recaptime.dev
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.)
hq.recaptime.dev/wiki/Phorge
phorge
phabricator
Add Drydock default edit/view policies and a "Create Blueprint" policy
Summary: Ref T2015. Allow configuration of default edit/view policies for blueprints. Add create policy. Remove administrative exception in policies.
Test Plan: Configured these settings and created (or, with a restrictive create setting, tried to create) blueprints.
Reviewers: btrahan
Reviewed By: btrahan
CC: aran
Maniphest Tasks: T2015
Differential Revision: https://secure.phabricator.com/D7921
+98
-12
+6
src/__phutil_library_map__.php
+6
src/__phutil_library_map__.php
···
653
653
'DrydockBlueprintScopeGuard' => 'applications/drydock/util/DrydockBlueprintScopeGuard.php',
654
654
'DrydockBlueprintSearchEngine' => 'applications/drydock/query/DrydockBlueprintSearchEngine.php',
655
655
'DrydockBlueprintViewController' => 'applications/drydock/controller/DrydockBlueprintViewController.php',
656
+
'DrydockCapabilityCreateBlueprints' => 'applications/drydock/capability/DrydockCapabilityCreateBlueprints.php',
657
+
'DrydockCapabilityDefaultEdit' => 'applications/drydock/capability/DrydockCapabilityDefaultEdit.php',
658
+
'DrydockCapabilityDefaultView' => 'applications/drydock/capability/DrydockCapabilityDefaultView.php',
656
659
'DrydockCommandInterface' => 'applications/drydock/interface/command/DrydockCommandInterface.php',
657
660
'DrydockConsoleController' => 'applications/drydock/controller/DrydockConsoleController.php',
658
661
'DrydockConstants' => 'applications/drydock/constants/DrydockConstants.php',
···
3080
3083
'DrydockBlueprintQuery' => 'DrydockQuery',
3081
3084
'DrydockBlueprintSearchEngine' => 'PhabricatorApplicationSearchEngine',
3082
3085
'DrydockBlueprintViewController' => 'DrydockBlueprintController',
3086
+
'DrydockCapabilityCreateBlueprints' => 'PhabricatorPolicyCapability',
3087
+
'DrydockCapabilityDefaultEdit' => 'PhabricatorPolicyCapability',
3088
+
'DrydockCapabilityDefaultView' => 'PhabricatorPolicyCapability',
3083
3089
'DrydockCommandInterface' => 'DrydockInterface',
3084
3090
'DrydockConsoleController' => 'DrydockController',
3085
3091
'DrydockController' => 'PhabricatorController',
+15
-1
src/applications/drydock/application/PhabricatorApplicationDrydock.php
+15
-1
src/applications/drydock/application/PhabricatorApplicationDrydock.php
···
7
7
}
8
8
9
9
public function getShortDescription() {
10
-
return 'Allocate Software Resources';
10
+
return pht('Allocate Software Resources');
11
11
}
12
12
13
13
public function getIconName() {
···
56
56
),
57
57
);
58
58
}
59
+
60
+
protected function getCustomCapabilities() {
61
+
return array(
62
+
DrydockCapabilityDefaultView::CAPABILITY => array(
63
+
),
64
+
DrydockCapabilityDefaultEdit::CAPABILITY => array(
65
+
'default' => PhabricatorPolicies::POLICY_ADMIN,
66
+
),
67
+
DrydockCapabilityCreateBlueprints::CAPABILITY => array(
68
+
'default' => PhabricatorPolicies::POLICY_ADMIN,
69
+
),
70
+
);
71
+
}
72
+
59
73
60
74
}
+20
src/applications/drydock/capability/DrydockCapabilityCreateBlueprints.php
+20
src/applications/drydock/capability/DrydockCapabilityCreateBlueprints.php
···
1
+
<?php
2
+
3
+
final class DrydockCapabilityCreateBlueprints
4
+
extends PhabricatorPolicyCapability {
5
+
6
+
const CAPABILITY = 'drydock.blueprint.create';
7
+
8
+
public function getCapabilityKey() {
9
+
return self::CAPABILITY;
10
+
}
11
+
12
+
public function getCapabilityName() {
13
+
return pht('Can Create Blueprints');
14
+
}
15
+
16
+
public function describeCapabilityRejection() {
17
+
return pht('You do not have permission to create Drydock blueprints.');
18
+
}
19
+
20
+
}
+16
src/applications/drydock/capability/DrydockCapabilityDefaultEdit.php
+16
src/applications/drydock/capability/DrydockCapabilityDefaultEdit.php
···
1
+
<?php
2
+
3
+
final class DrydockCapabilityDefaultEdit
4
+
extends PhabricatorPolicyCapability {
5
+
6
+
const CAPABILITY = 'drydock.default.edit';
7
+
8
+
public function getCapabilityKey() {
9
+
return self::CAPABILITY;
10
+
}
11
+
12
+
public function getCapabilityName() {
13
+
return pht('Default Blueprint Edit Policy');
14
+
}
15
+
16
+
}
+16
src/applications/drydock/capability/DrydockCapabilityDefaultView.php
+16
src/applications/drydock/capability/DrydockCapabilityDefaultView.php
···
1
+
<?php
2
+
3
+
final class DrydockCapabilityDefaultView
4
+
extends PhabricatorPolicyCapability {
5
+
6
+
const CAPABILITY = 'drydock.default.view';
7
+
8
+
public function getCapabilityKey() {
9
+
return self::CAPABILITY;
10
+
}
11
+
12
+
public function getCapabilityName() {
13
+
return pht('Default Blueprint View Policy');
14
+
}
15
+
16
+
}
+3
src/applications/drydock/controller/DrydockBlueprintCreateController.php
+3
src/applications/drydock/controller/DrydockBlueprintCreateController.php
+3
src/applications/drydock/controller/DrydockBlueprintEditController.php
+3
src/applications/drydock/controller/DrydockBlueprintEditController.php
···
29
29
$impl = $blueprint->getImplementation();
30
30
$cancel_uri = $this->getApplicationURI('blueprint/'.$this->id.'/');
31
31
} else {
32
+
$this->requireApplicationCapability(
33
+
DrydockCapabilityCreateBlueprints::CAPABILITY);
34
+
32
35
$class = $request->getStr('class');
33
36
34
37
$impl = DrydockBlueprintImplementation::getNamedImplementation($class);
+5
src/applications/drydock/controller/DrydockBlueprintListController.php
+5
src/applications/drydock/controller/DrydockBlueprintListController.php
···
50
50
}
51
51
52
52
public function buildApplicationCrumbs() {
53
+
$can_create = $this->hasApplicationCapability(
54
+
DrydockCapabilityCreateBlueprints::CAPABILITY);
55
+
53
56
$crumbs = parent::buildApplicationCrumbs();
54
57
$crumbs->addAction(
55
58
id(new PHUIListItemView())
56
59
->setName(pht('New Blueprint'))
57
60
->setHref($this->getApplicationURI('/blueprint/create/'))
61
+
->setDisabled(!$can_create)
62
+
->setWorkflow(!$can_create)
58
63
->setIcon('create'));
59
64
return $crumbs;
60
65
}
+14
-11
src/applications/drydock/storage/DrydockBlueprint.php
+14
-11
src/applications/drydock/storage/DrydockBlueprint.php
···
12
12
private $implementation = self::ATTACHABLE;
13
13
14
14
public static function initializeNewBlueprint(PhabricatorUser $actor) {
15
+
$app = id(new PhabricatorApplicationQuery())
16
+
->setViewer($actor)
17
+
->withClasses(array('PhabricatorApplicationDrydock'))
18
+
->executeOne();
19
+
20
+
$view_policy = $app->getPolicy(
21
+
DrydockCapabilityDefaultView::CAPABILITY);
22
+
$edit_policy = $app->getPolicy(
23
+
DrydockCapabilityDefaultEdit::CAPABILITY);
24
+
15
25
return id(new DrydockBlueprint())
26
+
->setViewPolicy($view_policy)
27
+
->setEditPolicy($edit_policy)
16
28
->setBlueprintName('');
17
29
}
18
30
···
67
79
}
68
80
69
81
public function hasAutomaticCapability($capability, PhabricatorUser $viewer) {
70
-
switch ($capability) {
71
-
case PhabricatorPolicyCapability::CAN_VIEW:
72
-
case PhabricatorPolicyCapability::CAN_EDIT:
73
-
return $viewer->getIsAdmin();
74
-
}
82
+
return false;
75
83
}
76
84
77
85
public function describeAutomaticCapability($capability) {
78
-
switch ($capability) {
79
-
case PhabricatorPolicyCapability::CAN_VIEW:
80
-
return pht('Administrators can always view blueprints.');
81
-
case PhabricatorPolicyCapability::CAN_EDIT:
82
-
return pht('Administrators can always edit blueprints.');
83
-
}
86
+
return null;
84
87
}
85
88
}