protected function requireCapabilities(PhabricatorLiskDAO $object, PhabricatorApplicationTransaction $xaction)
{
switch ($xaction->getTransactionType()) {
case PhabricatorProjectTransaction::TYPE_NAME:
case PhabricatorProjectTransaction::TYPE_STATUS:
case PhabricatorProjectTransaction::TYPE_IMAGE:
case PhabricatorProjectTransaction::TYPE_ICON:
case PhabricatorProjectTransaction::TYPE_COLOR:
PhabricatorPolicyFilter::requireCapability($this->requireActor(), $object, PhabricatorPolicyCapability::CAN_EDIT);
return;
case PhabricatorProjectTransaction::TYPE_LOCKED:
PhabricatorPolicyFilter::requireCapability($this->requireActor(), newv($this->getEditorApplicationClass(), array()), ProjectCanLockProjectsCapability::CAPABILITY);
return;
case PhabricatorTransactions::TYPE_EDGE:
switch ($xaction->getMetadataValue('edge:type')) {
case PhabricatorProjectProjectHasMemberEdgeType::EDGECONST:
$old = $xaction->getOldValue();
$new = $xaction->getNewValue();
$add = array_keys(array_diff_key($new, $old));
$rem = array_keys(array_diff_key($old, $new));
$actor_phid = $this->requireActor()->getPHID();
$is_join = $add === array($actor_phid) && !$rem;
$is_leave = $rem === array($actor_phid) && !$add;
if ($is_join) {
// You need CAN_JOIN to join a project.
PhabricatorPolicyFilter::requireCapability($this->requireActor(), $object, PhabricatorPolicyCapability::CAN_JOIN);
} else {
if ($is_leave) {
// You usually don't need any capabilities to leave a project.
if ($object->getIsMembershipLocked()) {
// you must be able to edit though to leave locked projects
PhabricatorPolicyFilter::requireCapability($this->requireActor(), $object, PhabricatorPolicyCapability::CAN_EDIT);
}
} else {
// You need CAN_EDIT to change members other than yourself.
PhabricatorPolicyFilter::requireCapability($this->requireActor(), $object, PhabricatorPolicyCapability::CAN_EDIT);
}
}
return;
}
break;
}
return parent::requireCapabilities($object, $xaction);
}
protected function requireCapabilities(PhabricatorLiskDAO $object, PhabricatorApplicationTransaction $xaction)
{
parent::requireCapabilities($object, $xaction);
$app_capability_map = array(ManiphestTransaction::TYPE_PRIORITY => ManiphestEditPriorityCapability::CAPABILITY, ManiphestTransaction::TYPE_STATUS => ManiphestEditStatusCapability::CAPABILITY, ManiphestTransaction::TYPE_OWNER => ManiphestEditAssignCapability::CAPABILITY, PhabricatorTransactions::TYPE_EDIT_POLICY => ManiphestEditPoliciesCapability::CAPABILITY, PhabricatorTransactions::TYPE_VIEW_POLICY => ManiphestEditPoliciesCapability::CAPABILITY);
$transaction_type = $xaction->getTransactionType();
$app_capability = null;
if ($transaction_type == PhabricatorTransactions::TYPE_EDGE) {
switch ($xaction->getMetadataValue('edge:type')) {
case PhabricatorProjectObjectHasProjectEdgeType::EDGECONST:
$app_capability = ManiphestEditProjectsCapability::CAPABILITY;
break;
}
} else {
$app_capability = idx($app_capability_map, $transaction_type);
}
if ($app_capability) {
$app = id(new PhabricatorApplicationQuery())->setViewer($this->getActor())->withClasses(array('PhabricatorManiphestApplication'))->executeOne();
PhabricatorPolicyFilter::requireCapability($this->getActor(), $app, $app_capability);
}
}
protected function requireCapabilities(PhabricatorLiskDAO $object, PhabricatorApplicationTransaction $xaction)
{
switch ($xaction->getTransactionType()) {
}
return parent::requireCapabilities($object, $xaction);
}
protected function requireCapabilities(PhabricatorLiskDAO $object, PhabricatorApplicationTransaction $xaction)
{
parent::requireCapabilities($object, $xaction);
switch ($xaction->getTransactionType()) {
case ConpherenceTransaction::TYPE_PARTICIPANTS:
$old_map = array_fuse($xaction->getOldValue());
$new_map = array_fuse($xaction->getNewValue());
$add = array_keys(array_diff_key($new_map, $old_map));
$rem = array_keys(array_diff_key($old_map, $new_map));
$actor_phid = $this->requireActor()->getPHID();
$is_join = $add === array($actor_phid) && !$rem;
$is_leave = $rem === array($actor_phid) && !$add;
if ($is_join) {
// You need CAN_JOIN to join a room.
PhabricatorPolicyFilter::requireCapability($this->requireActor(), $object, PhabricatorPolicyCapability::CAN_JOIN);
} else {
if ($is_leave) {
// You don't need any capabilities to leave a conpherence thread.
} else {
// You need CAN_EDIT to change participants other than yourself.
PhabricatorPolicyFilter::requireCapability($this->requireActor(), $object, PhabricatorPolicyCapability::CAN_EDIT);
}
}
break;
// This is similar to PhabricatorTransactions::TYPE_COMMENT so
// use CAN_VIEW
// This is similar to PhabricatorTransactions::TYPE_COMMENT so
// use CAN_VIEW
case ConpherenceTransaction::TYPE_FILES:
PhabricatorPolicyFilter::requireCapability($this->requireActor(), $object, PhabricatorPolicyCapability::CAN_VIEW);
break;
case ConpherenceTransaction::TYPE_TITLE:
PhabricatorPolicyFilter::requireCapability($this->requireActor(), $object, PhabricatorPolicyCapability::CAN_EDIT);
break;
}
}
protected function requireCapabilities(PhabricatorLiskDAO $object, PhabricatorApplicationTransaction $xaction)
{
/*
* New objects have a special case. If a user can't see
* x/y
* then definitely don't let them make some
* x/y/z
* We need to load the direct parent to handle this case.
*/
if ($this->getIsNewObject()) {
$actor = $this->requireActor();
$parent_doc = null;
$ancestral_slugs = PhabricatorSlug::getAncestry($object->getSlug());
// No ancestral slugs is "/"; the first person gets to play with "/".
if ($ancestral_slugs) {
$parent = end($ancestral_slugs);
$parent_doc = id(new PhrictionDocumentQuery())->setViewer($actor)->withSlugs(array($parent))->executeOne();
// If the $actor can't see the $parent_doc then they can't create
// the child $object; throw a policy exception.
if (!$parent_doc) {
id(new PhabricatorPolicyFilter())->setViewer($actor)->raisePolicyExceptions(true)->rejectObject($object, $object->getEditPolicy(), PhabricatorPolicyCapability::CAN_EDIT);
}
// If the $actor can't edit the $parent_doc then they can't create
// the child $object; throw a policy exception.
if (!PhabricatorPolicyFilter::hasCapability($actor, $parent_doc, PhabricatorPolicyCapability::CAN_EDIT)) {
id(new PhabricatorPolicyFilter())->setViewer($actor)->raisePolicyExceptions(true)->rejectObject($object, $object->getEditPolicy(), PhabricatorPolicyCapability::CAN_EDIT);
}
}
}
return parent::requireCapabilities($object, $xaction);
}
protected function requireCapabilities(PhabricatorLiskDAO $object, PhabricatorApplicationTransaction $xaction)
{
switch ($xaction->getTransactionType()) {
case PhabricatorProjectTransaction::TYPE_NAME:
case PhabricatorProjectTransaction::TYPE_STATUS:
case PhabricatorProjectTransaction::TYPE_IMAGE:
case PhabricatorProjectTransaction::TYPE_ICON:
case PhabricatorProjectTransaction::TYPE_COLOR:
PhabricatorPolicyFilter::requireCapability($this->requireActor(), $object, PhabricatorPolicyCapability::CAN_EDIT);
return;
case PhabricatorTransactions::TYPE_EDGE:
switch ($xaction->getMetadataValue('edge:type')) {
case PhabricatorEdgeConfig::TYPE_PROJ_MEMBER:
$old = $xaction->getOldValue();
$new = $xaction->getNewValue();
$add = array_keys(array_diff_key($new, $old));
$rem = array_keys(array_diff_key($old, $new));
$actor_phid = $this->requireActor()->getPHID();
$is_join = $add === array($actor_phid) && !$rem;
$is_leave = $rem === array($actor_phid) && !$add;
if ($is_join) {
// You need CAN_JOIN to join a project.
PhabricatorPolicyFilter::requireCapability($this->requireActor(), $object, PhabricatorPolicyCapability::CAN_JOIN);
} else {
if ($is_leave) {
// You don't need any capabilities to leave a project.
} else {
// You need CAN_EDIT to change members other than yourself.
PhabricatorPolicyFilter::requireCapability($this->requireActor(), $object, PhabricatorPolicyCapability::CAN_EDIT);
}
}
return;
}
break;
}
return parent::requireCapabilities($object, $xaction);
}
protected function requireCapabilities(PhabricatorLiskDAO $object, PhabricatorApplicationTransaction $xaction)
{
switch ($xaction->getTransactionType()) {
case PhabricatorProjectColumnTransaction::TYPE_NAME:
case PhabricatorProjectColumnTransaction::TYPE_STATUS:
PhabricatorPolicyFilter::requireCapability($this->requireActor(), $object, PhabricatorPolicyCapability::CAN_EDIT);
return;
}
return parent::requireCapabilities($object, $xaction);
}