CoCalc -- PassphraseCredentialConduitController.php

GitHub Repository: freebsd/phabricator
Path: blob/master/src/applications/passphrase/controller/PassphraseCredentialConduitController.php
¹²²⁶² views
1
<?php
2

3
final class PassphraseCredentialConduitController
4
  extends PassphraseController {
5

6
  public function handleRequest(AphrontRequest $request) {
7
    $viewer = $request->getViewer();
8
    $id = $request->getURIData('id');
9

10
    $credential = id(new PassphraseCredentialQuery())
11
      ->setViewer($viewer)
12
      ->withIDs(array($id))
13
      ->requireCapabilities(
14
        array(
15
          PhabricatorPolicyCapability::CAN_VIEW,
16
          PhabricatorPolicyCapability::CAN_EDIT,
17
        ))
18
      ->executeOne();
19
    if (!$credential) {
20
      return new Aphront404Response();
21
    }
22

23
    $view_uri = '/K'.$credential->getID();
24

25
    $token = id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession(
26
      $viewer,
27
      $request,
28
      $view_uri);
29

30
    $type = PassphraseCredentialType::getTypeByConstant(
31
      $credential->getCredentialType());
32
    if (!$type) {
33
      throw new Exception(pht('Credential has invalid type "%s"!', $type));
34
    }
35

36
    $is_locked = $credential->getIsLocked();
37

38
    if ($is_locked) {
39
      return $this->newDialog()
40
        ->setUser($viewer)
41
        ->setTitle(pht('Credential Locked'))
42
        ->appendChild(
43
          pht(
44
            'This credential can not be made available via Conduit because '.
45
            'it is locked.'))
46
        ->addCancelButton($view_uri);
47
    }
48

49
    if ($request->isFormPost()) {
50
      $xactions = array();
51

52
      $xactions[] = id(new PassphraseCredentialTransaction())
53
        ->setTransactionType(
54
          PassphraseCredentialConduitTransaction::TRANSACTIONTYPE)
55
        ->setNewValue(!$credential->getAllowConduit());
56

57
      $editor = id(new PassphraseCredentialTransactionEditor())
58
        ->setActor($viewer)
59
        ->setContinueOnMissingFields(true)
60
        ->setContentSourceFromRequest($request)
61
        ->applyTransactions($credential, $xactions);
62

63
      return id(new AphrontRedirectResponse())->setURI($view_uri);
64
    }
65

66
    if ($credential->getAllowConduit()) {
67
      return $this->newDialog()
68
        ->setTitle(pht('Prevent Conduit access?'))
69
        ->appendChild(
70
          pht(
71
            'This credential and its secret will no longer be able '.
72
            'to be retrieved using the `%s` method in Conduit.',
73
            'passphrase.query'))
74
        ->addSubmitButton(pht('Prevent Conduit Access'))
75
        ->addCancelButton($view_uri);
76
    } else {
77
      return $this->newDialog()
78
        ->setTitle(pht('Allow Conduit access?'))
79
        ->appendChild(
80
          pht(
81
            'This credential will be able to be retrieved via the Conduit '.
82
            'API by users who have access to this credential. You should '.
83
            'only enable this for credentials which need to be accessed '.
84
            'programmatically (such as from build agents).'))
85
        ->addSubmitButton(pht('Allow Conduit Access'))
86
        ->addCancelButton($view_uri);
87
    }
88
  }
89

90
}
91

92
Product

Resources

Company
