public function getPolicy($capability)
{
// These objects are low-level and only accessed through the storage
// engine, so policies are mostly just in place to let us use the common
// query infrastructure.
return PhabricatorPolicies::getMostOpenPolicy();
}
public function getPolicy($capability)
{
switch ($capability) {
case PhabricatorPolicyCapability::CAN_VIEW:
return PhabricatorPolicies::getMostOpenPolicy();
}
}
public static function initializeNewDocument(PhabricatorUser $actor, $slug)
{
$document = new PhrictionDocument();
$document->setSlug($slug);
$content = new PhrictionContent();
$content->setSlug($slug);
$default_title = PhabricatorSlug::getDefaultTitle($slug);
$content->setTitle($default_title);
$document->attachContent($content);
$parent_doc = null;
$ancestral_slugs = PhabricatorSlug::getAncestry($slug);
if ($ancestral_slugs) {
$parent = end($ancestral_slugs);
$parent_doc = id(new PhrictionDocumentQuery())->setViewer($actor)->withSlugs(array($parent))->executeOne();
}
if ($parent_doc) {
$document->setViewPolicy($parent_doc->getViewPolicy());
$document->setEditPolicy($parent_doc->getEditPolicy());
} else {
$default_view_policy = PhabricatorPolicies::getMostOpenPolicy();
$document->setViewPolicy($default_view_policy);
$document->setEditPolicy(PhabricatorPolicies::POLICY_USER);
}
return $document;
}
public function testFileVisibility()
{
$engine = new PhabricatorTestStorageEngine();
$data = Filesystem::readRandomCharacters(64);
$author = $this->generateNewTestUser();
$viewer = $this->generateNewTestUser();
$users = array($author, $viewer);
$params = array('name' => 'test.dat', 'viewPolicy' => PhabricatorPolicies::POLICY_NOONE, 'authorPHID' => $author->getPHID(), 'storageEngines' => array($engine));
$file = PhabricatorFile::newFromFileData($data, $params);
$filter = new PhabricatorPolicyFilter();
// Test bare file policies.
$this->assertEqual(array(true, false), $this->canViewFile($users, $file), pht('File Visibility'));
// Create an object and test object policies.
$object = ManiphestTask::initializeNewTask($author);
$object->setViewPolicy(PhabricatorPolicies::getMostOpenPolicy());
$object->save();
$this->assertTrue($filter->hasCapability($author, $object, PhabricatorPolicyCapability::CAN_VIEW), pht('Object Visible to Author'));
$this->assertTrue($filter->hasCapability($viewer, $object, PhabricatorPolicyCapability::CAN_VIEW), pht('Object Visible to Others'));
// Attach the file to the object and test that the association opens a
// policy exception for the non-author viewer.
$file->attachToObject($object->getPHID());
// Test the attached file's visibility.
$this->assertEqual(array(true, true), $this->canViewFile($users, $file), pht('Attached File Visibility'));
// Create a "thumbnail" of the original file.
$params = array('name' => 'test.thumb.dat', 'viewPolicy' => PhabricatorPolicies::POLICY_NOONE, 'storageEngines' => array($engine));
$xform = PhabricatorFile::newFromFileData($data, $params);
id(new PhabricatorTransformedFile())->setOriginalPHID($file->getPHID())->setTransform('test-thumb')->setTransformedPHID($xform->getPHID())->save();
// Test the thumbnail's visibility.
$this->assertEqual(array(true, true), $this->canViewFile($users, $xform), pht('Attached Thumbnail Visibility'));
// Detach the object and make sure it affects the thumbnail.
$file->detachFromObject($object->getPHID());
// Test the detached thumbnail's visibility.
$this->assertEqual(array(true, false), $this->canViewFile($users, $xform), pht('Detached Thumbnail Visibility'));
}
public function getPolicy($capability)
{
switch ($capability) {
case PhabricatorPolicyCapability::CAN_VIEW:
return PhabricatorPolicies::getMostOpenPolicy();
case PhabricatorPolicyCapability::CAN_EDIT:
return $this->getUserPHID();
}
}
public function render()
{
$viewer = $this->getUser();
if (!$viewer->isLoggedIn()) {
return null;
}
$instructions_id = celerity_generate_unique_node_id();
require_celerity_resource('global-drag-and-drop-css');
Javelin::initBehavior('global-drag-and-drop', array('ifSupported' => $this->showIfSupportedID, 'instructions' => $instructions_id, 'uploadURI' => '/file/dropupload/', 'browseURI' => '/file/query/authored/', 'viewPolicy' => PhabricatorPolicies::getMostOpenPolicy()));
return phutil_tag('div', array('id' => $instructions_id, 'class' => 'phabricator-global-upload-instructions', 'style' => 'display: none;'), pht("⇪ Drop Files to Upload"));
}
public function getPolicy($capability)
{
$policy = PhabricatorPolicies::POLICY_NOONE;
switch ($capability) {
case PhabricatorPolicyCapability::CAN_VIEW:
// Since it's impossible to perform any meaningful computations with
// time if a user can't view some of it, visibility on tracked time is
// unrestricted. If we eventually lock it down, it should be per-user.
// (This doesn't mean that users can see tracked objects.)
return PhabricatorPolicies::getMostOpenPolicy();
}
return $policy;
}
public static function initializeNewCalendarEvent(PhabricatorUser $actor, $mode)
{
$app = id(new PhabricatorApplicationQuery())->setViewer($actor)->withClasses(array('PhabricatorCalendarApplication'))->executeOne();
$view_policy = null;
$is_recurring = 0;
if ($mode == 'public') {
$view_policy = PhabricatorPolicies::getMostOpenPolicy();
}
if ($mode == 'recurring') {
$is_recurring = true;
}
return id(new PhabricatorCalendarEvent())->setUserPHID($actor->getPHID())->setIsCancelled(0)->setIsAllDay(0)->setIsRecurring($is_recurring)->setIcon(self::DEFAULT_ICON)->setViewPolicy($view_policy)->setEditPolicy($actor->getPHID())->setSpacePHID($actor->getDefaultSpacePHID())->attachInvitees(array())->applyViewerTimezone($actor);
}
protected function execute(ConduitAPIRequest $request)
{
$data = $request->getValue('data_base64');
$name = $request->getValue('name');
$can_cdn = $request->getValue('canCDN');
$view_policy = $request->getValue('viewPolicy');
$user = $request->getUser();
$data = base64_decode($data, $strict = true);
if (!$view_policy) {
$view_policy = PhabricatorPolicies::getMostOpenPolicy();
}
$file = PhabricatorFile::newFromFileData($data, array('name' => $name, 'authorPHID' => $user->getPHID(), 'viewPolicy' => $view_policy, 'canCDN' => $can_cdn, 'isExplicitUpload' => true));
return $file->getPHID();
}
public function validateOption(PhabricatorConfigOption $option, $value)
{
if (phid_get_type($value) != PhabricatorFileFilePHIDType::TYPECONST) {
throw new Exception(pht('%s is not a valid file PHID.', $value));
}
$file = id(new PhabricatorFileQuery())->setViewer(PhabricatorUser::getOmnipotentUser())->withPHIDs(array($value))->executeOne();
if (!$file) {
throw new Exception(pht('%s is not a valid file PHID.', $value));
}
$most_open_policy = PhabricatorPolicies::getMostOpenPolicy();
if ($file->getViewPolicy() != $most_open_policy) {
throw new Exception(pht('Specified file %s has policy "%s" but should have policy "%s".', $value, $file->getViewPolicy(), $most_open_policy));
}
if (!$file->isViewableImage()) {
throw new Exception(pht('Specified file %s is not a viewable image.', $value));
}
}
public function execute(HarbormasterBuild $build, HarbormasterBuildTarget $build_target)
{
$settings = $this->getSettings();
$variables = $build_target->getVariables();
$path = $this->mergeVariables('vsprintf', $settings['path'], $variables);
$artifact = $build->loadArtifact($settings['artifact']);
$file = $artifact->loadPhabricatorFile();
$fragment = id(new PhragmentFragmentQuery())->setViewer(PhabricatorUser::getOmnipotentUser())->withPaths(array($path))->executeOne();
if ($fragment === null) {
PhragmentFragment::createFromFile(PhabricatorUser::getOmnipotentUser(), $file, $path, PhabricatorPolicies::getMostOpenPolicy(), PhabricatorPolicies::POLICY_USER);
} else {
if ($file->getMimeType() === 'application/zip') {
$fragment->updateFromZIP(PhabricatorUser::getOmnipotentUser(), $file);
} else {
$fragment->updateFromFile(PhabricatorUser::getOmnipotentUser(), $file);
}
}
}
protected function getBook()
{
if (!$this->book) {
$book_name = $this->getConfig('name');
$book = id(new DivinerLiveBook())->loadOneWhere('name = %s', $book_name);
if (!$book) {
$book = id(new DivinerLiveBook())->setName($book_name)->setViewPolicy(PhabricatorPolicies::getMostOpenPolicy())->setEditPolicy(PhabricatorPolicies::POLICY_ADMIN)->save();
}
$conn_w = $book->establishConnection('w');
$conn_w->openTransaction();
$book->setRepositoryPHID($this->getRepositoryPHID())->setConfigurationData($this->getConfigurationData())->save();
// TODO: This is gross. Without this, the repository won't be updated for
// atoms which have already been published.
queryfx($conn_w, 'UPDATE %T SET repositoryPHID = %s WHERE bookPHID = %s', id(new DivinerLiveSymbol())->getTableName(), $this->getRepositoryPHID(), $book->getPHID());
$conn_w->saveTransaction();
$this->book = $book;
id(new PhabricatorSearchIndexer())->queueDocumentForIndexing($book->getPHID());
}
return $this->book;
}
public function getPolicy($capability)
{
switch ($capability) {
case PhabricatorPolicyCapability::CAN_VIEW:
return PhabricatorPolicies::getMostOpenPolicy();
case PhabricatorPolicyCapability::CAN_EDIT:
// NOTE: In practice, this policy is always limited by the "Mangage
// Build Plans" policy.
if ($this->isAutoplan()) {
return PhabricatorPolicies::POLICY_NOONE;
}
return PhabricatorPolicies::getMostOpenPolicy();
}
}
public function getPolicy($capability)
{
return PhabricatorPolicies::getMostOpenPolicy();
}
public static function initializeNewPhurlURL(PhabricatorUser $actor)
{
$app = id(new PhabricatorApplicationQuery())->setViewer($actor)->withClasses(array('PhabricatorPhurlApplication'))->executeOne();
return id(new PhabricatorPhurlURL())->setAuthorPHID($actor->getPHID())->setViewPolicy(PhabricatorPolicies::getMostOpenPolicy())->setEditPolicy($actor->getPHID())->setSpacePHID($actor->getDefaultSpacePHID());
}
public static function initializeNewBlog(PhabricatorUser $actor)
{
$blog = id(new PhameBlog())->setCreatorPHID($actor->getPHID())->setViewPolicy(PhabricatorPolicies::getMostOpenPolicy())->setEditPolicy(PhabricatorPolicies::POLICY_USER)->setJoinPolicy(PhabricatorPolicies::POLICY_USER);
return $blog;
}
public function getPolicy($capability)
{
$default = $this->getCustomPolicySetting($capability);
if ($default) {
return $default;
}
switch ($capability) {
case PhabricatorPolicyCapability::CAN_VIEW:
return PhabricatorPolicies::getMostOpenPolicy();
case PhabricatorPolicyCapability::CAN_EDIT:
return PhabricatorPolicies::POLICY_ADMIN;
default:
$spec = $this->getCustomCapabilitySpecification($capability);
return idx($spec, 'default', PhabricatorPolicies::POLICY_USER);
}
}
/**
* @task policy
*/
public function getPolicy($capability)
{
// NOTE: We enforce that a user can see all the objects a story is about
// when loading it, so we don't need to perform a equivalent secondary
// policy check later.
return PhabricatorPolicies::getMostOpenPolicy();
}
public static function initializeNewConfiguration(PhabricatorUser $actor, PhabricatorEditEngine $engine)
{
// TODO: This should probably be controlled by a new defualt capability.
$edit_policy = PhabricatorPolicies::POLICY_ADMIN;
return id(new PhabricatorEditEngineConfiguration())->setEngineKey($engine->getEngineKey())->attachEngine($engine)->setViewPolicy(PhabricatorPolicies::getMostOpenPolicy())->setEditPolicy($edit_policy);
}
protected function loadOrCreateAccount($account_id)
{
if (!strlen($account_id)) {
throw new Exception(pht('Empty account ID!'));
}
$adapter = $this->getAdapter();
$adapter_class = get_class($adapter);
if (!strlen($adapter->getAdapterType())) {
throw new Exception(pht("AuthAdapter (of class '%s') has an invalid implementation: " . "no adapter type.", $adapter_class));
}
if (!strlen($adapter->getAdapterDomain())) {
throw new Exception(pht("AuthAdapter (of class '%s') has an invalid implementation: " . "no adapter domain.", $adapter_class));
}
$account = id(new PhabricatorExternalAccount())->loadOneWhere('accountType = %s AND accountDomain = %s AND accountID = %s', $adapter->getAdapterType(), $adapter->getAdapterDomain(), $account_id);
if (!$account) {
$account = id(new PhabricatorExternalAccount())->setAccountType($adapter->getAdapterType())->setAccountDomain($adapter->getAdapterDomain())->setAccountID($account_id);
}
$account->setUsername($adapter->getAccountName());
$account->setRealName($adapter->getAccountRealName());
$account->setEmail($adapter->getAccountEmail());
$account->setAccountURI($adapter->getAccountURI());
$account->setProfileImagePHID(null);
$image_uri = $adapter->getAccountImageURI();
if ($image_uri) {
try {
$name = PhabricatorSlug::normalize($this->getProviderName());
$name = $name . '-profile.jpg';
// TODO: If the image has not changed, we do not need to make a new
// file entry for it, but there's no convenient way to do this with
// PhabricatorFile right now. The storage will get shared, so the impact
// here is negligible.
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
$image_file = PhabricatorFile::newFromFileDownload($image_uri, array('name' => $name, 'viewPolicy' => PhabricatorPolicies::POLICY_NOONE));
if ($image_file->isViewableImage()) {
$image_file->setViewPolicy(PhabricatorPolicies::getMostOpenPolicy())->setCanCDN(true)->save();
$account->setProfileImagePHID($image_file->getPHID());
} else {
$image_file->delete();
}
unset($unguarded);
} catch (Exception $ex) {
// Log this but proceed, it's not especially important that we
// be able to pull profile images.
phlog($ex);
}
}
$this->willSaveAccount($account);
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
$account->save();
unset($unguarded);
return $account;
}
public function getPolicy($capability)
{
if ($capability == PhabricatorPolicyCapability::CAN_VIEW) {
return PhabricatorPolicies::getMostOpenPolicy();
}
if ($this->isGlobalRule()) {
$app = 'PhabricatorHeraldApplication';
$herald = PhabricatorApplication::getByClass($app);
$global = HeraldManageGlobalRulesCapability::CAPABILITY;
return $herald->getPolicy($global);
} else {
if ($this->isObjectRule()) {
return $this->getTriggerObject()->getPolicy($capability);
} else {
return $this->getAuthorPHID();
}
}
}
public function getPolicy($capability)
{
switch ($capability) {
case PhabricatorPolicyCapability::CAN_VIEW:
if ($this->isAutoplan()) {
return PhabricatorPolicies::getMostOpenPolicy();
}
return $this->getViewPolicy();
case PhabricatorPolicyCapability::CAN_EDIT:
if ($this->isAutoplan()) {
return PhabricatorPolicies::POLICY_NOONE;
}
return $this->getEditPolicy();
}
}
public function getPolicy($capability)
{
switch ($capability) {
case PhabricatorPolicyCapability::CAN_VIEW:
if ($this->isBuiltin()) {
return PhabricatorPolicies::getMostOpenPolicy();
}
if ($this->getIsProfileImage()) {
return PhabricatorPolicies::getMostOpenPolicy();
}
return $this->getViewPolicy();
case PhabricatorPolicyCapability::CAN_EDIT:
return PhabricatorPolicies::POLICY_NOONE;
}
}
<?php
$table = new HarbormasterBuildPlan();
$conn_w = $table->establishConnection('w');
$view_policy = PhabricatorPolicies::getMostOpenPolicy();
queryfx($conn_w, 'UPDATE %T SET viewPolicy = %s WHERE viewPolicy = %s', $table->getTableName(), $view_policy, '');
$edit_policy = id(new PhabricatorHarbormasterApplication())->getPolicy(HarbormasterCreatePlansCapability::CAPABILITY);
queryfx($conn_w, 'UPDATE %T SET editPolicy = %s WHERE editPolicy = %s', $table->getTableName(), $edit_policy, '');
public function getPolicy($capability)
{
// We're just implement this interface to get access to the standard
// query infrastructure.
return PhabricatorPolicies::getMostOpenPolicy();
}
public function getPolicy($capability)
{
switch ($capability) {
case PhabricatorPolicyCapability::CAN_VIEW:
$user_phid = $this->getUserPHID();
if ($user_phid) {
return $user_phid;
}
return PhabricatorPolicies::getMostOpenPolicy();
case PhabricatorPolicyCapability::CAN_EDIT:
if ($this->hasManagedUser()) {
return PhabricatorPolicies::POLICY_ADMIN;
}
$user_phid = $this->getUserPHID();
if ($user_phid) {
return $user_phid;
}
return PhabricatorPolicies::POLICY_ADMIN;
}
}
public function getPolicy($capability)
{
if ($this->getResource()) {
return $this->getResource()->getPolicy($capability);
}
// TODO: Implement reasonable policies.
return PhabricatorPolicies::getMostOpenPolicy();
}
public function getPolicy($capability)
{
if ($this->getResource()) {
return $this->getResource()->getPolicy($capability);
}
return PhabricatorPolicies::getMostOpenPolicy();
}
public static function initializeNewMerchant(PhabricatorUser $actor)
{
return id(new PhortuneMerchant())->setViewPolicy(PhabricatorPolicies::getMostOpenPolicy())->attachMemberPHIDs(array())->setContactInfo('')->setInvoiceEmail('')->setInvoiceFooter('');
}
public function getPolicy($capability)
{
// Application methods get application visibility; other methods get open
// visibility.
$application = $this->getApplication();
if ($application) {
return $application->getPolicy($capability);
}
return PhabricatorPolicies::getMostOpenPolicy();
}