private function buildProperties(PhabricatorProject $project)
{
$viewer = $this->getViewer();
$view = id(new PHUIPropertyListView())->setUser($viewer)->setObject($project);
if ($project->isMilestone()) {
$icon_key = PhabricatorProjectIconSet::getMilestoneIconKey();
$icon = PhabricatorProjectIconSet::getIconIcon($icon_key);
$target = PhabricatorProjectIconSet::getIconName($icon_key);
$note = pht('Members of the parent project are members of this project.');
$show_join = false;
} else {
if ($project->getHasSubprojects()) {
$icon = 'fa-sitemap';
$target = pht('Parent Project');
$note = pht('Members of all subprojects are members of this project.');
$show_join = false;
} else {
if ($project->getIsMembershipLocked()) {
$icon = 'fa-lock';
$target = pht('Locked Project');
$note = pht('Users with access may join this project, but may not leave.');
$show_join = true;
} else {
$icon = 'fa-briefcase';
$target = pht('Normal Project');
$note = pht('Users with access may join and leave this project.');
$show_join = true;
}
}
}
$item = id(new PHUIStatusItemView())->setIcon($icon)->setTarget(phutil_tag('strong', array(), $target))->setNote($note);
$status = id(new PHUIStatusListView())->addItem($item);
$view->addProperty(pht('Membership'), $status);
if ($show_join) {
$descriptions = PhabricatorPolicyQuery::renderPolicyDescriptions($viewer, $project);
$view->addProperty(pht('Joinable By'), $descriptions[PhabricatorPolicyCapability::CAN_JOIN]);
}
$viewer_phid = $viewer->getPHID();
if ($project->isUserWatcher($viewer_phid)) {
$watch_item = id(new PHUIStatusItemView())->setIcon('fa-eye green')->setTarget(phutil_tag('strong', array(), pht('Watching')))->setNote(pht('You will receive mail about changes made to any related ' . 'object.'));
$watch_status = id(new PHUIStatusListView())->addItem($watch_item);
$view->addProperty(pht('Watching'), $watch_status);
}
if ($project->isUserMember($viewer_phid)) {
$is_silenced = $this->isProjectSilenced($project);
if ($is_silenced) {
$mail_icon = 'fa-envelope-o grey';
$mail_target = pht('Disabled');
$mail_note = pht('When mail is sent to project members, you will not receive ' . 'a copy.');
} else {
$mail_icon = 'fa-envelope-o green';
$mail_target = pht('Enabled');
$mail_note = pht('You will receive mail that is sent to project members.');
}
$mail_item = id(new PHUIStatusItemView())->setIcon($mail_icon)->setTarget(phutil_tag('strong', array(), $mail_target))->setNote($mail_note);
$mail_status = id(new PHUIStatusListView())->addItem($mail_item);
$view->addProperty(pht('Mail to Members'), $mail_status);
}
return $view;
}
protected function getOptions()
{
$capability = $this->capability;
$policies = $this->policies;
// Exclude object policies which don't make sense here. This primarily
// filters object policies associated from template capabilities (like
// "Default Task View Policy" being set to "Task Author") so they aren't
// made available on non-template capabilities (like "Can Bulk Edit").
foreach ($policies as $key => $policy) {
if ($policy->getType() != PhabricatorPolicyType::TYPE_OBJECT) {
continue;
}
$rule = PhabricatorPolicyQuery::getObjectPolicyRule($policy->getPHID());
if (!$rule) {
continue;
}
$target = nonempty($this->templateObject, $this->object);
if (!$rule->canApplyToObject($target)) {
unset($policies[$key]);
continue;
}
}
$options = array();
foreach ($policies as $policy) {
if ($policy->getPHID() == PhabricatorPolicies::POLICY_PUBLIC) {
// Never expose "Public" for capabilities which don't support it.
$capobj = PhabricatorPolicyCapability::getCapabilityByKey($capability);
if (!$capobj || !$capobj->shouldAllowPublicPolicySetting()) {
continue;
}
}
$policy_short_name = id(new PhutilUTF8StringTruncator())->setMaximumGlyphs(28)->truncateString($policy->getName());
$options[$policy->getType()][$policy->getPHID()] = array('name' => $policy_short_name, 'full' => $policy->getName(), 'icon' => $policy->getIcon());
}
// If we were passed several custom policy options, throw away the ones
// which aren't the value for this capability. For example, an object might
// have a custom view pollicy and a custom edit policy. When we render
// the selector for "Can View", we don't want to show the "Can Edit"
// custom policy -- if we did, the menu would look like this:
//
// Custom
// Custom Policy
// Custom Policy
//
// ...where one is the "view" custom policy, and one is the "edit" custom
// policy.
$type_custom = PhabricatorPolicyType::TYPE_CUSTOM;
if (!empty($options[$type_custom])) {
$options[$type_custom] = array_select_keys($options[$type_custom], array($this->getValue()));
}
// If there aren't any custom policies, add a placeholder policy so we
// render a menu item. This allows the user to switch to a custom policy.
if (empty($options[$type_custom])) {
$placeholder = new PhabricatorPolicy();
$placeholder->setName(pht('Custom Policy...'));
$options[$type_custom][$this->getCustomPolicyPlaceholder()] = array('name' => $placeholder->getName(), 'full' => $placeholder->getName(), 'icon' => $placeholder->getIcon());
}
$options = array_select_keys($options, array(PhabricatorPolicyType::TYPE_GLOBAL, PhabricatorPolicyType::TYPE_OBJECT, PhabricatorPolicyType::TYPE_USER, PhabricatorPolicyType::TYPE_CUSTOM, PhabricatorPolicyType::TYPE_PROJECT));
return $options;
}
private function buildPropertyView(PhameBlog $blog)
{
$viewer = $this->getViewer();
require_celerity_resource('aphront-tooltip-css');
Javelin::initBehavior('phabricator-tooltips');
$properties = id(new PHUIPropertyListView())->setUser($viewer)->setObject($blog);
$domain = $blog->getDomain();
if (!$domain) {
$domain = phutil_tag('em', array(), pht('No external domain'));
}
$properties->addProperty(pht('Domain'), $domain);
$feed_uri = PhabricatorEnv::getProductionURI($this->getApplicationURI('blog/feed/' . $blog->getID() . '/'));
$properties->addProperty(pht('Atom URI'), javelin_tag('a', array('href' => $feed_uri, 'sigil' => 'has-tooltip', 'meta' => array('tip' => pht('Atom URI does not support custom domains.'), 'size' => 320)), $feed_uri));
$descriptions = PhabricatorPolicyQuery::renderPolicyDescriptions($viewer, $blog);
$properties->addProperty(pht('Editable By'), $descriptions[PhabricatorPolicyCapability::CAN_EDIT]);
$engine = id(new PhabricatorMarkupEngine())->setViewer($viewer)->addObject($blog, PhameBlog::MARKUP_FIELD_DESCRIPTION)->process();
$properties->invokeWillRenderEvent();
$description = $blog->getDescription();
if (strlen($description)) {
$description = new PHUIRemarkupView($viewer, $description);
$properties->addSectionHeader(pht('Description'), PHUIPropertyListView::ICON_SUMMARY);
$properties->addTextContent($description);
}
return $properties;
}
private function buildPropertyView(PhabricatorApplication $application, PhabricatorActionListView $actions)
{
$viewer = $this->getRequest()->getUser();
$properties = id(new PHUIPropertyListView());
$properties->setActionList($actions);
$properties->addProperty(pht('Description'), $application->getShortDescription());
if ($application->getFlavorText()) {
$properties->addProperty(null, phutil_tag('em', array(), $application->getFlavorText()));
}
if ($application->isPrototype()) {
$proto_href = PhabricatorEnv::getDoclink('User Guide: Prototype Applications');
$learn_more = phutil_tag('a', array('href' => $proto_href, 'target' => '_blank'), pht('Learn More'));
$properties->addProperty(pht('Prototype'), pht('This application is a prototype. %s', $learn_more));
}
$overview = $application->getOverview();
if (strlen($overview)) {
$overview = new PHUIRemarkupView($viewer, $overview);
$properties->addSectionHeader(pht('Overview'), PHUIPropertyListView::ICON_SUMMARY);
$properties->addTextContent($overview);
}
$descriptions = PhabricatorPolicyQuery::renderPolicyDescriptions($viewer, $application);
$properties->addSectionHeader(pht('Policies'), 'fa-lock');
foreach ($application->getCapabilities() as $capability) {
$properties->addProperty($application->getCapabilityLabel($capability), idx($descriptions, $capability));
}
return $properties;
}
private function buildPropertyList(DivinerLiveBook $book)
{
$viewer = $this->getRequest()->getUser();
$view = id(new PHUIPropertyListView())->setUser($viewer);
$policies = PhabricatorPolicyQuery::renderPolicyDescriptions($viewer, $book);
$view->addProperty(pht('Updated'), phabricator_datetime($book->getDateModified(), $viewer));
return $view;
}
private function buildPropertyView(PhabricatorDashboard $dashboard)
{
$viewer = $this->getViewer();
$properties = id(new PHUIPropertyListView())->setUser($viewer);
$descriptions = PhabricatorPolicyQuery::renderPolicyDescriptions($viewer, $dashboard);
$properties->addProperty(pht('Editable By'), $descriptions[PhabricatorPolicyCapability::CAN_EDIT]);
$properties->addProperty(pht('Panels'), $viewer->renderHandleList($dashboard->getPanelPHIDs()));
return id(new PHUIObjectBoxView())->setHeaderText(pht('Details'))->setBackground(PHUIObjectBoxView::BLUE_PROPERTY)->addPropertyList($properties);
}
private function buildPropertyView(PhabricatorDashboard $dashboard)
{
$viewer = $this->getRequest()->getUser();
$properties = id(new PHUIPropertyListView())->setUser($viewer)->setObject($dashboard);
$descriptions = PhabricatorPolicyQuery::renderPolicyDescriptions($viewer, $dashboard);
$properties->addProperty(pht('Editable By'), $descriptions[PhabricatorPolicyCapability::CAN_EDIT]);
$properties->addProperty(pht('Panels'), $viewer->renderHandleList($dashboard->getPanelPHIDs()));
return $properties;
}
private function buildPropertyView(NuanceSource $source, PhabricatorActionListView $actions)
{
$viewer = $this->getRequest()->getUser();
$properties = id(new PHUIPropertyListView())->setUser($viewer)->setObject($source)->setActionList($actions);
$definition = $source->requireDefinition();
$properties->addProperty(pht('Source Type'), $definition->getName());
$descriptions = PhabricatorPolicyQuery::renderPolicyDescriptions($viewer, $source);
$properties->addProperty(pht('Editable By'), $descriptions[PhabricatorPolicyCapability::CAN_EDIT]);
return $properties;
}
private function buildPropertyView(PhabricatorProjectColumn $column, PhabricatorActionListView $actions)
{
$viewer = $this->getRequest()->getUser();
$properties = id(new PHUIPropertyListView())->setUser($viewer)->setObject($column)->setActionList($actions);
$descriptions = PhabricatorPolicyQuery::renderPolicyDescriptions($viewer, $column);
$properties->addProperty(pht('Editable By'), $descriptions[PhabricatorPolicyCapability::CAN_EDIT]);
$limit = $column->getPointLimit();
$properties->addProperty(pht('Point Limit'), $limit ? $limit : pht('No Limit'));
return $properties;
}
private function buildPolicyView(PhabricatorApplication $application)
{
$viewer = $this->getViewer();
$properties = id(new PHUIPropertyListView());
$header = id(new PHUIHeaderView())->setHeader(pht('POLICIES'))->setHeaderIcon('fa-lock');
$descriptions = PhabricatorPolicyQuery::renderPolicyDescriptions($viewer, $application);
foreach ($application->getCapabilities() as $capability) {
$properties->addProperty($application->getCapabilityLabel($capability), idx($descriptions, $capability));
}
return id(new PHUIObjectBoxView())->setHeader($header)->setBackground(PHUIObjectBoxView::BLUE_PROPERTY)->appendChild($properties);
}
private function buildPropertyListView(PhabricatorProject $project, PhabricatorActionListView $actions)
{
$request = $this->getRequest();
$viewer = $request->getUser();
$view = id(new PHUIPropertyListView())->setUser($viewer)->setObject($project)->setActionList($actions);
$descriptions = PhabricatorPolicyQuery::renderPolicyDescriptions($viewer, $project);
$this->loadHandles(array($project->getPHID()));
$view->addProperty(pht('Looks Like'), $this->getHandle($project->getPHID())->renderTag());
$view->addProperty(pht('Visible To'), $descriptions[PhabricatorPolicyCapability::CAN_VIEW]);
$view->addProperty(pht('Editable By'), $descriptions[PhabricatorPolicyCapability::CAN_EDIT]);
$view->addProperty(pht('Joinable By'), $descriptions[PhabricatorPolicyCapability::CAN_JOIN]);
return $view;
}
private function buildPropertyView(PhabricatorPaste $paste, array $child_phids, PhabricatorActionListView $actions)
{
$viewer = $this->getViewer();
$properties = id(new PHUIPropertyListView())->setUser($viewer)->setObject($paste)->setActionList($actions);
$properties->addProperty(pht('Author'), $viewer->renderHandle($paste->getAuthorPHID()));
$properties->addProperty(pht('Created'), phabricator_datetime($paste->getDateCreated(), $viewer));
if ($paste->getParentPHID()) {
$properties->addProperty(pht('Forked From'), $viewer->renderHandle($paste->getParentPHID()));
}
if ($child_phids) {
$properties->addProperty(pht('Forks'), $viewer->renderHandleList($child_phids));
}
$descriptions = PhabricatorPolicyQuery::renderPolicyDescriptions($viewer, $paste);
return $properties;
}
private function buildPropertyListView(PhabricatorSpacesNamespace $space)
{
$viewer = $this->getRequest()->getUser();
$list = id(new PHUIPropertyListView())->setUser($viewer);
$list->addProperty(pht('Default Space'), $space->getIsDefaultNamespace() ? pht('Yes') : pht('No'));
$descriptions = PhabricatorPolicyQuery::renderPolicyDescriptions($viewer, $space);
$list->addProperty(pht('Editable By'), $descriptions[PhabricatorPolicyCapability::CAN_EDIT]);
$description = $space->getDescription();
if (strlen($description)) {
$description = PhabricatorMarkupEngine::renderOneObject(id(new PhabricatorMarkupOneOff())->setContent($description), 'default', $viewer);
$list->addSectionHeader(pht('Description'), PHUIPropertyListView::ICON_SUMMARY);
$list->addTextContent($description);
}
return $list;
}
private function buildPropertyView(PhabricatorPaste $paste, array $child_phids)
{
$user = $this->getRequest()->getUser();
$properties = new PhabricatorPropertyListView();
$properties->addProperty(pht('Author'), $this->getHandle($paste->getAuthorPHID())->renderLink());
$properties->addProperty(pht('Created'), phabricator_datetime($paste->getDateCreated(), $user));
if ($paste->getParentPHID()) {
$properties->addProperty(pht('Forked From'), $this->getHandle($paste->getParentPHID())->renderLink());
}
if ($child_phids) {
$properties->addProperty(pht('Forks'), $this->renderHandlesForPHIDs($child_phids));
}
$descriptions = PhabricatorPolicyQuery::renderPolicyDescriptions($user, $paste);
$properties->addProperty(pht('Visible To'), $descriptions[PhabricatorPolicyCapability::CAN_VIEW]);
return $properties;
}
private function renderProperties(PhameBlog $blog, PhabricatorUser $user, PhabricatorActionListView $actions)
{
require_celerity_resource('aphront-tooltip-css');
Javelin::initBehavior('phabricator-tooltips');
$properties = new PHUIPropertyListView();
$properties->setActionList($actions);
$properties->addProperty(pht('Skin'), $blog->getSkin());
$properties->addProperty(pht('Domain'), $blog->getDomain());
$feed_uri = PhabricatorEnv::getProductionURI($this->getApplicationURI('blog/feed/' . $blog->getID() . '/'));
$properties->addProperty(pht('Atom URI'), javelin_tag('a', array('href' => $feed_uri, 'sigil' => 'has-tooltip', 'meta' => array('tip' => pht('Atom URI does not support custom domains.'), 'size' => 320)), $feed_uri));
$descriptions = PhabricatorPolicyQuery::renderPolicyDescriptions($user, $blog);
$properties->addProperty(pht('Editable By'), $descriptions[PhabricatorPolicyCapability::CAN_EDIT]);
$properties->addProperty(pht('Joinable By'), $descriptions[PhabricatorPolicyCapability::CAN_JOIN]);
$engine = id(new PhabricatorMarkupEngine())->setViewer($user)->addObject($blog, PhameBlog::MARKUP_FIELD_DESCRIPTION)->process();
$properties->addTextContent(phutil_tag('div', array('class' => 'phabricator-remarkup'), $engine->getOutput($blog, PhameBlog::MARKUP_FIELD_DESCRIPTION)));
return $properties;
}
public function buildManagementPanelContent()
{
$repository = $this->getRepository();
$viewer = $this->getViewer();
$view = id(new PHUIPropertyListView())->setViewer($viewer)->setActionList($this->newActions());
$descriptions = PhabricatorPolicyQuery::renderPolicyDescriptions($viewer, $repository);
$view_parts = array();
if (PhabricatorSpacesNamespaceQuery::getViewerSpacesExist($viewer)) {
$space_phid = PhabricatorSpacesNamespaceQuery::getObjectSpacePHID($repository);
$view_parts[] = $viewer->renderHandle($space_phid);
}
$view_parts[] = $descriptions[PhabricatorPolicyCapability::CAN_VIEW];
$view->addProperty(pht('Visible To'), phutil_implode_html(" · ", $view_parts));
$view->addProperty(pht('Editable By'), $descriptions[PhabricatorPolicyCapability::CAN_EDIT]);
$pushable = $repository->isHosted() ? $descriptions[DiffusionPushCapability::CAPABILITY] : phutil_tag('em', array(), pht('Not a Hosted Repository'));
$view->addProperty(pht('Pushable By'), $pushable);
return $this->newBox(pht('Policies'), $view);
}
private function buildPropertyView(PhabricatorDashboardPanel $panel)
{
$viewer = $this->getRequest()->getUser();
$properties = id(new PHUIPropertyListView())->setUser($viewer)->setObject($panel);
$descriptions = PhabricatorPolicyQuery::renderPolicyDescriptions($viewer, $panel);
$panel_type = $panel->getImplementation();
if ($panel_type) {
$type_name = $panel_type->getPanelTypeName();
} else {
$type_name = phutil_tag('em', array(), nonempty($panel->getPanelType(), pht('null')));
}
$properties->addProperty(pht('Panel Type'), $type_name);
$properties->addProperty(pht('Editable By'), $descriptions[PhabricatorPolicyCapability::CAN_EDIT]);
$dashboard_phids = PhabricatorEdgeQuery::loadDestinationPHIDs($panel->getPHID(), PhabricatorDashboardPanelHasDashboardEdgeType::EDGECONST);
$does_not_appear = pht('This panel does not appear on any dashboards.');
$properties->addProperty(pht('Appears On'), $dashboard_phids ? $viewer->renderHandleList($dashboard_phids) : phutil_tag('em', array(), $does_not_appear));
return $properties;
}
private function buildPropertyView(PassphraseCredential $credential, PassphraseCredentialType $type, PhabricatorActionListView $actions)
{
$viewer = $this->getRequest()->getUser();
$properties = id(new PHUIPropertyListView())->setUser($viewer)->setObject($credential)->setActionList($actions);
$properties->addProperty(pht('Credential Type'), $type->getCredentialTypeName());
$descriptions = PhabricatorPolicyQuery::renderPolicyDescriptions($viewer, $credential);
$properties->addProperty(pht('Editable By'), $descriptions[PhabricatorPolicyCapability::CAN_EDIT]);
$properties->addProperty(pht('Username'), $credential->getUsername());
$used_by_phids = PhabricatorEdgeQuery::loadDestinationPHIDs($credential->getPHID(), PhabricatorEdgeConfig::TYPE_CREDENTIAL_USED_BY_OBJECT);
if ($used_by_phids) {
$this->loadHandles($used_by_phids);
$properties->addProperty(pht('Used By'), $this->renderHandlesForPHIDs($used_by_phids));
}
$description = $credential->getDescription();
if (strlen($description)) {
$properties->addSectionHeader(pht('Description'), PHUIPropertyListView::ICON_SUMMARY);
$properties->addTextContent(PhabricatorMarkupEngine::renderOneObject(id(new PhabricatorMarkupOneOff())->setContent($description), 'default', $viewer));
}
return $properties;
}
private function getStrengthInformation(PhabricatorPolicyInterface $object, PhabricatorPolicy $policy, $capability)
{
$viewer = $this->getViewer();
$default_policy = PhabricatorPolicyQuery::getDefaultPolicyForObject($viewer, $object, $capability);
if (!$default_policy) {
return;
}
if ($default_policy->getPHID() == $policy->getPHID()) {
return;
}
if ($default_policy->isStrongerThan($policy)) {
$info = pht('This object has a less restrictive policy ("%s") than the default ' . 'policy for similar objects (which is "%s").', $policy->getShortName(), $default_policy->getShortName());
} else {
if ($policy->isStrongerThan($default_policy)) {
$info = pht('This object has a more restrictive policy ("%s") than the default ' . 'policy for similar objects (which is "%s").', $policy->getShortName(), $default_policy->getShortName());
} else {
$info = pht('This object has a different policy ("%s") than the default policy ' . 'for similar objects (which is "%s").', $policy->getShortName(), $default_policy->getShortName());
}
}
return $info;
}
private function buildPropertyView(PassphraseCredential $credential, PassphraseCredentialType $type, PhabricatorActionListView $actions)
{
$viewer = $this->getRequest()->getUser();
$properties = id(new PHUIPropertyListView())->setUser($viewer)->setObject($credential)->setActionList($actions);
$properties->addProperty(pht('Credential Type'), $type->getCredentialTypeName());
$descriptions = PhabricatorPolicyQuery::renderPolicyDescriptions($viewer, $credential);
$properties->addProperty(pht('Editable By'), $descriptions[PhabricatorPolicyCapability::CAN_EDIT]);
if ($type->shouldRequireUsername()) {
$properties->addProperty(pht('Username'), $credential->getUsername());
}
$used_by_phids = PhabricatorEdgeQuery::loadDestinationPHIDs($credential->getPHID(), PhabricatorCredentialsUsedByObjectEdgeType::EDGECONST);
if ($used_by_phids) {
$properties->addProperty(pht('Used By'), $viewer->renderHandleList($used_by_phids));
}
$properties->invokeWillRenderEvent();
$description = $credential->getDescription();
if (strlen($description)) {
$properties->addSectionHeader(pht('Description'), PHUIPropertyListView::ICON_SUMMARY);
$properties->addTextContent(new PHUIRemarkupView($viewer, $description));
}
return $properties;
}
public static function newFromPolicyAndHandle($policy_identifier, PhabricatorObjectHandle $handle = null)
{
$is_global = PhabricatorPolicyQuery::isGlobalPolicy($policy_identifier);
if ($is_global) {
return PhabricatorPolicyQuery::getGlobalPolicy($policy_identifier);
}
if (!$handle) {
throw new Exception("Policy identifier is an object PHID ('{$policy_identifier}'), but no " . "object handle was provided. A handle must be provided for object " . "policies.");
}
$handle_phid = $handle->getPHID();
if ($policy_identifier != $handle_phid) {
throw new Exception("Policy identifier is an object PHID ('{$policy_identifier}'), but " . "the provided handle has a different PHID ('{$handle_phid}'). The " . "handle must correspond to the policy identifier.");
}
$policy = id(new PhabricatorPolicy())->setPHID($policy_identifier)->setHref($handle->getURI());
$phid_type = phid_get_type($policy_identifier);
switch ($phid_type) {
case PhabricatorProjectProjectPHIDType::TYPECONST:
$policy->setType(PhabricatorPolicyType::TYPE_PROJECT);
$policy->setName($handle->getName());
break;
case PhabricatorPeopleUserPHIDType::TYPECONST:
$policy->setType(PhabricatorPolicyType::TYPE_USER);
$policy->setName($handle->getFullName());
break;
case PhabricatorPolicyPHIDTypePolicy::TYPECONST:
// TODO: This creates a weird handle-based version of a rule policy.
// It behaves correctly, but can't be applied since it doesn't have
// any rules. It is used to render transactions, and might need some
// cleanup.
break;
default:
$policy->setType(PhabricatorPolicyType::TYPE_MASKED);
$policy->setName($handle->getFullName());
break;
}
$policy->makeEphemeral();
return $policy;
}
public function validateOption(PhabricatorConfigOption $option, $value)
{
$capabilities = id(new PhutilSymbolLoader())->setAncestorClass('PhabricatorPolicyCapability')->loadObjects();
$capabilities = mpull($capabilities, null, 'getCapabilityKey');
$policy_phids = array();
foreach ($value as $capability_key => $policy) {
$capability = idx($capabilities, $capability_key);
if (!$capability) {
throw new Exception(pht('Capability "%s" does not exist.', $capability_key));
}
if (phid_get_type($policy) != PhabricatorPHIDConstants::PHID_TYPE_UNKNOWN) {
$policy_phids[$policy] = $policy;
} else {
try {
$policy_object = PhabricatorPolicyQuery::getGlobalPolicy($policy);
// this exception is not helpful here as its about global policy;
// throw a better exception
} catch (Exception $ex) {
throw new Exception(pht('Capability "%s" has invalid policy "%s".', $capability_key, $policy));
}
}
if ($policy == PhabricatorPolicies::POLICY_PUBLIC) {
if (!$capability->shouldAllowPublicPolicySetting()) {
throw new Exception(pht('Capability "%s" does not support public policy.', $capability_key));
}
}
}
if ($policy_phids) {
$handles = id(new PhabricatorHandleQuery())->setViewer(PhabricatorUser::getOmnipotentUser())->withPhids($policy_phids)->execute();
$handles = mpull($handles, null, 'getPHID');
foreach ($value as $capability_key => $policy) {
$handle = $handles[$policy];
if (!$handle->isComplete()) {
throw new Exception(pht('Capability "%s" has invalid policy "%s"; "%s" does not exist.', $capability_key, $policy, $policy));
}
}
}
}
public function processRequest()
{
$request = $this->getRequest();
$viewer = $request->getUser();
$phid = $this->phid;
$capability = $this->capability;
$object = id(new PhabricatorObjectQuery())->setViewer($viewer)->withPHIDs(array($phid))->executeOne();
if (!$object) {
return new Aphront404Response();
}
$policies = PhabricatorPolicyQuery::loadPolicies($viewer, $object);
$policy = idx($policies, $capability);
if (!$policy) {
return new Aphront404Response();
}
$handle = id(new PhabricatorHandleQuery())->setViewer($viewer)->withPHIDs(array($phid))->executeOne();
$object_uri = nonempty($handle->getURI(), '/');
$explanation = PhabricatorPolicy::getPolicyExplanation($viewer, $policy->getPHID());
$auto_info = (array) $object->describeAutomaticCapability($capability);
$auto_info = array_merge(array($explanation), $auto_info);
$auto_info = array_filter($auto_info);
foreach ($auto_info as $key => $info) {
$auto_info[$key] = phutil_tag('li', array(), $info);
}
if ($auto_info) {
$auto_info = phutil_tag('ul', array(), $auto_info);
}
$capability_name = $capability;
$capobj = PhabricatorPolicyCapability::getCapabilityByKey($capability);
if ($capobj) {
$capability_name = $capobj->getCapabilityName();
}
$content = array(pht('Users with the "%s" capability:', $capability_name), $auto_info);
$object_name = pht('%s %s', $handle->getTypeName(), $handle->getObjectName());
$dialog = id(new AphrontDialogView())->setUser($viewer)->setClass('aphront-access-dialog')->setTitle(pht('Policy Details: %s', $object_name))->appendChild($content)->addCancelButton($object_uri, pht('Done'));
return id(new AphrontDialogResponse())->setDialog($dialog);
}
public function execute(PhutilArgumentParser $args)
{
$console = PhutilConsole::getConsole();
$viewer = $this->getViewer();
$obj_names = $args->getArg('objects');
if (!$obj_names) {
throw new PhutilArgumentUsageException(pht('Specify the name of an object to show policy information for.'));
} else {
if (count($obj_names) > 1) {
throw new PhutilArgumentUsageException(pht('Specify the name of exactly one object to show policy information ' . 'for.'));
}
}
$object = id(new PhabricatorObjectQuery())->setViewer($viewer)->withNames($obj_names)->executeOne();
if (!$object) {
$name = head($obj_names);
throw new PhutilArgumentUsageException(pht("No such object '%s'!", $name));
}
$handle = id(new PhabricatorHandleQuery())->setViewer($viewer)->withPHIDs(array($object->getPHID()))->executeOne();
$policies = PhabricatorPolicyQuery::loadPolicies($viewer, $object);
$console->writeOut("__%s__\n\n", pht('OBJECT'));
$console->writeOut(" %s\n", $handle->getFullName());
$console->writeOut("\n");
$console->writeOut("__%s__\n\n", pht('CAPABILITIES'));
foreach ($policies as $capability => $policy) {
$console->writeOut(" **%s**\n", $capability);
$console->writeOut(" %s\n", $policy->renderDescription());
$console->writeOut(" %s\n", PhabricatorPolicy::getPolicyExplanation($viewer, $policy->getPHID()));
$console->writeOut("\n");
$more = (array) $object->describeAutomaticCapability($capability);
if ($more) {
foreach ($more as $line) {
$console->writeOut(" %s\n", $line);
}
$console->writeOut("\n");
}
}
}
private function buildPropertyView(PhabricatorApplication $application, PhabricatorActionListView $actions)
{
$viewer = $this->getRequest()->getUser();
$properties = id(new PHUIPropertyListView());
$properties->setActionList($actions);
$properties->addProperty(pht('Description'), $application->getShortDescription());
if ($application->getFlavorText()) {
$properties->addProperty(null, phutil_tag('em', array(), $application->getFlavorText()));
}
if ($application->isBeta()) {
$properties->addProperty(pht('Release'), pht('Beta'));
}
$overview = $application->getOverview();
if ($overview) {
$properties->addSectionHeader(pht('Overview'), PHUIPropertyListView::ICON_SUMMARY);
$properties->addTextContent(PhabricatorMarkupEngine::renderOneObject(id(new PhabricatorMarkupOneOff())->setContent($overview), 'default', $viewer));
}
$descriptions = PhabricatorPolicyQuery::renderPolicyDescriptions($viewer, $application);
$properties->addSectionHeader(pht('Policies'));
foreach ($application->getCapabilities() as $capability) {
$properties->addProperty($application->getCapabilityLabel($capability), idx($descriptions, $capability));
}
return $properties;
}
private function buildPropertyListView(PhabricatorProject $project, PhabricatorActionListView $actions)
{
$request = $this->getRequest();
$viewer = $request->getUser();
$view = id(new PHUIPropertyListView())->setUser($viewer)->setObject($project)->setActionList($actions);
$hashtags = array();
foreach ($project->getSlugs() as $slug) {
$hashtags[] = id(new PHUITagView())->setType(PHUITagView::TYPE_OBJECT)->setName('#' . $slug->getSlug());
}
$view->addProperty(pht('Hashtags'), phutil_implode_html(' ', $hashtags));
$view->addProperty(pht('Members'), $project->getMemberPHIDs() ? $viewer->renderHandleList($project->getMemberPHIDs())->setAsInline(true) : phutil_tag('em', array(), pht('None')));
$view->addProperty(pht('Watchers'), $project->getWatcherPHIDs() ? $viewer->renderHandleList($project->getWatcherPHIDs())->setAsInline(true) : phutil_tag('em', array(), pht('None')));
$descriptions = PhabricatorPolicyQuery::renderPolicyDescriptions($viewer, $project);
$view->addProperty(pht('Looks Like'), $viewer->renderHandle($project->getPHID())->setAsTag(true));
$view->addProperty(pht('Joinable By'), $descriptions[PhabricatorPolicyCapability::CAN_JOIN]);
$field_list = PhabricatorCustomField::getObjectFields($project, PhabricatorCustomField::ROLE_VIEW);
$field_list->appendFieldsToPropertyList($project, $viewer, $view);
return $view;
}
private function loadObjectPolicies(array $map)
{
$viewer = $this->viewer;
$viewer_phid = $viewer->getPHID();
$rules = PhabricatorPolicyQuery::getObjectPolicyRules(null);
$results = array();
foreach ($map as $key => $object_list) {
$rule = idx($rules, $key);
if (!$rule) {
continue;
}
foreach ($object_list as $object_key => $object) {
if (!$rule->canApplyToObject($object)) {
unset($object_list[$object_key]);
}
}
$rule->willApplyRules($viewer, array(), $object_list);
$results[$key] = $rule;
}
$this->objectPolicies[$viewer_phid] = $results;
}
private function renderPolicyProperty(PhabricatorPolicyInterface $object)
{
$viewer = $this->getUser();
$policies = PhabricatorPolicyQuery::loadPolicies($viewer, $object);
$view_capability = PhabricatorPolicyCapability::CAN_VIEW;
$policy = idx($policies, $view_capability);
if (!$policy) {
return null;
}
// If an object is in a Space with a strictly stronger (more restrictive)
// policy, we show the more restrictive policy. This better aligns the
// UI hint with the actual behavior.
// NOTE: We'll do this even if the viewer has access to only one space, and
// show them information about the existence of spaces if they click
// through.
$use_space_policy = false;
if ($object instanceof PhabricatorSpacesInterface) {
$space_phid = PhabricatorSpacesNamespaceQuery::getObjectSpacePHID($object);
$spaces = PhabricatorSpacesNamespaceQuery::getViewerSpaces($viewer);
$space = idx($spaces, $space_phid);
if ($space) {
$space_policies = PhabricatorPolicyQuery::loadPolicies($viewer, $space);
$space_policy = idx($space_policies, $view_capability);
if ($space_policy) {
if ($space_policy->isStrongerThan($policy)) {
$policy = $space_policy;
$use_space_policy = true;
}
}
}
}
$container_classes = array();
$container_classes[] = 'policy-header-callout';
$phid = $object->getPHID();
// If we're going to show the object policy, try to determine if the object
// policy differs from the default policy. If it does, we'll call it out
// as changed.
if (!$use_space_policy) {
$default_policy = PhabricatorPolicyQuery::getDefaultPolicyForObject($viewer, $object, $view_capability);
if ($default_policy) {
if ($default_policy->getPHID() != $policy->getPHID()) {
$container_classes[] = 'policy-adjusted';
if ($default_policy->isStrongerThan($policy)) {
// The policy has strictly been weakened. For example, the
// default might be "All Users" and the current policy is "Public".
$container_classes[] = 'policy-adjusted-weaker';
} else {
if ($policy->isStrongerThan($default_policy)) {
// The policy has strictly been strengthened, and is now more
// restrictive than the default. For example, "All Users" has
// been replaced with "No One".
$container_classes[] = 'policy-adjusted-stronger';
} else {
// The policy has been adjusted but not strictly strengthened
// or weakened. For example, "Members of X" has been replaced with
// "Members of Y".
$container_classes[] = 'policy-adjusted-different';
}
}
}
}
}
$icon = id(new PHUIIconView())->setIcon($policy->getIcon() . ' bluegrey');
$link = javelin_tag('a', array('class' => 'policy-link', 'href' => '/policy/explain/' . $phid . '/' . $view_capability . '/', 'sigil' => 'workflow'), $policy->getShortName());
return phutil_tag('span', array('class' => implode(' ', $container_classes)), array($icon, $link));
}
public function getRequiredHandlePHIDs()
{
$phids = array();
$old = $this->getOldValue();
$new = $this->getNewValue();
$phids[] = array($this->getAuthorPHID());
$phids[] = array($this->getObjectPHID());
switch ($this->getTransactionType()) {
case PhabricatorTransactions::TYPE_CUSTOMFIELD:
$field = $this->getTransactionCustomField();
if ($field) {
$phids[] = $field->getApplicationTransactionRequiredHandlePHIDs($this);
}
break;
case PhabricatorTransactions::TYPE_SUBSCRIBERS:
$phids[] = $old;
$phids[] = $new;
break;
case PhabricatorTransactions::TYPE_EDGE:
$phids[] = ipull($old, 'dst');
$phids[] = ipull($new, 'dst');
break;
case PhabricatorTransactions::TYPE_COLUMNS:
foreach ($new as $move) {
$phids[] = array($move['columnPHID'], $move['boardPHID']);
$phids[] = $move['fromColumnPHIDs'];
}
break;
case PhabricatorTransactions::TYPE_EDIT_POLICY:
case PhabricatorTransactions::TYPE_VIEW_POLICY:
case PhabricatorTransactions::TYPE_JOIN_POLICY:
if (!PhabricatorPolicyQuery::isSpecialPolicy($old)) {
$phids[] = array($old);
}
if (!PhabricatorPolicyQuery::isSpecialPolicy($new)) {
$phids[] = array($new);
}
break;
case PhabricatorTransactions::TYPE_SPACE:
if ($old) {
$phids[] = array($old);
}
if ($new) {
$phids[] = array($new);
}
break;
case PhabricatorTransactions::TYPE_TOKEN:
break;
case PhabricatorTransactions::TYPE_BUILDABLE:
$phid = $this->getMetadataValue('harbormaster:buildablePHID');
if ($phid) {
$phids[] = array($phid);
}
break;
}
if ($this->getComment()) {
$phids[] = array($this->getComment()->getAuthorPHID());
}
return array_mergev($phids);
}
public function handleRequest(AphrontRequest $request)
{
$user = $request->getUser();
$application = $request->getURIData('application');
$application = id(new PhabricatorApplicationQuery())->setViewer($user)->withClasses(array($application))->requireCapabilities(array(PhabricatorPolicyCapability::CAN_VIEW, PhabricatorPolicyCapability::CAN_EDIT))->executeOne();
if (!$application) {
return new Aphront404Response();
}
$title = $application->getName();
$view_uri = $this->getApplicationURI('view/' . get_class($application) . '/');
$policies = id(new PhabricatorPolicyQuery())->setViewer($user)->setObject($application)->execute();
if ($request->isFormPost()) {
$result = array();
foreach ($application->getCapabilities() as $capability) {
$old = $application->getPolicy($capability);
$new = $request->getStr('policy:' . $capability);
if ($old == $new) {
// No change to the setting.
continue;
}
if (empty($policies[$new])) {
// Not a standard policy, check for a custom policy.
$policy = id(new PhabricatorPolicyQuery())->setViewer($user)->withPHIDs(array($new))->executeOne();
if (!$policy) {
// Not a custom policy either. Can't set the policy to something
// invalid, so skip this.
continue;
}
}
if ($new == PhabricatorPolicies::POLICY_PUBLIC) {
$capobj = PhabricatorPolicyCapability::getCapabilityByKey($capability);
if (!$capobj || !$capobj->shouldAllowPublicPolicySetting()) {
// Can't set non-public policies to public.
continue;
}
}
$result[$capability] = $new;
}
if ($result) {
$key = 'phabricator.application-settings';
$config_entry = PhabricatorConfigEntry::loadConfigEntry($key);
$value = $config_entry->getValue();
$phid = $application->getPHID();
if (empty($value[$phid])) {
$value[$application->getPHID()] = array();
}
if (empty($value[$phid]['policy'])) {
$value[$phid]['policy'] = array();
}
$value[$phid]['policy'] = $result + $value[$phid]['policy'];
// Don't allow users to make policy edits which would lock them out of
// applications, since they would be unable to undo those actions.
PhabricatorEnv::overrideConfig($key, $value);
PhabricatorPolicyFilter::mustRetainCapability($user, $application, PhabricatorPolicyCapability::CAN_VIEW);
PhabricatorPolicyFilter::mustRetainCapability($user, $application, PhabricatorPolicyCapability::CAN_EDIT);
PhabricatorConfigEditor::storeNewValue($user, $config_entry, $value, PhabricatorContentSource::newFromRequest($request));
}
return id(new AphrontRedirectResponse())->setURI($view_uri);
}
$descriptions = PhabricatorPolicyQuery::renderPolicyDescriptions($user, $application);
$form = id(new AphrontFormView())->setUser($user);
$locked_policies = PhabricatorEnv::getEnvConfig('policy.locked');
foreach ($application->getCapabilities() as $capability) {
$label = $application->getCapabilityLabel($capability);
$can_edit = $application->isCapabilityEditable($capability);
$locked = idx($locked_policies, $capability);
$caption = $application->getCapabilityCaption($capability);
if (!$can_edit || $locked) {
$form->appendChild(id(new AphrontFormStaticControl())->setLabel($label)->setValue(idx($descriptions, $capability))->setCaption($caption));
} else {
$control = id(new AphrontFormPolicyControl())->setUser($user)->setDisabled($locked)->setCapability($capability)->setPolicyObject($application)->setPolicies($policies)->setLabel($label)->setName('policy:' . $capability)->setCaption($caption);
$template = $application->getCapabilityTemplatePHIDType($capability);
if ($template) {
$phid_types = PhabricatorPHIDType::getAllTypes();
$phid_type = idx($phid_types, $template);
if ($phid_type) {
$template_object = $phid_type->newObject();
if ($template_object) {
$template_policies = id(new PhabricatorPolicyQuery())->setViewer($user)->setObject($template_object)->execute();
// NOTE: We want to expose both any object template policies
// (like "Subscribers") and any custom policy.
$all_policies = $template_policies + $policies;
$control->setPolicies($all_policies);
$control->setTemplateObject($template_object);
}
}
$control->setTemplatePHIDType($template);
}
$form->appendControl($control);
}
}
$form->appendChild(id(new AphrontFormSubmitControl())->setValue(pht('Save Policies'))->addCancelButton($view_uri));
$crumbs = $this->buildApplicationCrumbs();
$crumbs->addTextCrumb($application->getName(), $view_uri);
$crumbs->addTextCrumb(pht('Edit Policies'));
$header = id(new PHUIHeaderView())->setHeader(pht('Edit Policies: %s', $application->getName()));
$object_box = id(new PHUIObjectBoxView())->setHeader($header)->setForm($form);
return $this->buildApplicationPage(array($crumbs, $object_box), array('title' => $title));
}
