, array('title' => $page_title)); }
public function handleRequest(AphrontRequest $request) { $user = $request->getUser(); $application = $request->getURIData('application'); $application = id(new PhabricatorApplicationQuery())->setViewer($user)->withClasses(array($application))->requireCapabilities(array(PhabricatorPolicyCapability::CAN_VIEW, PhabricatorPolicyCapability::CAN_EDIT))->executeOne(); if (!$application) { return new Aphront404Response(); } $title = $application->getName(); $view_uri = $this->getApplicationURI('view/' . get_class($application) . '/'); $policies = id(new PhabricatorPolicyQuery())->setViewer($user)->setObject($application)->execute(); if ($request->isFormPost()) { $result = array(); foreach ($application->getCapabilities() as $capability) { $old = $application->getPolicy($capability); $new = $request->getStr('policy:' . $capability); if ($old == $new) { // No change to the setting. continue; } if (empty($policies[$new])) { // Not a standard policy, check for a custom policy. $policy = id(new PhabricatorPolicyQuery())->setViewer($user)->withPHIDs(array($new))->executeOne(); if (!$policy) { // Not a custom policy either. Can't set the policy to something // invalid, so skip this. continue; } } if ($new == PhabricatorPolicies::POLICY_PUBLIC) { $capobj = PhabricatorPolicyCapability::getCapabilityByKey($capability); if (!$capobj || !$capobj->shouldAllowPublicPolicySetting()) { // Can't set non-public policies to public. continue; } } $result[$capability] = $new; } if ($result) { $key = 'phabricator.application-settings'; $config_entry = PhabricatorConfigEntry::loadConfigEntry($key); $value = $config_entry->getValue(); $phid = $application->getPHID(); if (empty($value[$phid])) { $value[$application->getPHID()] = array(); } if (empty($value[$phid]['policy'])) { $value[$phid]['policy'] = array(); } $value[$phid]['policy'] = $result + $value[$phid]['policy']; // Don't allow users to make policy edits which would lock them out of // applications, since they would be unable to undo those actions. PhabricatorEnv::overrideConfig($key, $value); PhabricatorPolicyFilter::mustRetainCapability($user, $application, PhabricatorPolicyCapability::CAN_VIEW); PhabricatorPolicyFilter::mustRetainCapability($user, $application, PhabricatorPolicyCapability::CAN_EDIT); PhabricatorConfigEditor::storeNewValue($user, $config_entry, $value, PhabricatorContentSource::newFromRequest($request)); } return id(new AphrontRedirectResponse())->setURI($view_uri); } $descriptions = PhabricatorPolicyQuery::renderPolicyDescriptions($user, $application); $form = id(new AphrontFormView())->setUser($user); $locked_policies = PhabricatorEnv::getEnvConfig('policy.locked'); foreach ($application->getCapabilities() as $capability) { $label = $application->getCapabilityLabel($capability); $can_edit = $application->isCapabilityEditable($capability); $locked = idx($locked_policies, $capability); $caption = $application->getCapabilityCaption($capability); if (!$can_edit || $locked) { $form->appendChild(id(new AphrontFormStaticControl())->setLabel($label)->setValue(idx($descriptions, $capability))->setCaption($caption)); } else { $control = id(new AphrontFormPolicyControl())->setUser($user)->setDisabled($locked)->setCapability($capability)->setPolicyObject($application)->setPolicies($policies)->setLabel($label)->setName('policy:' . $capability)->setCaption($caption); $template = $application->getCapabilityTemplatePHIDType($capability); if ($template) { $phid_types = PhabricatorPHIDType::getAllTypes(); $phid_type = idx($phid_types, $template); if ($phid_type) { $template_object = $phid_type->newObject(); if ($template_object) { $template_policies = id(new PhabricatorPolicyQuery())->setViewer($user)->setObject($template_object)->execute(); // NOTE: We want to expose both any object template policies // (like "Subscribers") and any custom policy. $all_policies = $template_policies + $policies; $control->setPolicies($all_policies); $control->setTemplateObject($template_object); } } $control->setTemplatePHIDType($template); } $form->appendControl($control); } } $form->appendChild(id(new AphrontFormSubmitControl())->setValue(pht('Save Policies'))->addCancelButton($view_uri)); $crumbs = $this->buildApplicationCrumbs(); $crumbs->addTextCrumb($application->getName(), $view_uri); $crumbs->addTextCrumb(pht('Edit Policies')); $header = id(new PHUIHeaderView())->setHeader(pht('Edit Policies: %s', $application->getName())); $object_box = id(new PHUIObjectBoxView())->setHeader($header)->setForm($form); return $this->buildApplicationPage(array($crumbs, $object_box), array('title' => $title)); }
private function applyTransactionEffect(PhabricatorProject $project, PhabricatorProjectTransaction $xaction) { $type = $xaction->getTransactionType(); switch ($type) { case PhabricatorProjectTransactionType::TYPE_NAME: $project->setName($xaction->getNewValue()); $project->setPhrictionSlug($xaction->getNewValue()); $this->validateName($project); break; case PhabricatorProjectTransactionType::TYPE_STATUS: $project->setStatus($xaction->getNewValue()); break; case PhabricatorProjectTransactionType::TYPE_MEMBERS: $old = array_fill_keys($xaction->getOldValue(), true); $new = array_fill_keys($xaction->getNewValue(), true); $this->addEdges = array_keys(array_diff_key($new, $old)); $this->remEdges = array_keys(array_diff_key($old, $new)); break; case PhabricatorProjectTransactionType::TYPE_CAN_VIEW: $project->setViewPolicy($xaction->getNewValue()); break; case PhabricatorProjectTransactionType::TYPE_CAN_EDIT: $project->setEditPolicy($xaction->getNewValue()); // You can't edit away your ability to edit the project. PhabricatorPolicyFilter::mustRetainCapability($this->user, $project, PhabricatorPolicyCapability::CAN_EDIT); break; case PhabricatorProjectTransactionType::TYPE_CAN_JOIN: $project->setJoinPolicy($xaction->getNewValue()); break; default: throw new Exception("Unknown transaction type '{$type}'!"); } }