phorge-phorge/src/applications/diffusion/controller/DiffusionRepositoryEditDangerousController.php

<?php

final class DiffusionRepositoryEditDangerousController
  extends DiffusionRepositoryEditController {

  public function processRequest() {
    $request = $this->getRequest();
    $viewer = $request->getUser();
    $drequest = $this->diffusionRequest;
    $repository = $drequest->getRepository();

    $repository = id(new PhabricatorRepositoryQuery())
      ->setViewer($viewer)
      ->requireCapabilities(
        array(
          PhabricatorPolicyCapability::CAN_VIEW,
          PhabricatorPolicyCapability::CAN_EDIT,
        ))
      ->withIDs(array($repository->getID()))
      ->executeOne();

    if (!$repository) {
      return new Aphront404Response();
    }

    if (!$repository->canAllowDangerousChanges()) {
      return new Aphront400Response();
    }

    $edit_uri = $this->getRepositoryControllerURI($repository, 'edit/');

    if ($request->isFormPost()) {
      $xaction = id(new PhabricatorRepositoryTransaction())
        ->setTransactionType(PhabricatorRepositoryTransaction::TYPE_DANGEROUS)
        ->setNewValue(!$repository->shouldAllowDangerousChanges());

      $editor = id(new PhabricatorRepositoryEditor())
        ->setContinueOnNoEffect(true)
        ->setContentSourceFromRequest($request)
        ->setActor($viewer)
        ->applyTransactions($repository, array($xaction));

      return id(new AphrontReloadResponse())->setURI($edit_uri);
    }

    $dialog = id(new AphrontDialogView())
      ->setUser($viewer);

    $force = phutil_tag('tt', array(), '--force');

    if ($repository->shouldAllowDangerousChanges()) {
      $dialog
        ->setTitle(pht('Prevent Dangerous changes?'))
        ->appendChild(
          pht(
            'It will no longer be possible to delete branches from this '.
            'repository, or %s push to this repository.',
            $force))
        ->addSubmitButton(pht('Prevent Dangerous Changes'))
        ->addCancelButton($edit_uri);
    } else {
      $dialog
        ->setTitle(pht('Allow Dangerous Changes?'))
        ->appendChild(
          pht(
            'If you allow dangerous changes, it will be possible to delete '.
            'branches and %s push this repository. These operations can '.
            'alter a repository in a way that is difficult to recover from.',
            $force))
        ->addSubmitButton(pht('Allow Dangerous Changes'))
        ->addCancelButton($edit_uri);
    }

    return id(new AphrontDialogResponse())
      ->setDialog($dialog);
  }

}
Reject dangerous changes in Git repositories by default Summary: Ref T4189. This adds a per-repository "dangerous changes" flag, which defaults to off. This flag must be enabled to do non-appending branch mutation (delete branches / rewrite history). Test Plan: With flag on and off, performed various safe and dangerous pushes. >>> orbital ~/repos/POEMS $ git push origin :blarp remote: +---------------------------------------------------------------+ remote: \| * * * PUSH REJECTED BY EVIL DRAGON BUREAUCRATS * * * \| remote: +---------------------------------------------------------------+ remote: \ remote: \ ^ /^ remote: \ / \ // \ remote: \ \|\___/\| / \// .\ remote: \ /V V \__ / // \| \ \ ---- remote: / / \/_/ // \| \ \ \ \| remote: @___@` \/_ // \| \ \ \/\ \ remote: 0/0/\| \/_ // \| \ \ \ \ remote: 0/0/0/0/\| \/// \| \ \ \| \| remote: 0/0/0/0/0/_\|_ / ( // \| \ _\ \| / remote: 0/0/0/0/0/0/`/,_ _ _/ ) ; -. \| _ _\.-~ / / remote: ,-} _ -.\|.-~-. .~ ~ remote: \ \__/ `/\ / ~-. _ .-~ / remote: \____(Oo) . } { / remote: ( (--) .----~-.\ \-` .~ remote: //__\\ \ DENIED! ///.----..< \ _ -~ remote: // \\ ///-._ _ _ _ _ _ _{^ - - - - ~ remote: remote: remote: DANGEROUS CHANGE: The change you're attempting to push deletes the branch 'blarp'. remote: Dangerous change protection is enabled for this repository. remote: Edit the repository configuration before making dangerous changes. remote: To ssh://dweller@localhost/diffusion/POEMS/ ! [remote rejected] blarp (pre-receive hook declined) error: failed to push some refs to 'ssh://dweller@localhost/diffusion/POEMS/' Reviewers: btrahan Reviewed By: btrahan CC: aran, chad, richardvanvelzen Maniphest Tasks: T4189 Differential Revision: https://secure.phabricator.com/D7689 2013-12-03 19:28:39 +01:00			`<?php`

			`final class DiffusionRepositoryEditDangerousController`
			`extends DiffusionRepositoryEditController {`

			`public function processRequest() {`
			`$request = $this->getRequest();`
			`$viewer = $request->getUser();`
			`$drequest = $this->diffusionRequest;`
			`$repository = $drequest->getRepository();`

			`$repository = id(new PhabricatorRepositoryQuery())`
			`->setViewer($viewer)`
			`->requireCapabilities(`
			`array(`
			`PhabricatorPolicyCapability::CAN_VIEW,`
			`PhabricatorPolicyCapability::CAN_EDIT,`
			`))`
			`->withIDs(array($repository->getID()))`
			`->executeOne();`

			`if (!$repository) {`
			`return new Aphront404Response();`
			`}`

			`if (!$repository->canAllowDangerousChanges()) {`
			`return new Aphront400Response();`
			`}`

			`$edit_uri = $this->getRepositoryControllerURI($repository, 'edit/');`

			`if ($request->isFormPost()) {`
			`$xaction = id(new PhabricatorRepositoryTransaction())`
			`->setTransactionType(PhabricatorRepositoryTransaction::TYPE_DANGEROUS)`
			`->setNewValue(!$repository->shouldAllowDangerousChanges());`

			`$editor = id(new PhabricatorRepositoryEditor())`
			`->setContinueOnNoEffect(true)`
			`->setContentSourceFromRequest($request)`
			`->setActor($viewer)`
			`->applyTransactions($repository, array($xaction));`

			`return id(new AphrontReloadResponse())->setURI($edit_uri);`
			`}`

			`$dialog = id(new AphrontDialogView())`
			`->setUser($viewer);`

			`$force = phutil_tag('tt', array(), '--force');`

			`if ($repository->shouldAllowDangerousChanges()) {`
			`$dialog`
			`->setTitle(pht('Prevent Dangerous changes?'))`
			`->appendChild(`
			`pht(`
			`'It will no longer be possible to delete branches from this '.`
			`'repository, or %s push to this repository.',`
			`$force))`
			`->addSubmitButton(pht('Prevent Dangerous Changes'))`
			`->addCancelButton($edit_uri);`
			`} else {`
			`$dialog`
			`->setTitle(pht('Allow Dangerous Changes?'))`
			`->appendChild(`
			`pht(`
			`'If you allow dangerous changes, it will be possible to delete '.`
			`'branches and %s push this repository. These operations can '.`
			`'alter a repository in a way that is difficult to recover from.',`
			`$force))`
			`->addSubmitButton(pht('Allow Dangerous Changes'))`
			`->addCancelButton($edit_uri);`
			`}`

			`return id(new AphrontDialogResponse())`
			`->setDialog($dialog);`
			`}`

			`}`