phorge-phorge/src/applications/diffusion/controller/DiffusionRepositoryEditDangerousController.php

<?php

final class DiffusionRepositoryEditDangerousController
  extends DiffusionRepositoryEditController {

  public function handleRequest(AphrontRequest $request) {
    $response = $this->loadDiffusionContextForEdit();
    if ($response) {
      return $response;
    }

    $viewer = $this->getViewer();
    $drequest = $this->getDiffusionRequest();
    $repository = $drequest->getRepository();

    $edit_uri = $this->getRepositoryControllerURI($repository, 'edit/');

    if (!$repository->canAllowDangerousChanges()) {
      if ($repository->isSVN()) {
        return $this->newDialog()
          ->setTitle(pht('Not in Danger'))
          ->appendParagraph(
            pht(
              'It is not possible for users to push any dangerous changes '.
              'to a Subversion repository. Pushes to a Subversion repository '.
              'can always be reverted and never destroy data.'))
          ->addCancelButton($edit_uri);
      } else {
        return $this->newDialog()
          ->setTitle(pht('Unprotectable Repository'))
          ->appendParagraph(
            pht(
              'This repository can not be protected from dangerous changes '.
              'because Phabricator does not control what users are allowed '.
              'to push to it.'))
          ->addCancelButton($edit_uri);
      }
    }

    if ($request->isFormPost()) {
      $xaction = id(new PhabricatorRepositoryTransaction())
        ->setTransactionType(PhabricatorRepositoryTransaction::TYPE_DANGEROUS)
        ->setNewValue(!$repository->shouldAllowDangerousChanges());

      $editor = id(new PhabricatorRepositoryEditor())
        ->setContinueOnNoEffect(true)
        ->setContentSourceFromRequest($request)
        ->setActor($viewer)
        ->applyTransactions($repository, array($xaction));

      return id(new AphrontReloadResponse())->setURI($edit_uri);
    }

    $force = phutil_tag('tt', array(), '--force');

    if ($repository->shouldAllowDangerousChanges()) {
      return $this->newDialog()
        ->setTitle(pht('Prevent Dangerous changes?'))
        ->appendChild(
          pht(
            'It will no longer be possible to delete branches from this '.
            'repository, or %s push to this repository.',
            $force))
        ->addSubmitButton(pht('Prevent Dangerous Changes'))
        ->addCancelButton($edit_uri);
    } else {
      return $this->newDialog()
        ->setTitle(pht('Allow Dangerous Changes?'))
        ->appendChild(
          pht(
            'If you allow dangerous changes, it will be possible to delete '.
            'branches and %s push this repository. These operations can '.
            'alter a repository in a way that is difficult to recover from.',
            $force))
        ->addSubmitButton(pht('Allow Dangerous Changes'))
        ->addCancelButton($edit_uri);
    }
  }

}
Reject dangerous changes in Git repositories by default Summary: Ref T4189. This adds a per-repository "dangerous changes" flag, which defaults to off. This flag must be enabled to do non-appending branch mutation (delete branches / rewrite history). Test Plan: With flag on and off, performed various safe and dangerous pushes. >>> orbital ~/repos/POEMS $ git push origin :blarp remote: +---------------------------------------------------------------+ remote: \| * * * PUSH REJECTED BY EVIL DRAGON BUREAUCRATS * * * \| remote: +---------------------------------------------------------------+ remote: \ remote: \ ^ /^ remote: \ / \ // \ remote: \ \|\___/\| / \// .\ remote: \ /V V \__ / // \| \ \ ---- remote: / / \/_/ // \| \ \ \ \| remote: @___@` \/_ // \| \ \ \/\ \ remote: 0/0/\| \/_ // \| \ \ \ \ remote: 0/0/0/0/\| \/// \| \ \ \| \| remote: 0/0/0/0/0/_\|_ / ( // \| \ _\ \| / remote: 0/0/0/0/0/0/`/,_ _ _/ ) ; -. \| _ _\.-~ / / remote: ,-} _ -.\|.-~-. .~ ~ remote: \ \__/ `/\ / ~-. _ .-~ / remote: \____(Oo) . } { / remote: ( (--) .----~-.\ \-` .~ remote: //__\\ \ DENIED! ///.----..< \ _ -~ remote: // \\ ///-._ _ _ _ _ _ _{^ - - - - ~ remote: remote: remote: DANGEROUS CHANGE: The change you're attempting to push deletes the branch 'blarp'. remote: Dangerous change protection is enabled for this repository. remote: Edit the repository configuration before making dangerous changes. remote: To ssh://dweller@localhost/diffusion/POEMS/ ! [remote rejected] blarp (pre-receive hook declined) error: failed to push some refs to 'ssh://dweller@localhost/diffusion/POEMS/' Reviewers: btrahan Reviewed By: btrahan CC: aran, chad, richardvanvelzen Maniphest Tasks: T4189 Differential Revision: https://secure.phabricator.com/D7689 2013-12-03 19:28:39 +01:00			`<?php`

			`final class DiffusionRepositoryEditDangerousController`
			`extends DiffusionRepositoryEditController {`

Slightly modernize all Diffusion edit endpoints Summary: Ref T4245. Prepares edit endpoints for more flexible repository identifiers. Test Plan: - Added, edited, deleted mirror. - Created repository. - Edited basic repository information. - Edited policies for a repository. - Activated/deactivated repository. - Updated a repository. - Hit "Delete" dialog for a repository. - Edited hosting. - Toggled dangerous changes. - Edited branches. - Edited automation. - Tested automation. - Edited storage. - Edited staging. - Edited encoding. - Edited symbols. - Edited branches. - Edited actions. - Tried to do edits as an unprivileged user. Reviewers: chad Reviewed By: chad Maniphest Tasks: T4245 Differential Revision: https://secure.phabricator.com/D14945 2016-01-05 17:49:10 +01:00			`public function handleRequest(AphrontRequest $request) {`
			`$response = $this->loadDiffusionContextForEdit();`
			`if ($response) {`
			`return $response;`
Reject dangerous changes in Git repositories by default Summary: Ref T4189. This adds a per-repository "dangerous changes" flag, which defaults to off. This flag must be enabled to do non-appending branch mutation (delete branches / rewrite history). Test Plan: With flag on and off, performed various safe and dangerous pushes. >>> orbital ~/repos/POEMS $ git push origin :blarp remote: +---------------------------------------------------------------+ remote: \| * * * PUSH REJECTED BY EVIL DRAGON BUREAUCRATS * * * \| remote: +---------------------------------------------------------------+ remote: \ remote: \ ^ /^ remote: \ / \ // \ remote: \ \|\___/\| / \// .\ remote: \ /V V \__ / // \| \ \ ---- remote: / / \/_/ // \| \ \ \ \| remote: @___@` \/_ // \| \ \ \/\ \ remote: 0/0/\| \/_ // \| \ \ \ \ remote: 0/0/0/0/\| \/// \| \ \ \| \| remote: 0/0/0/0/0/_\|_ / ( // \| \ _\ \| / remote: 0/0/0/0/0/0/`/,_ _ _/ ) ; -. \| _ _\.-~ / / remote: ,-} _ -.\|.-~-. .~ ~ remote: \ \__/ `/\ / ~-. _ .-~ / remote: \____(Oo) . } { / remote: ( (--) .----~-.\ \-` .~ remote: //__\\ \ DENIED! ///.----..< \ _ -~ remote: // \\ ///-._ _ _ _ _ _ _{^ - - - - ~ remote: remote: remote: DANGEROUS CHANGE: The change you're attempting to push deletes the branch 'blarp'. remote: Dangerous change protection is enabled for this repository. remote: Edit the repository configuration before making dangerous changes. remote: To ssh://dweller@localhost/diffusion/POEMS/ ! [remote rejected] blarp (pre-receive hook declined) error: failed to push some refs to 'ssh://dweller@localhost/diffusion/POEMS/' Reviewers: btrahan Reviewed By: btrahan CC: aran, chad, richardvanvelzen Maniphest Tasks: T4189 Differential Revision: https://secure.phabricator.com/D7689 2013-12-03 19:28:39 +01:00			`}`

Slightly modernize all Diffusion edit endpoints Summary: Ref T4245. Prepares edit endpoints for more flexible repository identifiers. Test Plan: - Added, edited, deleted mirror. - Created repository. - Edited basic repository information. - Edited policies for a repository. - Activated/deactivated repository. - Updated a repository. - Hit "Delete" dialog for a repository. - Edited hosting. - Toggled dangerous changes. - Edited branches. - Edited automation. - Tested automation. - Edited storage. - Edited staging. - Edited encoding. - Edited symbols. - Edited branches. - Edited actions. - Tried to do edits as an unprivileged user. Reviewers: chad Reviewed By: chad Maniphest Tasks: T4245 Differential Revision: https://secure.phabricator.com/D14945 2016-01-05 17:49:10 +01:00			`$viewer = $this->getViewer();`
			`$drequest = $this->getDiffusionRequest();`
			`$repository = $drequest->getRepository();`

Split Repository EditEngine form into smaller pages Summary: Ref T10748. This allows an EditEngine form to be broken up into pages. This is less powerful than `PHUIPagedFormView`, because the pages are not sequential / stateful. Each form saves immediately once it's submitted, and can not take you to a new form or back/forward in a series of forms. For example, you can't create a workflow where the user fills out 5 pages of information before we create an object, like the current repository workflow does. However, the only place we've ever wanted to do this is repositories and it's fairly bad there, so I feel reasonably confident we aren't going to miss this in the future. (We do "choose a type of service/repository/rule -> fill out one page of info" fairly often, but can do this without the full-power paging stuff.) Test Plan: - Created a repository usin the new Manage UI, filling out only a handful of fields. - Edited a repository using the new Manage UI. - All forms are now EditEngine forms offering paged views of the big huge underlying form: {F1254371} Reviewers: chad Reviewed By: chad Maniphest Tasks: T10748 Differential Revision: https://secure.phabricator.com/D15832 2016-05-02 14:35:05 +02:00			`$edit_uri = $this->getRepositoryControllerURI($repository, 'edit/');`

Reject dangerous changes in Git repositories by default Summary: Ref T4189. This adds a per-repository "dangerous changes" flag, which defaults to off. This flag must be enabled to do non-appending branch mutation (delete branches / rewrite history). Test Plan: With flag on and off, performed various safe and dangerous pushes. >>> orbital ~/repos/POEMS $ git push origin :blarp remote: +---------------------------------------------------------------+ remote: \| * * * PUSH REJECTED BY EVIL DRAGON BUREAUCRATS * * * \| remote: +---------------------------------------------------------------+ remote: \ remote: \ ^ /^ remote: \ / \ // \ remote: \ \|\___/\| / \// .\ remote: \ /V V \__ / // \| \ \ ---- remote: / / \/_/ // \| \ \ \ \| remote: @___@` \/_ // \| \ \ \/\ \ remote: 0/0/\| \/_ // \| \ \ \ \ remote: 0/0/0/0/\| \/// \| \ \ \| \| remote: 0/0/0/0/0/_\|_ / ( // \| \ _\ \| / remote: 0/0/0/0/0/0/`/,_ _ _/ ) ; -. \| _ _\.-~ / / remote: ,-} _ -.\|.-~-. .~ ~ remote: \ \__/ `/\ / ~-. _ .-~ / remote: \____(Oo) . } { / remote: ( (--) .----~-.\ \-` .~ remote: //__\\ \ DENIED! ///.----..< \ _ -~ remote: // \\ ///-._ _ _ _ _ _ _{^ - - - - ~ remote: remote: remote: DANGEROUS CHANGE: The change you're attempting to push deletes the branch 'blarp'. remote: Dangerous change protection is enabled for this repository. remote: Edit the repository configuration before making dangerous changes. remote: To ssh://dweller@localhost/diffusion/POEMS/ ! [remote rejected] blarp (pre-receive hook declined) error: failed to push some refs to 'ssh://dweller@localhost/diffusion/POEMS/' Reviewers: btrahan Reviewed By: btrahan CC: aran, chad, richardvanvelzen Maniphest Tasks: T4189 Differential Revision: https://secure.phabricator.com/D7689 2013-12-03 19:28:39 +01:00			`if (!$repository->canAllowDangerousChanges()) {`
Split Repository EditEngine form into smaller pages Summary: Ref T10748. This allows an EditEngine form to be broken up into pages. This is less powerful than `PHUIPagedFormView`, because the pages are not sequential / stateful. Each form saves immediately once it's submitted, and can not take you to a new form or back/forward in a series of forms. For example, you can't create a workflow where the user fills out 5 pages of information before we create an object, like the current repository workflow does. However, the only place we've ever wanted to do this is repositories and it's fairly bad there, so I feel reasonably confident we aren't going to miss this in the future. (We do "choose a type of service/repository/rule -> fill out one page of info" fairly often, but can do this without the full-power paging stuff.) Test Plan: - Created a repository usin the new Manage UI, filling out only a handful of fields. - Edited a repository using the new Manage UI. - All forms are now EditEngine forms offering paged views of the big huge underlying form: {F1254371} Reviewers: chad Reviewed By: chad Maniphest Tasks: T10748 Differential Revision: https://secure.phabricator.com/D15832 2016-05-02 14:35:05 +02:00			`if ($repository->isSVN()) {`
			`return $this->newDialog()`
			`->setTitle(pht('Not in Danger'))`
			`->appendParagraph(`
			`pht(`
			`'It is not possible for users to push any dangerous changes '.`
			`'to a Subversion repository. Pushes to a Subversion repository '.`
			`'can always be reverted and never destroy data.'))`
			`->addCancelButton($edit_uri);`
			`} else {`
			`return $this->newDialog()`
			`->setTitle(pht('Unprotectable Repository'))`
			`->appendParagraph(`
			`pht(`
			`'This repository can not be protected from dangerous changes '.`
			`'because Phabricator does not control what users are allowed '.`
			`'to push to it.'))`
			`->addCancelButton($edit_uri);`
			`}`
Reject dangerous changes in Git repositories by default Summary: Ref T4189. This adds a per-repository "dangerous changes" flag, which defaults to off. This flag must be enabled to do non-appending branch mutation (delete branches / rewrite history). Test Plan: With flag on and off, performed various safe and dangerous pushes. >>> orbital ~/repos/POEMS $ git push origin :blarp remote: +---------------------------------------------------------------+ remote: \| * * * PUSH REJECTED BY EVIL DRAGON BUREAUCRATS * * * \| remote: +---------------------------------------------------------------+ remote: \ remote: \ ^ /^ remote: \ / \ // \ remote: \ \|\___/\| / \// .\ remote: \ /V V \__ / // \| \ \ ---- remote: / / \/_/ // \| \ \ \ \| remote: @___@` \/_ // \| \ \ \/\ \ remote: 0/0/\| \/_ // \| \ \ \ \ remote: 0/0/0/0/\| \/// \| \ \ \| \| remote: 0/0/0/0/0/_\|_ / ( // \| \ _\ \| / remote: 0/0/0/0/0/0/`/,_ _ _/ ) ; -. \| _ _\.-~ / / remote: ,-} _ -.\|.-~-. .~ ~ remote: \ \__/ `/\ / ~-. _ .-~ / remote: \____(Oo) . } { / remote: ( (--) .----~-.\ \-` .~ remote: //__\\ \ DENIED! ///.----..< \ _ -~ remote: // \\ ///-._ _ _ _ _ _ _{^ - - - - ~ remote: remote: remote: DANGEROUS CHANGE: The change you're attempting to push deletes the branch 'blarp'. remote: Dangerous change protection is enabled for this repository. remote: Edit the repository configuration before making dangerous changes. remote: To ssh://dweller@localhost/diffusion/POEMS/ ! [remote rejected] blarp (pre-receive hook declined) error: failed to push some refs to 'ssh://dweller@localhost/diffusion/POEMS/' Reviewers: btrahan Reviewed By: btrahan CC: aran, chad, richardvanvelzen Maniphest Tasks: T4189 Differential Revision: https://secure.phabricator.com/D7689 2013-12-03 19:28:39 +01:00			`}`

			`if ($request->isFormPost()) {`
			`$xaction = id(new PhabricatorRepositoryTransaction())`
			`->setTransactionType(PhabricatorRepositoryTransaction::TYPE_DANGEROUS)`
			`->setNewValue(!$repository->shouldAllowDangerousChanges());`

			`$editor = id(new PhabricatorRepositoryEditor())`
			`->setContinueOnNoEffect(true)`
			`->setContentSourceFromRequest($request)`
			`->setActor($viewer)`
			`->applyTransactions($repository, array($xaction));`

			`return id(new AphrontReloadResponse())->setURI($edit_uri);`
			`}`

			`$force = phutil_tag('tt', array(), '--force');`

			`if ($repository->shouldAllowDangerousChanges()) {`
Slightly modernize all Diffusion edit endpoints Summary: Ref T4245. Prepares edit endpoints for more flexible repository identifiers. Test Plan: - Added, edited, deleted mirror. - Created repository. - Edited basic repository information. - Edited policies for a repository. - Activated/deactivated repository. - Updated a repository. - Hit "Delete" dialog for a repository. - Edited hosting. - Toggled dangerous changes. - Edited branches. - Edited automation. - Tested automation. - Edited storage. - Edited staging. - Edited encoding. - Edited symbols. - Edited branches. - Edited actions. - Tried to do edits as an unprivileged user. Reviewers: chad Reviewed By: chad Maniphest Tasks: T4245 Differential Revision: https://secure.phabricator.com/D14945 2016-01-05 17:49:10 +01:00			`return $this->newDialog()`
Reject dangerous changes in Git repositories by default Summary: Ref T4189. This adds a per-repository "dangerous changes" flag, which defaults to off. This flag must be enabled to do non-appending branch mutation (delete branches / rewrite history). Test Plan: With flag on and off, performed various safe and dangerous pushes. >>> orbital ~/repos/POEMS $ git push origin :blarp remote: +---------------------------------------------------------------+ remote: \| * * * PUSH REJECTED BY EVIL DRAGON BUREAUCRATS * * * \| remote: +---------------------------------------------------------------+ remote: \ remote: \ ^ /^ remote: \ / \ // \ remote: \ \|\___/\| / \// .\ remote: \ /V V \__ / // \| \ \ ---- remote: / / \/_/ // \| \ \ \ \| remote: @___@` \/_ // \| \ \ \/\ \ remote: 0/0/\| \/_ // \| \ \ \ \ remote: 0/0/0/0/\| \/// \| \ \ \| \| remote: 0/0/0/0/0/_\|_ / ( // \| \ _\ \| / remote: 0/0/0/0/0/0/`/,_ _ _/ ) ; -. \| _ _\.-~ / / remote: ,-} _ -.\|.-~-. .~ ~ remote: \ \__/ `/\ / ~-. _ .-~ / remote: \____(Oo) . } { / remote: ( (--) .----~-.\ \-` .~ remote: //__\\ \ DENIED! ///.----..< \ _ -~ remote: // \\ ///-._ _ _ _ _ _ _{^ - - - - ~ remote: remote: remote: DANGEROUS CHANGE: The change you're attempting to push deletes the branch 'blarp'. remote: Dangerous change protection is enabled for this repository. remote: Edit the repository configuration before making dangerous changes. remote: To ssh://dweller@localhost/diffusion/POEMS/ ! [remote rejected] blarp (pre-receive hook declined) error: failed to push some refs to 'ssh://dweller@localhost/diffusion/POEMS/' Reviewers: btrahan Reviewed By: btrahan CC: aran, chad, richardvanvelzen Maniphest Tasks: T4189 Differential Revision: https://secure.phabricator.com/D7689 2013-12-03 19:28:39 +01:00			`->setTitle(pht('Prevent Dangerous changes?'))`
			`->appendChild(`
			`pht(`
			`'It will no longer be possible to delete branches from this '.`
			`'repository, or %s push to this repository.',`
			`$force))`
			`->addSubmitButton(pht('Prevent Dangerous Changes'))`
			`->addCancelButton($edit_uri);`
			`} else {`
Slightly modernize all Diffusion edit endpoints Summary: Ref T4245. Prepares edit endpoints for more flexible repository identifiers. Test Plan: - Added, edited, deleted mirror. - Created repository. - Edited basic repository information. - Edited policies for a repository. - Activated/deactivated repository. - Updated a repository. - Hit "Delete" dialog for a repository. - Edited hosting. - Toggled dangerous changes. - Edited branches. - Edited automation. - Tested automation. - Edited storage. - Edited staging. - Edited encoding. - Edited symbols. - Edited branches. - Edited actions. - Tried to do edits as an unprivileged user. Reviewers: chad Reviewed By: chad Maniphest Tasks: T4245 Differential Revision: https://secure.phabricator.com/D14945 2016-01-05 17:49:10 +01:00			`return $this->newDialog()`
Reject dangerous changes in Git repositories by default Summary: Ref T4189. This adds a per-repository "dangerous changes" flag, which defaults to off. This flag must be enabled to do non-appending branch mutation (delete branches / rewrite history). Test Plan: With flag on and off, performed various safe and dangerous pushes. >>> orbital ~/repos/POEMS $ git push origin :blarp remote: +---------------------------------------------------------------+ remote: \| * * * PUSH REJECTED BY EVIL DRAGON BUREAUCRATS * * * \| remote: +---------------------------------------------------------------+ remote: \ remote: \ ^ /^ remote: \ / \ // \ remote: \ \|\___/\| / \// .\ remote: \ /V V \__ / // \| \ \ ---- remote: / / \/_/ // \| \ \ \ \| remote: @___@` \/_ // \| \ \ \/\ \ remote: 0/0/\| \/_ // \| \ \ \ \ remote: 0/0/0/0/\| \/// \| \ \ \| \| remote: 0/0/0/0/0/_\|_ / ( // \| \ _\ \| / remote: 0/0/0/0/0/0/`/,_ _ _/ ) ; -. \| _ _\.-~ / / remote: ,-} _ -.\|.-~-. .~ ~ remote: \ \__/ `/\ / ~-. _ .-~ / remote: \____(Oo) . } { / remote: ( (--) .----~-.\ \-` .~ remote: //__\\ \ DENIED! ///.----..< \ _ -~ remote: // \\ ///-._ _ _ _ _ _ _{^ - - - - ~ remote: remote: remote: DANGEROUS CHANGE: The change you're attempting to push deletes the branch 'blarp'. remote: Dangerous change protection is enabled for this repository. remote: Edit the repository configuration before making dangerous changes. remote: To ssh://dweller@localhost/diffusion/POEMS/ ! [remote rejected] blarp (pre-receive hook declined) error: failed to push some refs to 'ssh://dweller@localhost/diffusion/POEMS/' Reviewers: btrahan Reviewed By: btrahan CC: aran, chad, richardvanvelzen Maniphest Tasks: T4189 Differential Revision: https://secure.phabricator.com/D7689 2013-12-03 19:28:39 +01:00			`->setTitle(pht('Allow Dangerous Changes?'))`
			`->appendChild(`
			`pht(`
			`'If you allow dangerous changes, it will be possible to delete '.`
			`'branches and %s push this repository. These operations can '.`
			`'alter a repository in a way that is difficult to recover from.',`
			`$force))`
			`->addSubmitButton(pht('Allow Dangerous Changes'))`
			`->addCancelButton($edit_uri);`
			`}`
			`}`

			`}`