src/applications/phortune/controller/external/PhortuneExternalController.php

   1 <?php
   2
   3 abstract class PhortuneExternalController
   4   extends PhortuneController {
   5
   6   private $email;
   7
   8   final public function shouldAllowPublic() {
   9     return true;
  10   }
  11
  12   abstract protected function handleExternalRequest(AphrontRequest $request);
  13
  14   final protected function hasAccountEmail() {
  15     return (bool)$this->email;
  16   }
  17
  18   final protected function getAccountEmail() {
  19     return $this->email;
  20   }
  21
  22   final protected function getExternalViewer() {
  23     return PhabricatorUser::getOmnipotentUser();
  24   }
  25
  26   final public function handleRequest(AphrontRequest $request) {
  27     $address_key = $request->getURIData('addressKey');
  28     $access_key = $request->getURIData('accessKey');
  29
  30     $viewer = $this->getViewer();
  31     $xviewer = $this->getExternalViewer();
  32
  33     $email = id(new PhortuneAccountEmailQuery())
  34       ->setViewer($xviewer)
  35       ->withAddressKeys(array($address_key))
  36       ->executeOne();
  37     if (!$email) {
  38       return new Aphront404Response();
  39     }
  40
  41     $account = $email->getAccount();
  42
  43     $can_see = PhabricatorPolicyFilter::hasCapability(
  44       $viewer,
  45       $account,
  46       PhabricatorPolicyCapability::CAN_EDIT);
  47
  48     $email_display = phutil_tag('strong', array(), $email->getAddress());
  49     $user_display = phutil_tag('strong', array(), $viewer->getUsername());
  50
  51     $actual_key = $email->getAccessKey();
  52     if (!phutil_hashes_are_identical($access_key, $actual_key)) {
  53       $dialog = $this->newDialog()
  54         ->setTitle(pht('Email Access Link Out of Date'))
  55         ->appendParagraph(
  56           pht(
  57             'You are trying to access this payment account as: %s',
  58             $email_display))
  59         ->appendParagraph(
  60           pht(
  61             'The access link you have followed is out of date and no longer '.
  62             'works.'));
  63
  64         if ($can_see) {
  65           $dialog->appendParagraph(
  66             pht(
  67               'You are currently logged in as a user (%s) who has '.
  68               'permission to manage the payment account, so you can '.
  69               'continue to the updated link.',
  70               $user_display));
  71
  72           $dialog->addCancelButton(
  73             $email->getExternalURI(),
  74             pht('Continue to Updated Link'));
  75         } else {
  76           $dialog->appendParagraph(
  77             pht(
  78               'To access information about this payment account, follow '.
  79               'a more recent link or ask a user with access to give you '.
  80               'an updated link.'));
  81         }
  82
  83       return $dialog;
  84     }
  85
  86     switch ($email->getStatus()) {
  87       case PhortuneAccountEmailStatus::STATUS_ACTIVE:
  88         break;
  89       case PhortuneAccountEmailStatus::STATUS_DISABLED:
  90         return $this->newDialog()
  91           ->setTitle(pht('Address Disabled'))
  92           ->appendParagraph(
  93             pht(
  94               'This email address (%s) has been disabled and no longer has '.
  95               'access to this payment account.',
  96               $email_display));
  97       case PhortuneAccountEmailStatus::STATUS_UNSUBSCRIBED:
  98         return $this->newDialog()
  99           ->setTitle(pht('Permanently Unsubscribed'))
 100           ->appendParagraph(
 101             pht(
 102               'This email address (%s) has been permanently unsubscribed '.
 103               'and no longer has access to this payment account.',
 104               $email_display));
 105         break;
 106       default:
 107         return new Aphront404Response();
 108     }
 109
 110     $this->email = $email;
 111
 112     return $this->handleExternalRequest($request);
 113   }
 114
 115   final protected function newExternalCrumbs() {
 116     $viewer = $this->getViewer();
 117
 118     $crumbs = new PHUICrumbsView();
 119
 120     if ($this->hasAccountEmail()) {
 121       $email = $this->getAccountEmail();
 122       $account = $email->getAccount();
 123
 124       $crumb_name = pht(
 125         'Payment Account: %s',
 126         $account->getName());
 127
 128       $crumb = id(new PHUICrumbView())
 129         ->setIcon('fa-diamond')
 130         ->setName($crumb_name)
 131         ->setHref($email->getExternalURI());
 132
 133       $crumbs
 134         ->addCrumb($crumb);
 135     } else {
 136       $crumb = id(new PHUICrumbView())
 137         ->setIcon('fa-diamond')
 138         ->setText(pht('External Account View'));
 139
 140       $crumbs->addCrumb($crumb);
 141     }
 142
 143     return $crumbs;
 144   }
 145
 146   final protected function newExternalView() {
 147     $email = $this->getAccountEmail();
 148     $xviewer = $this->getExternalViewer();
 149
 150     $origin_phid = $email->getAuthorPHID();
 151
 152     $handles = $xviewer->loadHandles(array($origin_phid));
 153
 154
 155     $messages = array();
 156     $messages[] = pht(
 157       'You are viewing this payment account as: %s',
 158       phutil_tag('strong', array(), $email->getAddress()));
 159
 160     $messages[] = pht(
 161       'This email address was added to this payment account by: %s',
 162       phutil_tag('strong', array(), $handles[$origin_phid]->getFullName()));
 163
 164     $messages[] = pht(
 165       'Anyone who has a link to this page can view order history for '.
 166       'this payment account.');
 167
 168     return id(new PHUIInfoView())
 169       ->setSeverity(PHUIInfoView::SEVERITY_WARNING)
 170       ->setErrors($messages);
 171   }
 172 }