src/applications/auth/storage/PhabricatorAuthInvite.php

   1 <?php
   2
   3 final class PhabricatorAuthInvite
   4   extends PhabricatorUserDAO
   5   implements PhabricatorPolicyInterface {
   6
   7   protected $authorPHID;
   8   protected $emailAddress;
   9   protected $verificationHash;
  10   protected $acceptedByPHID;
  11
  12   private $verificationCode;
  13   private $viewerHasVerificationCode;
  14
  15   protected function getConfiguration() {
  16     return array(
  17       self::CONFIG_AUX_PHID => true,
  18       self::CONFIG_COLUMN_SCHEMA => array(
  19         'emailAddress' => 'sort128',
  20         'verificationHash' => 'bytes12',
  21         'acceptedByPHID' => 'phid?',
  22       ),
  23       self::CONFIG_KEY_SCHEMA => array(
  24         'key_address' => array(
  25           'columns' => array('emailAddress'),
  26           'unique' => true,
  27         ),
  28         'key_code' => array(
  29           'columns' => array('verificationHash'),
  30           'unique' => true,
  31         ),
  32       ),
  33     ) + parent::getConfiguration();
  34   }
  35
  36   public function generatePHID() {
  37     return PhabricatorPHID::generateNewPHID(
  38       PhabricatorAuthInvitePHIDType::TYPECONST);
  39   }
  40
  41   public function regenerateVerificationCode() {
  42     $this->verificationCode = Filesystem::readRandomCharacters(16);
  43     $this->verificationHash = null;
  44     return $this;
  45   }
  46
  47   public function getVerificationCode() {
  48     if (!$this->verificationCode) {
  49       if ($this->verificationHash) {
  50         throw new Exception(
  51           pht(
  52             'Verification code can not be regenerated after an invite is '.
  53             'created.'));
  54       }
  55       $this->regenerateVerificationCode();
  56     }
  57     return $this->verificationCode;
  58   }
  59
  60   public function save() {
  61     if (!$this->getVerificationHash()) {
  62       $hash = PhabricatorHash::digestForIndex($this->getVerificationCode());
  63       $this->setVerificationHash($hash);
  64     }
  65
  66     return parent::save();
  67   }
  68
  69   public function setViewerHasVerificationCode($loaded) {
  70     $this->viewerHasVerificationCode = $loaded;
  71     return $this;
  72   }
  73
  74
  75 /* -(  PhabricatorPolicyInterface  )----------------------------------------- */
  76
  77
  78   public function getCapabilities() {
  79     return array(
  80       PhabricatorPolicyCapability::CAN_VIEW,
  81     );
  82   }
  83
  84   public function getPolicy($capability) {
  85     switch ($capability) {
  86       case PhabricatorPolicyCapability::CAN_VIEW:
  87         return PhabricatorPolicies::POLICY_ADMIN;
  88     }
  89   }
  90
  91   public function hasAutomaticCapability($capability, PhabricatorUser $viewer) {
  92     if ($this->viewerHasVerificationCode) {
  93       return true;
  94     }
  95
  96     if ($viewer->getPHID()) {
  97       if ($viewer->getPHID() == $this->getAuthorPHID()) {
  98         // You can see invites you sent.
  99         return true;
 100       }
 101
 102       if ($viewer->getPHID() == $this->getAcceptedByPHID()) {
 103         // You can see invites you have accepted.
 104         return true;
 105       }
 106     }
 107
 108     return false;
 109   }
 110
 111   public function describeAutomaticCapability($capability) {
 112     return pht(
 113       'Invites are visible to administrators, the inviting user, users with '.
 114       'an invite code, and the user who accepts the invite.');
 115   }
 116
 117 }