Page MenuHomePhorge
Files F3493464

PhortuneExternalController.php
No OneTemporary
Actions

PhortuneExternalController.php
View Options

<?php
abstract class PhortuneExternalController
extends PhortuneController {
private $email;
final public function shouldAllowPublic() {
return true;
}
abstract protected function handleExternalRequest(AphrontRequest $request);
final protected function hasAccountEmail() {
return (bool)$this->email;
}
final protected function getAccountEmail() {
return $this->email;
}
final protected function getExternalViewer() {
return PhabricatorUser::getOmnipotentUser();
}
final public function handleRequest(AphrontRequest $request) {
$address_key = $request->getURIData('addressKey');
$access_key = $request->getURIData('accessKey');
$viewer = $this->getViewer();
$xviewer = $this->getExternalViewer();
$email = id(new PhortuneAccountEmailQuery())
->setViewer($xviewer)
->withAddressKeys(array($address_key))
->executeOne();
if (!$email) {
return new Aphront404Response();
}
$account = $email->getAccount();
$can_see = PhabricatorPolicyFilter::hasCapability(
$viewer,
$account,
PhabricatorPolicyCapability::CAN_EDIT);
$email_display = phutil_tag('strong', array(), $email->getAddress());
$user_display = phutil_tag('strong', array(), $viewer->getUsername());
$actual_key = $email->getAccessKey();
if (!phutil_hashes_are_identical($access_key, $actual_key)) {
$dialog = $this->newDialog()
->setTitle(pht('Email Access Link Out of Date'))
->appendParagraph(
pht(
'You are trying to access this payment account as: %s',
$email_display))
->appendParagraph(
pht(
'The access link you have followed is out of date and no longer '.
'works.'));
if ($can_see) {
$dialog->appendParagraph(
pht(
'You are currently logged in as a user (%s) who has '.
'permission to manage the payment account, so you can '.
'continue to the updated link.',
$user_display));
$dialog->addCancelButton(
$email->getExternalURI(),
pht('Continue to Updated Link'));
} else {
$dialog->appendParagraph(
pht(
'To access information about this payment account, follow '.
'a more recent link or ask a user with access to give you '.
'an updated link.'));
}
return $dialog;
}
// TODO: Test that status is good.
$this->email = $email;
return $this->handleExternalRequest($request);
}
final protected function newExternalCrumbs() {
$viewer = $this->getViewer();
$crumbs = new PHUICrumbsView();
if ($this->hasAccountEmail()) {
$email = $this->getAccountEmail();
$account = $email->getAccount();
$crumb_name = pht(
'Payment Account: %s',
$account->getName());
$crumb = id(new PHUICrumbView())
->setIcon('fa-diamond')
->setName($crumb_name);
$can_see = PhabricatorPolicyFilter::hasCapability(
$viewer,
$account,
PhabricatorPolicyCapability::CAN_VIEW);
if ($can_see) {
$crumb->setHref($account->getURI());
}
$crumbs
->addCrumb($crumb)
->addTextCrumb(pht('Viewing As "%s"', $email->getAddress()));
} else {
$crumb = id(new PHUICrumbView())
->setIcon('fa-diamond')
->setText(pht('External Account View'));
$crumbs->addCrumb($crumb);
}
return $crumbs;
}
final protected function newExternalView() {
$email = $this->getAccountEmail();
$messages = array();
$messages[] = pht(
'You are viewing this payment account as: %s',
phutil_tag('strong', array(), $email->getAddress()));
$messages[] = pht(
'Anyone who has a link to this page can view order history for '.
'this payment account.');
return id(new PHUIInfoView())
->setSeverity(PHUIInfoView::SEVERITY_WARNING)
->setErrors($messages);
}
}

File Metadata

Mime Type
text/x-php
Expires
Thu, Apr 17, 06:42 (13 h, 27 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
1294766
Default Alt Text
PhortuneExternalController.php (3 KB)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike 4.0 (CC-BY-SA) unless otherwise noted; code licensed under Apache 2.0 or other open source licenses. · CC BY-SA 4.0 · Apache 2.0