public static function newFromPolicyAndHandle($policy_identifier, PhabricatorObjectHandle $handle = null)
{
$is_global = PhabricatorPolicyQuery::isGlobalPolicy($policy_identifier);
if ($is_global) {
return PhabricatorPolicyQuery::getGlobalPolicy($policy_identifier);
}
$policy = PhabricatorPolicyQuery::getObjectPolicy($policy_identifier);
if ($policy) {
return $policy;
}
if (!$handle) {
throw new Exception(pht("Policy identifier is an object PHID ('%s'), but no object handle " . "was provided. A handle must be provided for object policies.", $policy_identifier));
}
$handle_phid = $handle->getPHID();
if ($policy_identifier != $handle_phid) {
throw new Exception(pht("Policy identifier is an object PHID ('%s'), but the provided " . "handle has a different PHID ('%s'). The handle must correspond " . "to the policy identifier.", $policy_identifier, $handle_phid));
}
$policy = id(new PhabricatorPolicy())->setPHID($policy_identifier)->setHref($handle->getURI());
$phid_type = phid_get_type($policy_identifier);
switch ($phid_type) {
case PhabricatorProjectProjectPHIDType::TYPECONST:
$policy->setType(PhabricatorPolicyType::TYPE_PROJECT);
$policy->setName($handle->getName());
break;
case PhabricatorPeopleUserPHIDType::TYPECONST:
$policy->setType(PhabricatorPolicyType::TYPE_USER);
$policy->setName($handle->getFullName());
break;
case PhabricatorPolicyPHIDTypePolicy::TYPECONST:
// TODO: This creates a weird handle-based version of a rule policy.
// It behaves correctly, but can't be applied since it doesn't have
// any rules. It is used to render transactions, and might need some
// cleanup.
break;
default:
$policy->setType(PhabricatorPolicyType::TYPE_MASKED);
$policy->setName($handle->getFullName());
break;
}
$policy->makeEphemeral();
return $policy;
}
public function validateOption(PhabricatorConfigOption $option, $value)
{
$capabilities = id(new PhutilSymbolLoader())->setAncestorClass('PhabricatorPolicyCapability')->loadObjects();
$capabilities = mpull($capabilities, null, 'getCapabilityKey');
$policy_phids = array();
foreach ($value as $capability_key => $policy) {
$capability = idx($capabilities, $capability_key);
if (!$capability) {
throw new Exception(pht('Capability "%s" does not exist.', $capability_key));
}
if (phid_get_type($policy) != PhabricatorPHIDConstants::PHID_TYPE_UNKNOWN) {
$policy_phids[$policy] = $policy;
} else {
try {
$policy_object = PhabricatorPolicyQuery::getGlobalPolicy($policy);
// this exception is not helpful here as its about global policy;
// throw a better exception
} catch (Exception $ex) {
throw new Exception(pht('Capability "%s" has invalid policy "%s".', $capability_key, $policy));
}
}
if ($policy == PhabricatorPolicies::POLICY_PUBLIC) {
if (!$capability->shouldAllowPublicPolicySetting()) {
throw new Exception(pht('Capability "%s" does not support public policy.', $capability_key));
}
}
}
if ($policy_phids) {
$handles = id(new PhabricatorHandleQuery())->setViewer(PhabricatorUser::getOmnipotentUser())->withPhids($policy_phids)->execute();
$handles = mpull($handles, null, 'getPHID');
foreach ($value as $capability_key => $policy) {
$handle = $handles[$policy];
if (!$handle->isComplete()) {
throw new Exception(pht('Capability "%s" has invalid policy "%s"; "%s" does not exist.', $capability_key, $policy, $policy));
}
}
}
}
public function testPolicyStrength()
{
$public = PhabricatorPolicyQuery::getGlobalPolicy(PhabricatorPolicies::POLICY_PUBLIC);
$user = PhabricatorPolicyQuery::getGlobalPolicy(PhabricatorPolicies::POLICY_USER);
$admin = PhabricatorPolicyQuery::getGlobalPolicy(PhabricatorPolicies::POLICY_ADMIN);
$noone = PhabricatorPolicyQuery::getGlobalPolicy(PhabricatorPolicies::POLICY_NOONE);
$this->assertFalse($public->isStrongerThan($public));
$this->assertFalse($public->isStrongerThan($user));
$this->assertFalse($public->isStrongerThan($admin));
$this->assertFalse($public->isStrongerThan($noone));
$this->assertTrue($user->isStrongerThan($public));
$this->assertFalse($user->isStrongerThan($user));
$this->assertFalse($user->isStrongerThan($admin));
$this->assertFalse($user->isStrongerThan($noone));
$this->assertTrue($admin->isStrongerThan($public));
$this->assertTrue($admin->isStrongerThan($user));
$this->assertFalse($admin->isStrongerThan($admin));
$this->assertFalse($admin->isStrongerThan($noone));
$this->assertTrue($noone->isStrongerThan($public));
$this->assertTrue($noone->isStrongerThan($user));
$this->assertTrue($noone->isStrongerThan($admin));
$this->assertFalse($admin->isStrongerThan($noone));
}
