/** * Validate that the edit is permissible, and the actor has permission to * perform it. */ private function validateEdit(PhabricatorApplicationTransaction $xaction, PhabricatorApplicationTransactionComment $comment) { if (!$xaction->getPHID()) { throw new Exception('Transaction must have a PHID before calling applyEdit()!'); } $type_comment = PhabricatorTransactions::TYPE_COMMENT; if ($xaction->getTransactionType() == $type_comment) { if ($comment->getPHID()) { throw new Exception('Transaction comment must not yet have a PHID!'); } } if (!$this->getContentSource()) { throw new Exception('Call setContentSource() before applyEdit()!'); } $actor = $this->requireActor(); PhabricatorPolicyFilter::requireCapability($actor, $xaction, PhabricatorPolicyCapability::CAN_VIEW); if ($comment->getIsRemoved() && $actor->getIsAdmin()) { // NOTE: Administrators can remove comments by any user, and don't need // to pass the edit check. } else { PhabricatorPolicyFilter::requireCapability($actor, $xaction, PhabricatorPolicyCapability::CAN_EDIT); } }