public function applyRule(PhabricatorUser $viewer, $value, PhabricatorPolicyInterface $object) { $viewer_phid = $viewer->getPHID(); if (!$viewer_phid) { return false; } return $object->getHostPHID() == $viewer_phid; }
public function applyRule(PhabricatorUser $viewer, $value, PhabricatorPolicyInterface $object) { $viewer_phid = $viewer->getPHID(); if (!$viewer_phid) { return false; } return (bool) $object->getParticipantIfExists($viewer_phid); }
public function applyRule(PhabricatorUser $viewer, $value, PhabricatorPolicyInterface $object) { $viewer_phid = $viewer->getPHID(); if (!$viewer_phid) { return false; } $memberships = idx($this->memberships, $viewer_phid); return isset($memberships[$object->getPHID()]); }
public function applyRule(PhabricatorUser $viewer, $value, PhabricatorPolicyInterface $object) { $viewer_phid = $viewer->getPHID(); if (!$viewer_phid) { return false; } if ($object->isAutomaticallySubscribed($viewer_phid)) { return true; } $subscribed = idx($this->subscribed, $viewer_phid); return isset($subscribed[$object->getPHID()]); }
public static function loadPolicies(PhabricatorUser $viewer, PhabricatorPolicyInterface $object) { $results = array(); $map = array(); foreach ($object->getCapabilities() as $capability) { $map[$capability] = $object->getPolicy($capability); } $policies = id(new PhabricatorPolicyQuery())->setViewer($viewer)->withPHIDs($map)->execute(); foreach ($map as $capability => $phid) { $results[$capability] = $policies[$phid]; } return $results; }
public static function renderPolicyDescriptions(PhabricatorUser $viewer, PhabricatorPolicyInterface $object) { $results = array(); $policies = null; $global = self::getGlobalPolicies(); $capabilities = $object->getCapabilities(); foreach ($capabilities as $capability) { $policy = $object->getPolicy($capability); if (!$policy) { continue; } if (isset($global[$policy])) { $results[$capability] = $global[$policy]->renderDescription(); continue; } if ($policies === null) { // This slightly overfetches data, but it shouldn't generally // be a problem. $policies = id(new PhabricatorPolicyQuery())->setViewer($viewer)->setObject($object)->execute(); } $results[$capability] = $policies[$policy]->renderDescription(); } return $results; }
private function checkCapability(PhabricatorPolicyInterface $object, $capability) { $policy = $object->getPolicy($capability); if (!$policy) { // TODO: Formalize this somehow? $policy = PhabricatorPolicies::POLICY_USER; } if ($policy == PhabricatorPolicies::POLICY_PUBLIC) { // If the object is set to "public" but that policy is disabled for this // install, restrict the policy to "user". if (!PhabricatorEnv::getEnvConfig('policy.allow-public')) { $policy = PhabricatorPolicies::POLICY_USER; } // If the object is set to "public" but the capability is anything other // than "view", restrict the policy to "user". if ($capability != PhabricatorPolicyCapability::CAN_VIEW) { $policy = PhabricatorPolicies::POLICY_USER; } } $viewer = $this->viewer; if ($object->hasAutomaticCapability($capability, $viewer)) { return true; } switch ($policy) { case PhabricatorPolicies::POLICY_PUBLIC: return true; case PhabricatorPolicies::POLICY_USER: if ($viewer->getPHID()) { return true; } else { $this->rejectObject($object, $policy, $capability); } break; case PhabricatorPolicies::POLICY_ADMIN: if ($viewer->getIsAdmin()) { return true; } else { $this->rejectObject($object, $policy, $capability); } break; case PhabricatorPolicies::POLICY_NOONE: $this->rejectObject($object, $policy, $capability); break; default: throw new Exception("Object has unknown policy '{$policy}'!"); } return false; }
private function renderAccessDenied(PhabricatorPolicyInterface $object) { // NOTE: Not every type of policy object has a real PHID; just load an // empty handle if a real PHID isn't available. $phid = nonempty($object->getPHID(), PhabricatorPHIDConstants::PHID_VOID); $handle = id(new PhabricatorHandleQuery())->setViewer($this->viewer)->withPHIDs(array($phid))->executeOne(); $object_name = $handle->getObjectName(); $is_serious = PhabricatorEnv::getEnvConfig('phabricator.serious-business'); if ($is_serious) { $access_denied = pht('Access Denied: %s', $object_name); } else { $access_denied = pht('You Shall Not Pass: %s', $object_name); } return $access_denied; }
protected function didRejectResult(PhabricatorPolicyInterface $object) { // Some objects (like commits) may be rejected because related objects // (like repositories) can not be loaded. In some cases, we may need these // related objects to determine the object policy, so it's expected that // we may occasionally be unable to determine the policy. try { $policy = $object->getPolicy(PhabricatorPolicyCapability::CAN_VIEW); } catch (Exception $ex) { $policy = null; } // Mark this object as filtered so handles can render "Restricted" instead // of "Unknown". $phid = $object->getPHID(); $this->addPolicyFilteredPHIDs(array($phid => $phid)); $this->getPolicyFilter()->rejectObject($object, $policy, PhabricatorPolicyCapability::CAN_VIEW); }
private function getObjectPolicy(PhabricatorPolicyInterface $object, $capability) { if ($this->forcedPolicy) { return $this->forcedPolicy; } else { return $object->getPolicy($capability); } }
public static function getDefaultPolicyForObject(PhabricatorUser $viewer, PhabricatorPolicyInterface $object, $capability) { $phid = $object->getPHID(); if (!$phid) { return null; } $type = phid_get_type($phid); $map = self::getDefaultObjectTypePolicyMap(); if (empty($map[$type][$capability])) { return null; } $policy_phid = $map[$type][$capability]; return id(new PhabricatorPolicyQuery())->setViewer($viewer)->withPHIDs(array($policy_phid))->executeOne(); }
private function buildExtendedSection(PhabricatorPolicyInterface $object, $capability) { $viewer = $this->getViewer(); if (!$object instanceof PhabricatorExtendedPolicyInterface) { return null; } $extended_rules = $object->getExtendedPolicy($capability, $viewer); if (!$extended_rules) { return null; } $items = array(); foreach ($extended_rules as $extended_rule) { $extended_target = $extended_rule[0]; $extended_capabilities = (array) $extended_rule[1]; if (is_object($extended_target)) { $extended_target = $extended_target->getPHID(); } foreach ($extended_capabilities as $extended_capability) { $ex_name = $this->getCapabilityName($extended_capability); $items[] = array(phutil_tag('strong', array(), pht('%s:', $ex_name)), ' ', $viewer->renderHandle($extended_target)->setAsTag(true)); } } return id(new PHUIPolicySectionView())->setViewer($viewer)->setIcon('fa-link')->setHeader(pht('Required Capabilities on Other Objects'))->appendParagraph(pht('To access this object, users must have first have access ' . 'capabilties on these other objects:'))->appendList($items); }