public static function newFromPolicyAndHandle($policy_identifier, PhabricatorObjectHandle $handle = null) { $is_global = PhabricatorPolicyQuery::isGlobalPolicy($policy_identifier); if ($is_global) { return PhabricatorPolicyQuery::getGlobalPolicy($policy_identifier); } $policy = PhabricatorPolicyQuery::getObjectPolicy($policy_identifier); if ($policy) { return $policy; } if (!$handle) { throw new Exception(pht("Policy identifier is an object PHID ('%s'), but no object handle " . "was provided. A handle must be provided for object policies.", $policy_identifier)); } $handle_phid = $handle->getPHID(); if ($policy_identifier != $handle_phid) { throw new Exception(pht("Policy identifier is an object PHID ('%s'), but the provided " . "handle has a different PHID ('%s'). The handle must correspond " . "to the policy identifier.", $policy_identifier, $handle_phid)); } $policy = id(new PhabricatorPolicy())->setPHID($policy_identifier)->setHref($handle->getURI()); $phid_type = phid_get_type($policy_identifier); switch ($phid_type) { case PhabricatorProjectProjectPHIDType::TYPECONST: $policy->setType(PhabricatorPolicyType::TYPE_PROJECT); $policy->setName($handle->getName()); break; case PhabricatorPeopleUserPHIDType::TYPECONST: $policy->setType(PhabricatorPolicyType::TYPE_USER); $policy->setName($handle->getFullName()); break; case PhabricatorPolicyPHIDTypePolicy::TYPECONST: // TODO: This creates a weird handle-based version of a rule policy. // It behaves correctly, but can't be applied since it doesn't have // any rules. It is used to render transactions, and might need some // cleanup. break; default: $policy->setType(PhabricatorPolicyType::TYPE_MASKED); $policy->setName($handle->getFullName()); break; } $policy->makeEphemeral(); return $policy; }
public function validateOption(PhabricatorConfigOption $option, $value) { $capabilities = id(new PhutilSymbolLoader())->setAncestorClass('PhabricatorPolicyCapability')->loadObjects(); $capabilities = mpull($capabilities, null, 'getCapabilityKey'); $policy_phids = array(); foreach ($value as $capability_key => $policy) { $capability = idx($capabilities, $capability_key); if (!$capability) { throw new Exception(pht('Capability "%s" does not exist.', $capability_key)); } if (phid_get_type($policy) != PhabricatorPHIDConstants::PHID_TYPE_UNKNOWN) { $policy_phids[$policy] = $policy; } else { try { $policy_object = PhabricatorPolicyQuery::getGlobalPolicy($policy); // this exception is not helpful here as its about global policy; // throw a better exception } catch (Exception $ex) { throw new Exception(pht('Capability "%s" has invalid policy "%s".', $capability_key, $policy)); } } if ($policy == PhabricatorPolicies::POLICY_PUBLIC) { if (!$capability->shouldAllowPublicPolicySetting()) { throw new Exception(pht('Capability "%s" does not support public policy.', $capability_key)); } } } if ($policy_phids) { $handles = id(new PhabricatorHandleQuery())->setViewer(PhabricatorUser::getOmnipotentUser())->withPhids($policy_phids)->execute(); $handles = mpull($handles, null, 'getPHID'); foreach ($value as $capability_key => $policy) { $handle = $handles[$policy]; if (!$handle->isComplete()) { throw new Exception(pht('Capability "%s" has invalid policy "%s"; "%s" does not exist.', $capability_key, $policy, $policy)); } } } }
public function testPolicyStrength() { $public = PhabricatorPolicyQuery::getGlobalPolicy(PhabricatorPolicies::POLICY_PUBLIC); $user = PhabricatorPolicyQuery::getGlobalPolicy(PhabricatorPolicies::POLICY_USER); $admin = PhabricatorPolicyQuery::getGlobalPolicy(PhabricatorPolicies::POLICY_ADMIN); $noone = PhabricatorPolicyQuery::getGlobalPolicy(PhabricatorPolicies::POLICY_NOONE); $this->assertFalse($public->isStrongerThan($public)); $this->assertFalse($public->isStrongerThan($user)); $this->assertFalse($public->isStrongerThan($admin)); $this->assertFalse($public->isStrongerThan($noone)); $this->assertTrue($user->isStrongerThan($public)); $this->assertFalse($user->isStrongerThan($user)); $this->assertFalse($user->isStrongerThan($admin)); $this->assertFalse($user->isStrongerThan($noone)); $this->assertTrue($admin->isStrongerThan($public)); $this->assertTrue($admin->isStrongerThan($user)); $this->assertFalse($admin->isStrongerThan($admin)); $this->assertFalse($admin->isStrongerThan($noone)); $this->assertTrue($noone->isStrongerThan($public)); $this->assertTrue($noone->isStrongerThan($user)); $this->assertTrue($noone->isStrongerThan($admin)); $this->assertFalse($admin->isStrongerThan($noone)); }