2013-02-27 17:04:54 +01:00
|
|
|
<?php
|
|
|
|
|
|
|
|
final class DiffusionCommitQuery
|
|
|
|
extends PhabricatorCursorPagedPolicyAwareQuery {
|
|
|
|
|
2013-05-17 12:51:33 +02:00
|
|
|
private $ids;
|
2013-02-27 19:54:39 +01:00
|
|
|
private $phids;
|
2014-04-27 18:43:05 +02:00
|
|
|
private $authorPHIDs;
|
2013-05-07 03:05:33 +02:00
|
|
|
private $defaultRepository;
|
2014-04-27 18:43:05 +02:00
|
|
|
private $identifiers;
|
2013-10-30 21:06:28 +01:00
|
|
|
private $repositoryIDs;
|
2014-08-14 22:04:38 +02:00
|
|
|
private $repositoryPHIDs;
|
2014-04-27 18:43:05 +02:00
|
|
|
private $identifierMap;
|
|
|
|
|
|
|
|
private $needAuditRequests;
|
|
|
|
private $auditIDs;
|
|
|
|
private $auditorPHIDs;
|
|
|
|
private $auditAwaitingUser;
|
|
|
|
private $auditStatus;
|
2014-07-23 02:03:09 +02:00
|
|
|
|
2014-04-27 18:43:05 +02:00
|
|
|
const AUDIT_STATUS_ANY = 'audit-status-any';
|
|
|
|
const AUDIT_STATUS_OPEN = 'audit-status-open';
|
|
|
|
const AUDIT_STATUS_CONCERN = 'audit-status-concern';
|
2014-08-19 19:43:52 +02:00
|
|
|
const AUDIT_STATUS_ACCEPTED = 'audit-status-accepted';
|
|
|
|
const AUDIT_STATUS_PARTIAL = 'audit-status-partial';
|
2013-10-30 21:06:28 +01:00
|
|
|
|
|
|
|
private $needCommitData;
|
2013-02-27 17:04:54 +01:00
|
|
|
|
2014-04-27 18:43:05 +02:00
|
|
|
public function withIDs(array $ids) {
|
|
|
|
$this->ids = $ids;
|
|
|
|
return $this;
|
|
|
|
}
|
|
|
|
|
|
|
|
public function withPHIDs(array $phids) {
|
|
|
|
$this->phids = $phids;
|
|
|
|
return $this;
|
|
|
|
}
|
|
|
|
|
|
|
|
public function withAuthorPHIDs(array $phids) {
|
|
|
|
$this->authorPHIDs = $phids;
|
|
|
|
return $this;
|
|
|
|
}
|
|
|
|
|
2013-02-27 17:04:54 +01:00
|
|
|
/**
|
|
|
|
* Load commits by partial or full identifiers, e.g. "rXab82393", "rX1234",
|
|
|
|
* or "a9caf12". When an identifier matches multiple commits, they will all
|
|
|
|
* be returned; callers should be prepared to deal with more results than
|
|
|
|
* they queried for.
|
|
|
|
*/
|
|
|
|
public function withIdentifiers(array $identifiers) {
|
|
|
|
$this->identifiers = $identifiers;
|
|
|
|
return $this;
|
|
|
|
}
|
|
|
|
|
2014-04-27 18:43:05 +02:00
|
|
|
/**
|
|
|
|
* Look up commits in a specific repository. This is a shorthand for calling
|
|
|
|
* @{method:withDefaultRepository} and @{method:withRepositoryIDs}.
|
|
|
|
*/
|
|
|
|
public function withRepository(PhabricatorRepository $repository) {
|
|
|
|
$this->withDefaultRepository($repository);
|
|
|
|
$this->withRepositoryIDs(array($repository->getID()));
|
|
|
|
return $this;
|
|
|
|
}
|
|
|
|
|
2014-08-14 21:40:47 +02:00
|
|
|
/**
|
|
|
|
* Look up commits in a specific repository. Prefer
|
|
|
|
* @{method:withRepositoryIDs}; the underyling table is keyed by ID such
|
|
|
|
* that this method requires a separate initial query to map PHID to ID.
|
|
|
|
*/
|
|
|
|
public function withRepositoryPHIDs(array $phids) {
|
2014-08-14 22:04:38 +02:00
|
|
|
$this->repositoryPHIDs = $phids;
|
2014-08-14 21:40:47 +02:00
|
|
|
}
|
|
|
|
|
2013-05-07 03:05:33 +02:00
|
|
|
/**
|
|
|
|
* If a default repository is provided, ambiguous commit identifiers will
|
|
|
|
* be assumed to belong to the default repository.
|
|
|
|
*
|
|
|
|
* For example, "r123" appearing in a commit message in repository X is
|
|
|
|
* likely to be unambiguously "rX123". Normally the reference would be
|
|
|
|
* considered ambiguous, but if you provide a default repository it will
|
|
|
|
* be correctly resolved.
|
|
|
|
*/
|
|
|
|
public function withDefaultRepository(PhabricatorRepository $repository) {
|
|
|
|
$this->defaultRepository = $repository;
|
|
|
|
return $this;
|
|
|
|
}
|
|
|
|
|
2013-10-30 21:06:28 +01:00
|
|
|
public function withRepositoryIDs(array $repository_ids) {
|
|
|
|
$this->repositoryIDs = $repository_ids;
|
|
|
|
return $this;
|
|
|
|
}
|
|
|
|
|
2014-04-27 18:43:05 +02:00
|
|
|
public function needCommitData($need) {
|
|
|
|
$this->needCommitData = $need;
|
2013-05-17 12:51:33 +02:00
|
|
|
return $this;
|
|
|
|
}
|
|
|
|
|
2014-04-27 18:43:05 +02:00
|
|
|
public function needAuditRequests($need) {
|
|
|
|
$this->needAuditRequests = $need;
|
2013-02-27 19:54:39 +01:00
|
|
|
return $this;
|
|
|
|
}
|
|
|
|
|
2014-04-28 17:25:51 +02:00
|
|
|
/**
|
2014-07-23 02:03:09 +02:00
|
|
|
* Returns true if we should join the audit table, either because we're
|
|
|
|
* interested in the information if it's available or because matching rows
|
|
|
|
* must always have it.
|
2014-04-28 17:25:51 +02:00
|
|
|
*/
|
|
|
|
private function shouldJoinAudits() {
|
2014-07-10 19:16:26 +02:00
|
|
|
return $this->auditStatus ||
|
|
|
|
$this->rowsMustHaveAudits();
|
2014-04-28 17:25:51 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Return true if we should `JOIN` (vs `LEFT JOIN`) the audit table, because
|
|
|
|
* matching commits will always have audit rows.
|
|
|
|
*/
|
|
|
|
private function rowsMustHaveAudits() {
|
|
|
|
return
|
2014-04-27 18:43:05 +02:00
|
|
|
$this->auditIDs ||
|
|
|
|
$this->auditorPHIDs ||
|
2014-04-28 17:25:51 +02:00
|
|
|
$this->auditAwaitingUser;
|
2014-04-27 18:43:05 +02:00
|
|
|
}
|
2013-11-07 21:10:43 +01:00
|
|
|
|
2014-04-27 18:43:05 +02:00
|
|
|
public function withAuditIDs(array $ids) {
|
|
|
|
$this->auditIDs = $ids;
|
2013-11-07 21:10:43 +01:00
|
|
|
return $this;
|
|
|
|
}
|
|
|
|
|
2014-04-27 18:43:05 +02:00
|
|
|
public function withAuditorPHIDs(array $auditor_phids) {
|
|
|
|
$this->auditorPHIDs = $auditor_phids;
|
|
|
|
return $this;
|
|
|
|
}
|
|
|
|
|
|
|
|
public function withAuditAwaitingUser(PhabricatorUser $user) {
|
|
|
|
$this->auditAwaitingUser = $user;
|
|
|
|
return $this;
|
|
|
|
}
|
|
|
|
|
|
|
|
public function withAuditStatus($status) {
|
|
|
|
$this->auditStatus = $status;
|
2013-10-30 21:06:28 +01:00
|
|
|
return $this;
|
|
|
|
}
|
|
|
|
|
2013-07-21 19:57:07 +02:00
|
|
|
public function getIdentifierMap() {
|
|
|
|
if ($this->identifierMap === null) {
|
|
|
|
throw new Exception(
|
2015-05-22 09:27:56 +02:00
|
|
|
pht(
|
|
|
|
'You must %s the query before accessing the identifier map.',
|
|
|
|
'execute()'));
|
2013-07-21 19:57:07 +02:00
|
|
|
}
|
|
|
|
return $this->identifierMap;
|
|
|
|
}
|
|
|
|
|
2015-04-12 05:50:57 +02:00
|
|
|
protected function getPrimaryTableAlias() {
|
|
|
|
return 'commit';
|
2014-04-27 18:43:05 +02:00
|
|
|
}
|
|
|
|
|
2013-12-31 20:08:08 +01:00
|
|
|
protected function willExecute() {
|
2013-07-21 19:57:07 +02:00
|
|
|
if ($this->identifierMap === null) {
|
|
|
|
$this->identifierMap = array();
|
|
|
|
}
|
2013-12-31 20:08:08 +01:00
|
|
|
}
|
2013-07-21 19:57:07 +02:00
|
|
|
|
2013-12-31 20:08:08 +01:00
|
|
|
protected function loadPage() {
|
2013-02-27 17:04:54 +01:00
|
|
|
$table = new PhabricatorRepositoryCommit();
|
|
|
|
$conn_r = $table->establishConnection('r');
|
|
|
|
|
|
|
|
$data = queryfx_all(
|
|
|
|
$conn_r,
|
2014-07-10 19:16:26 +02:00
|
|
|
'SELECT commit.* FROM %T commit %Q %Q %Q %Q %Q',
|
2013-02-27 17:04:54 +01:00
|
|
|
$table->getTableName(),
|
2014-04-27 18:43:05 +02:00
|
|
|
$this->buildJoinClause($conn_r),
|
2013-02-27 17:04:54 +01:00
|
|
|
$this->buildWhereClause($conn_r),
|
2014-07-10 19:16:26 +02:00
|
|
|
$this->buildGroupClause($conn_r),
|
2013-02-27 17:04:54 +01:00
|
|
|
$this->buildOrderClause($conn_r),
|
|
|
|
$this->buildLimitClause($conn_r));
|
|
|
|
|
|
|
|
return $table->loadAllFromArray($data);
|
|
|
|
}
|
|
|
|
|
2013-10-30 21:06:28 +01:00
|
|
|
protected function willFilterPage(array $commits) {
|
2013-02-27 17:04:54 +01:00
|
|
|
$repository_ids = mpull($commits, 'getRepositoryID', 'getRepositoryID');
|
|
|
|
$repos = id(new PhabricatorRepositoryQuery())
|
|
|
|
->setViewer($this->getViewer())
|
|
|
|
->withIDs($repository_ids)
|
|
|
|
->execute();
|
|
|
|
|
2015-01-01 17:07:26 +01:00
|
|
|
$min_qualified = PhabricatorRepository::MINIMUM_QUALIFIED_HASH;
|
|
|
|
$result = array();
|
|
|
|
|
2013-02-27 17:04:54 +01:00
|
|
|
foreach ($commits as $key => $commit) {
|
|
|
|
$repo = idx($repos, $commit->getRepositoryID());
|
|
|
|
if ($repo) {
|
|
|
|
$commit->attachRepository($repo);
|
|
|
|
} else {
|
2015-06-15 00:35:32 +02:00
|
|
|
$this->didRejectResult($commit);
|
2013-02-27 17:04:54 +01:00
|
|
|
unset($commits[$key]);
|
2015-01-06 17:02:49 +01:00
|
|
|
continue;
|
2013-02-27 17:04:54 +01:00
|
|
|
}
|
2013-07-21 19:57:07 +02:00
|
|
|
|
2015-01-01 17:07:26 +01:00
|
|
|
// Build the identifierMap
|
|
|
|
if ($this->identifiers !== null) {
|
|
|
|
$ids = array_fuse($this->identifiers);
|
|
|
|
$prefixes = array(
|
|
|
|
'r'.$commit->getRepository()->getCallsign(),
|
|
|
|
'r'.$commit->getRepository()->getCallsign().':',
|
|
|
|
'R'.$commit->getRepository()->getID().':',
|
|
|
|
'', // No prefix is valid too and will only match the commitIdentifier
|
|
|
|
);
|
2013-07-21 19:57:07 +02:00
|
|
|
$suffix = $commit->getCommitIdentifier();
|
|
|
|
|
|
|
|
if ($commit->getRepository()->isSVN()) {
|
2015-01-01 17:07:26 +01:00
|
|
|
foreach ($prefixes as $prefix) {
|
|
|
|
if (isset($ids[$prefix.$suffix])) {
|
|
|
|
$result[$prefix.$suffix][] = $commit;
|
|
|
|
}
|
2013-07-21 19:57:07 +02:00
|
|
|
}
|
|
|
|
} else {
|
2014-07-23 02:03:09 +02:00
|
|
|
// This awkward construction is so we can link the commits up in O(N)
|
2013-07-21 19:57:07 +02:00
|
|
|
// time instead of O(N^2).
|
|
|
|
for ($ii = $min_qualified; $ii <= strlen($suffix); $ii++) {
|
|
|
|
$part = substr($suffix, 0, $ii);
|
2015-01-01 17:07:26 +01:00
|
|
|
foreach ($prefixes as $prefix) {
|
|
|
|
if (isset($ids[$prefix.$part])) {
|
|
|
|
$result[$prefix.$part][] = $commit;
|
|
|
|
}
|
2013-07-21 19:57:07 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2015-01-01 17:07:26 +01:00
|
|
|
}
|
2013-07-21 19:57:07 +02:00
|
|
|
|
2015-01-01 17:07:26 +01:00
|
|
|
if ($result) {
|
2013-07-21 19:57:07 +02:00
|
|
|
foreach ($result as $identifier => $matching_commits) {
|
|
|
|
if (count($matching_commits) == 1) {
|
|
|
|
$result[$identifier] = head($matching_commits);
|
|
|
|
} else {
|
|
|
|
// This reference is ambiguous (it matches more than one commit) so
|
2014-07-10 19:16:26 +02:00
|
|
|
// don't link it.
|
2013-07-21 19:57:07 +02:00
|
|
|
unset($result[$identifier]);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
$this->identifierMap += $result;
|
|
|
|
}
|
|
|
|
|
2013-02-27 17:04:54 +01:00
|
|
|
return $commits;
|
|
|
|
}
|
|
|
|
|
2013-10-30 21:06:28 +01:00
|
|
|
protected function didFilterPage(array $commits) {
|
|
|
|
if ($this->needCommitData) {
|
|
|
|
$data = id(new PhabricatorRepositoryCommitData())->loadAllWhere(
|
|
|
|
'commitID in (%Ld)',
|
|
|
|
mpull($commits, 'getID'));
|
|
|
|
$data = mpull($data, null, 'getCommitID');
|
|
|
|
foreach ($commits as $commit) {
|
|
|
|
$commit_data = idx($data, $commit->getID());
|
2014-05-11 01:46:32 +02:00
|
|
|
if (!$commit_data) {
|
|
|
|
$commit_data = new PhabricatorRepositoryCommitData();
|
|
|
|
}
|
2013-10-30 21:06:28 +01:00
|
|
|
$commit->attachCommitData($commit_data);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-07-10 19:16:26 +02:00
|
|
|
// TODO: This should just be `needAuditRequests`, not `shouldJoinAudits()`,
|
|
|
|
// but leave that for a future diff.
|
|
|
|
|
|
|
|
if ($this->needAuditRequests || $this->shouldJoinAudits()) {
|
|
|
|
$requests = id(new PhabricatorRepositoryAuditRequest())->loadAllWhere(
|
|
|
|
'commitPHID IN (%Ls)',
|
|
|
|
mpull($commits, 'getPHID'));
|
2014-04-27 18:43:05 +02:00
|
|
|
|
|
|
|
$requests = mgroup($requests, 'getCommitPHID');
|
|
|
|
foreach ($commits as $commit) {
|
|
|
|
$audit_requests = idx($requests, $commit->getPHID(), array());
|
|
|
|
$commit->attachAudits($audit_requests);
|
|
|
|
foreach ($audit_requests as $audit_request) {
|
|
|
|
$audit_request->attachCommit($commit);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2013-10-30 21:06:28 +01:00
|
|
|
return $commits;
|
|
|
|
}
|
|
|
|
|
Make buildWhereClause() a method of AphrontCursorPagedPolicyAwareQuery
Summary:
Ref T4100. Ref T5595.
To support a unified "Projects:" query across all applications, a future diff is going to add a set of "Edge Logic" capabilities to `PolicyAwareQuery` which write the required SELECT, JOIN, WHERE, HAVING and GROUP clauses for you.
With the addition of "Edge Logic", we'll have three systems which may need to build components of query claues: ordering/paging, customfields/applicationsearch, and edge logic.
For most clauses, queries don't currently call into the parent explicitly to get default components. I want to move more query construction logic up the class tree so it can be shared.
For most methods, this isn't a problem, but many subclasses define a `buildWhereClause()`. Make all such definitions protected and consistent.
This causes no behavioral changes.
Test Plan: Ran `arc unit --everything`, which does a pretty through job of verifying this statically.
Reviewers: btrahan
Reviewed By: btrahan
Subscribers: yelirekim, hach-que, epriestley
Maniphest Tasks: T4100, T5595
Differential Revision: https://secure.phabricator.com/D12453
2015-04-18 16:08:30 +02:00
|
|
|
protected function buildWhereClause(AphrontDatabaseConnection $conn_r) {
|
2013-02-27 17:04:54 +01:00
|
|
|
$where = array();
|
|
|
|
|
2014-08-14 22:04:38 +02:00
|
|
|
if ($this->repositoryPHIDs !== null) {
|
|
|
|
$map_repositories = id (new PhabricatorRepositoryQuery())
|
|
|
|
->setViewer($this->getViewer())
|
|
|
|
->withPHIDs($this->repositoryPHIDs)
|
|
|
|
->execute();
|
|
|
|
|
|
|
|
if (!$map_repositories) {
|
|
|
|
throw new PhabricatorEmptyQueryException();
|
|
|
|
}
|
|
|
|
$repository_ids = mpull($map_repositories, 'getID');
|
|
|
|
if ($this->repositoryIDs !== null) {
|
|
|
|
$repository_ids = array_merge($repository_ids, $this->repositoryIDs);
|
|
|
|
}
|
|
|
|
$this->withRepositoryIDs($repository_ids);
|
|
|
|
}
|
|
|
|
|
2014-04-28 17:25:51 +02:00
|
|
|
if ($this->ids !== null) {
|
2014-04-27 18:43:05 +02:00
|
|
|
$where[] = qsprintf(
|
|
|
|
$conn_r,
|
|
|
|
'commit.id IN (%Ld)',
|
|
|
|
$this->ids);
|
|
|
|
}
|
|
|
|
|
2014-04-28 17:25:51 +02:00
|
|
|
if ($this->phids !== null) {
|
2014-04-27 18:43:05 +02:00
|
|
|
$where[] = qsprintf(
|
|
|
|
$conn_r,
|
|
|
|
'commit.phid IN (%Ls)',
|
|
|
|
$this->phids);
|
|
|
|
}
|
|
|
|
|
2014-04-28 17:25:51 +02:00
|
|
|
if ($this->repositoryIDs !== null) {
|
2014-04-27 18:43:05 +02:00
|
|
|
$where[] = qsprintf(
|
|
|
|
$conn_r,
|
|
|
|
'commit.repositoryID IN (%Ld)',
|
|
|
|
$this->repositoryIDs);
|
|
|
|
}
|
|
|
|
|
2014-04-28 17:25:51 +02:00
|
|
|
if ($this->authorPHIDs !== null) {
|
2014-04-27 18:43:05 +02:00
|
|
|
$where[] = qsprintf(
|
|
|
|
$conn_r,
|
|
|
|
'commit.authorPHID IN (%Ls)',
|
|
|
|
$this->authorPHIDs);
|
|
|
|
}
|
|
|
|
|
2014-04-28 17:25:51 +02:00
|
|
|
if ($this->identifiers !== null) {
|
2013-02-27 17:04:54 +01:00
|
|
|
$min_unqualified = PhabricatorRepository::MINIMUM_UNQUALIFIED_HASH;
|
|
|
|
$min_qualified = PhabricatorRepository::MINIMUM_QUALIFIED_HASH;
|
|
|
|
|
|
|
|
$refs = array();
|
|
|
|
$bare = array();
|
|
|
|
foreach ($this->identifiers as $identifier) {
|
|
|
|
$matches = null;
|
2015-01-01 17:07:26 +01:00
|
|
|
preg_match('/^(?:[rR]([A-Z]+:?|[0-9]+:))?(.*)$/',
|
|
|
|
$identifier, $matches);
|
|
|
|
$repo = nonempty(rtrim($matches[1], ':'), null);
|
|
|
|
$commit_identifier = nonempty($matches[2], null);
|
2013-02-27 17:04:54 +01:00
|
|
|
|
2013-05-07 03:05:33 +02:00
|
|
|
if ($repo === null) {
|
|
|
|
if ($this->defaultRepository) {
|
|
|
|
$repo = $this->defaultRepository->getCallsign();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2013-02-27 17:04:54 +01:00
|
|
|
if ($repo === null) {
|
2015-01-01 17:07:26 +01:00
|
|
|
if (strlen($commit_identifier) < $min_unqualified) {
|
2013-02-27 17:04:54 +01:00
|
|
|
continue;
|
|
|
|
}
|
2015-01-01 17:07:26 +01:00
|
|
|
$bare[] = $commit_identifier;
|
2013-02-27 17:04:54 +01:00
|
|
|
} else {
|
|
|
|
$refs[] = array(
|
|
|
|
'callsign' => $repo,
|
2015-01-01 17:07:26 +01:00
|
|
|
'identifier' => $commit_identifier,
|
2013-02-27 17:04:54 +01:00
|
|
|
);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
$sql = array();
|
|
|
|
|
|
|
|
foreach ($bare as $identifier) {
|
|
|
|
$sql[] = qsprintf(
|
|
|
|
$conn_r,
|
2014-04-27 18:43:05 +02:00
|
|
|
'(commit.commitIdentifier LIKE %> AND '.
|
|
|
|
'LENGTH(commit.commitIdentifier) = 40)',
|
2013-02-27 17:04:54 +01:00
|
|
|
$identifier);
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($refs) {
|
|
|
|
$callsigns = ipull($refs, 'callsign');
|
2015-01-01 17:07:26 +01:00
|
|
|
|
2013-02-27 17:04:54 +01:00
|
|
|
$repos = id(new PhabricatorRepositoryQuery())
|
|
|
|
->setViewer($this->getViewer())
|
2015-01-01 17:07:26 +01:00
|
|
|
->withIdentifiers($callsigns);
|
|
|
|
$repos->execute();
|
|
|
|
|
|
|
|
$repos = $repos->getIdentifierMap();
|
2013-02-27 17:04:54 +01:00
|
|
|
|
|
|
|
foreach ($refs as $key => $ref) {
|
|
|
|
$repo = idx($repos, $ref['callsign']);
|
2015-01-01 17:07:26 +01:00
|
|
|
|
2013-02-27 17:04:54 +01:00
|
|
|
if (!$repo) {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($repo->isSVN()) {
|
2013-03-19 23:30:16 +01:00
|
|
|
if (!ctype_digit($ref['identifier'])) {
|
|
|
|
continue;
|
|
|
|
}
|
2013-02-27 17:04:54 +01:00
|
|
|
$sql[] = qsprintf(
|
|
|
|
$conn_r,
|
2014-04-27 18:43:05 +02:00
|
|
|
'(commit.repositoryID = %d AND commit.commitIdentifier = %s)',
|
2013-02-27 17:04:54 +01:00
|
|
|
$repo->getID(),
|
2013-06-14 03:01:40 +02:00
|
|
|
// NOTE: Because the 'commitIdentifier' column is a string, MySQL
|
|
|
|
// ignores the index if we hand it an integer. Hand it a string.
|
|
|
|
// See T3377.
|
|
|
|
(int)$ref['identifier']);
|
2013-02-27 17:04:54 +01:00
|
|
|
} else {
|
|
|
|
if (strlen($ref['identifier']) < $min_qualified) {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
$sql[] = qsprintf(
|
|
|
|
$conn_r,
|
2014-04-27 18:43:05 +02:00
|
|
|
'(commit.repositoryID = %d AND commit.commitIdentifier LIKE %>)',
|
2013-02-27 17:04:54 +01:00
|
|
|
$repo->getID(),
|
|
|
|
$ref['identifier']);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2013-03-01 20:28:02 +01:00
|
|
|
if (!$sql) {
|
2013-02-27 17:04:54 +01:00
|
|
|
// If we discarded all possible identifiers (e.g., they all referenced
|
|
|
|
// bogus repositories or were all too short), make sure the query finds
|
|
|
|
// nothing.
|
2014-01-28 02:14:21 +01:00
|
|
|
throw new PhabricatorEmptyQueryException(
|
|
|
|
pht('No commit identifiers.'));
|
2013-02-27 17:04:54 +01:00
|
|
|
}
|
2013-03-01 20:28:02 +01:00
|
|
|
|
|
|
|
$where[] = '('.implode(' OR ', $sql).')';
|
2013-02-27 17:04:54 +01:00
|
|
|
}
|
|
|
|
|
2014-04-28 17:25:51 +02:00
|
|
|
if ($this->auditIDs !== null) {
|
2013-05-17 12:51:33 +02:00
|
|
|
$where[] = qsprintf(
|
|
|
|
$conn_r,
|
2014-04-27 18:43:05 +02:00
|
|
|
'audit.id IN (%Ld)',
|
|
|
|
$this->auditIDs);
|
2013-05-17 12:51:33 +02:00
|
|
|
}
|
|
|
|
|
2014-04-28 17:25:51 +02:00
|
|
|
if ($this->auditorPHIDs !== null) {
|
2013-02-27 19:54:39 +01:00
|
|
|
$where[] = qsprintf(
|
|
|
|
$conn_r,
|
2014-04-27 18:43:05 +02:00
|
|
|
'audit.auditorPHID IN (%Ls)',
|
|
|
|
$this->auditorPHIDs);
|
2013-02-27 19:54:39 +01:00
|
|
|
}
|
|
|
|
|
2014-04-27 18:43:05 +02:00
|
|
|
if ($this->auditAwaitingUser) {
|
|
|
|
$awaiting_user_phid = $this->auditAwaitingUser->getPHID();
|
|
|
|
// Exclude package and project audits associated with commits where
|
|
|
|
// the user is the author.
|
2013-10-30 21:06:28 +01:00
|
|
|
$where[] = qsprintf(
|
|
|
|
$conn_r,
|
2014-04-27 18:43:05 +02:00
|
|
|
'(commit.authorPHID IS NULL OR commit.authorPHID != %s)
|
|
|
|
OR (audit.auditorPHID = %s)',
|
|
|
|
$awaiting_user_phid,
|
|
|
|
$awaiting_user_phid);
|
|
|
|
}
|
|
|
|
|
|
|
|
$status = $this->auditStatus;
|
|
|
|
if ($status !== null) {
|
|
|
|
switch ($status) {
|
2014-08-19 19:43:52 +02:00
|
|
|
case self::AUDIT_STATUS_PARTIAL:
|
|
|
|
$where[] = qsprintf(
|
|
|
|
$conn_r,
|
|
|
|
'commit.auditStatus = %d',
|
|
|
|
PhabricatorAuditCommitStatusConstants::PARTIALLY_AUDITED);
|
|
|
|
break;
|
|
|
|
case self::AUDIT_STATUS_ACCEPTED:
|
|
|
|
$where[] = qsprintf(
|
|
|
|
$conn_r,
|
|
|
|
'commit.auditStatus = %d',
|
|
|
|
PhabricatorAuditCommitStatusConstants::FULLY_AUDITED);
|
|
|
|
break;
|
2014-04-27 18:43:05 +02:00
|
|
|
case self::AUDIT_STATUS_CONCERN:
|
|
|
|
$where[] = qsprintf(
|
|
|
|
$conn_r,
|
|
|
|
'audit.auditStatus = %s',
|
|
|
|
PhabricatorAuditStatusConstants::CONCERNED);
|
|
|
|
break;
|
|
|
|
case self::AUDIT_STATUS_OPEN:
|
|
|
|
$where[] = qsprintf(
|
|
|
|
$conn_r,
|
|
|
|
'audit.auditStatus in (%Ls)',
|
|
|
|
PhabricatorAuditStatusConstants::getOpenStatusConstants());
|
|
|
|
if ($this->auditAwaitingUser) {
|
|
|
|
$where[] = qsprintf(
|
|
|
|
$conn_r,
|
|
|
|
'awaiting.auditStatus IS NULL OR awaiting.auditStatus != %s',
|
|
|
|
PhabricatorAuditStatusConstants::RESIGNED);
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
case self::AUDIT_STATUS_ANY:
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
$valid = array(
|
|
|
|
self::AUDIT_STATUS_ANY,
|
|
|
|
self::AUDIT_STATUS_OPEN,
|
|
|
|
self::AUDIT_STATUS_CONCERN,
|
2014-08-19 19:43:52 +02:00
|
|
|
self::AUDIT_STATUS_ACCEPTED,
|
|
|
|
self::AUDIT_STATUS_PARTIAL,
|
2014-04-27 18:43:05 +02:00
|
|
|
);
|
|
|
|
throw new Exception(
|
2015-05-22 09:27:56 +02:00
|
|
|
pht(
|
|
|
|
"Unknown audit status '%s'! Valid statuses are: %s.",
|
|
|
|
$status,
|
|
|
|
implode(', ', $valid)));
|
2014-04-27 18:43:05 +02:00
|
|
|
}
|
2013-10-30 21:06:28 +01:00
|
|
|
}
|
|
|
|
|
2014-01-28 02:14:21 +01:00
|
|
|
$where[] = $this->buildPagingClause($conn_r);
|
|
|
|
|
2013-02-27 17:04:54 +01:00
|
|
|
return $this->formatWhereClause($where);
|
|
|
|
}
|
|
|
|
|
2015-01-13 20:56:07 +01:00
|
|
|
protected function didFilterResults(array $filtered) {
|
2013-07-21 19:57:07 +02:00
|
|
|
if ($this->identifierMap) {
|
|
|
|
foreach ($this->identifierMap as $name => $commit) {
|
|
|
|
if (isset($filtered[$commit->getPHID()])) {
|
|
|
|
unset($this->identifierMap[$name]);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-04-18 16:42:23 +02:00
|
|
|
protected function buildJoinClause(AphrontDatabaseConnection $conn_r) {
|
2014-04-27 18:43:05 +02:00
|
|
|
$joins = array();
|
|
|
|
$audit_request = new PhabricatorRepositoryAuditRequest();
|
|
|
|
|
2014-04-28 17:25:51 +02:00
|
|
|
if ($this->shouldJoinAudits()) {
|
2014-04-27 18:43:05 +02:00
|
|
|
$joins[] = qsprintf(
|
|
|
|
$conn_r,
|
2014-04-28 17:25:51 +02:00
|
|
|
'%Q %T audit ON commit.phid = audit.commitPHID',
|
|
|
|
($this->rowsMustHaveAudits() ? 'JOIN' : 'LEFT JOIN'),
|
2014-04-27 18:43:05 +02:00
|
|
|
$audit_request->getTableName());
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($this->auditAwaitingUser) {
|
|
|
|
// Join the request table on the awaiting user's requests, so we can
|
|
|
|
// filter out package and project requests which the user has resigned
|
|
|
|
// from.
|
|
|
|
$joins[] = qsprintf(
|
|
|
|
$conn_r,
|
|
|
|
'LEFT JOIN %T awaiting ON audit.commitPHID = awaiting.commitPHID AND
|
|
|
|
awaiting.auditorPHID = %s',
|
|
|
|
$audit_request->getTableName(),
|
|
|
|
$this->auditAwaitingUser->getPHID());
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($joins) {
|
|
|
|
return implode(' ', $joins);
|
|
|
|
} else {
|
|
|
|
return '';
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-04-18 16:53:43 +02:00
|
|
|
protected function buildGroupClause(AphrontDatabaseConnection $conn_r) {
|
2014-07-10 19:16:26 +02:00
|
|
|
$should_group = $this->shouldJoinAudits();
|
|
|
|
|
|
|
|
// TODO: Currently, the audit table is missing a unique key, so we may
|
|
|
|
// require a GROUP BY if we perform this join. See T1768. This can be
|
|
|
|
// removed once the table has the key.
|
|
|
|
if ($this->auditAwaitingUser) {
|
|
|
|
$should_group = true;
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($should_group) {
|
|
|
|
return 'GROUP BY commit.id';
|
|
|
|
} else {
|
|
|
|
return '';
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
Lock policy queries to their applications
Summary:
While we mostly have reasonable effective object accessibility when you lock a user out of an application, it's primarily enforced at the controller level. Users can still, e.g., load the handles of objects they can't actually see. Instead, lock the queries to the applications so that you can, e.g., never load a revision if you don't have access to Differential.
This has several parts:
- For PolicyAware queries, provide an application class name method.
- If the query specifies a class name and the user doesn't have permission to use it, fail the entire query unconditionally.
- For handles, simplify query construction and count all the PHIDs as "restricted" so we get a UI full of "restricted" instead of "unknown" handles.
Test Plan:
- Added a unit test to verify I got all the class names right.
- Browsed around, logged in/out as a normal user with public policies on and off.
- Browsed around, logged in/out as a restricted user with public policies on and off. With restrictions, saw all traces of restricted apps removed or restricted.
Reviewers: btrahan
Reviewed By: btrahan
CC: aran
Differential Revision: https://secure.phabricator.com/D7367
2013-10-22 02:20:27 +02:00
|
|
|
public function getQueryApplicationClass() {
|
2014-07-23 02:03:09 +02:00
|
|
|
return 'PhabricatorDiffusionApplication';
|
Lock policy queries to their applications
Summary:
While we mostly have reasonable effective object accessibility when you lock a user out of an application, it's primarily enforced at the controller level. Users can still, e.g., load the handles of objects they can't actually see. Instead, lock the queries to the applications so that you can, e.g., never load a revision if you don't have access to Differential.
This has several parts:
- For PolicyAware queries, provide an application class name method.
- If the query specifies a class name and the user doesn't have permission to use it, fail the entire query unconditionally.
- For handles, simplify query construction and count all the PHIDs as "restricted" so we get a UI full of "restricted" instead of "unknown" handles.
Test Plan:
- Added a unit test to verify I got all the class names right.
- Browsed around, logged in/out as a normal user with public policies on and off.
- Browsed around, logged in/out as a restricted user with public policies on and off. With restrictions, saw all traces of restricted apps removed or restricted.
Reviewers: btrahan
Reviewed By: btrahan
CC: aran
Differential Revision: https://secure.phabricator.com/D7367
2013-10-22 02:20:27 +02:00
|
|
|
}
|
|
|
|
|
2013-02-27 17:04:54 +01:00
|
|
|
}
|