Add bin/policy unlock

Summary: Ref T603. We might need a fine-grained CLI tool later on, but here's a bat we can bludgeon things with. Test Plan: - Ran `bin/policy unlock D12` (adjusted policies). - Ran `bin/policy unlock rPca85c457ebcb` (got "not mutable" stuff). Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T603 Differential Revision: https://secure.phabricator.com/D7189
2024-11-09 16:32:39 +01:00 · 2013-10-01 16:01:15 -07:00 · 2013-10-01 16:01:15 -07:00 · 1d1ecb5629
commit 1d1ecb5629
parent fb93fd007f
3 changed files with 107 additions and 0 deletions
--- a/scripts/setup/manage_policy.php
+++ b/scripts/setup/manage_policy.php
@ -16,6 +16,7 @@ $args->parseStandardArguments();

 $workflows = array(
  new PhabricatorPolicyManagementShowWorkflow(),
+  new PhabricatorPolicyManagementUnlockWorkflow(),
  new PhutilHelpArgumentWorkflow(),
 );

--- a/src/__phutil_library_map__.php
+++ b/src/__phutil_library_map__.php
@ -1469,6 +1469,7 @@ phutil_register_library_map(array(
    'PhabricatorPolicyFilter' => 'applications/policy/filter/PhabricatorPolicyFilter.php',
    'PhabricatorPolicyInterface' => 'applications/policy/interface/PhabricatorPolicyInterface.php',
    'PhabricatorPolicyManagementShowWorkflow' => 'applications/policy/management/PhabricatorPolicyManagementShowWorkflow.php',
+    'PhabricatorPolicyManagementUnlockWorkflow' => 'applications/policy/management/PhabricatorPolicyManagementUnlockWorkflow.php',
    'PhabricatorPolicyManagementWorkflow' => 'applications/policy/management/PhabricatorPolicyManagementWorkflow.php',
    'PhabricatorPolicyQuery' => 'applications/policy/query/PhabricatorPolicyQuery.php',
    'PhabricatorPolicyTestCase' => 'applications/policy/__tests__/PhabricatorPolicyTestCase.php',
@ -3627,6 +3628,7 @@ phutil_register_library_map(array(
    'PhabricatorPolicyException' => 'Exception',
    'PhabricatorPolicyExplainController' => 'PhabricatorPolicyController',
    'PhabricatorPolicyManagementShowWorkflow' => 'PhabricatorPolicyManagementWorkflow',
+    'PhabricatorPolicyManagementUnlockWorkflow' => 'PhabricatorPolicyManagementWorkflow',
    'PhabricatorPolicyManagementWorkflow' => 'PhutilArgumentWorkflow',
    'PhabricatorPolicyQuery' => 'PhabricatorQuery',
    'PhabricatorPolicyTestCase' => 'PhabricatorTestCase',
--- a/src/applications/policy/management/PhabricatorPolicyManagementUnlockWorkflow.php
+++ b/src/applications/policy/management/PhabricatorPolicyManagementUnlockWorkflow.php
@ -0,0 +1,104 @@
+<?php
+
+final class PhabricatorPolicyManagementUnlockWorkflow
+  extends PhabricatorPolicyManagementWorkflow {
+
+  protected function didConstruct() {
+    $this
+      ->setName('unlock')
+      ->setSynopsis(
+        'Unlock an object by setting its policies to allow anyone to view '.
+        'and edit it.')
+      ->setExamples(
+        "**unlock** D123")
+      ->setArguments(
+        array(
+          array(
+            'name'      => 'objects',
+            'wildcard'  => true,
+          ),
+        ));
+  }
+
+  public function execute(PhutilArgumentParser $args) {
+    $console = PhutilConsole::getConsole();
+    $viewer = PhabricatorUser::getOmnipotentUser();
+
+    $obj_names = $args->getArg('objects');
+    if (!$obj_names) {
+      throw new PhutilArgumentUsageException(
+        pht(
+          "Specify the name of an object to unlock."));
+    } else if (count($obj_names) > 1) {
+      throw new PhutilArgumentUsageException(
+        pht(
+          "Specify the name of exactly one object to unlock."));
+    }
+
+    $object = id(new PhabricatorObjectQuery())
+      ->setViewer($viewer)
+      ->withNames($obj_names)
+      ->executeOne();
+
+    if (!$object) {
+      $name = head($obj_names);
+      throw new PhutilArgumentUsageException(
+        pht(
+          "No such object '%s'!",
+          $name));
+    }
+
+    $handle = id(new PhabricatorHandleQuery())
+      ->setViewer($viewer)
+      ->withPHIDs(array($object->getPHID()))
+      ->executeOne();
+
+    $console->writeOut("%s\n", pht('Unlocking: %s', $handle->getFullName()));
+
+    $updated = false;
+    foreach ($object->getCapabilities() as $capability) {
+      switch ($capability) {
+        case PhabricatorPolicyCapability::CAN_VIEW:
+          try {
+            $object->setViewPolicy(PhabricatorPolicies::POLICY_USER);
+            $console->writeOut("%s\n", pht('Unlocked view policy.'));
+            $updated = true;
+          } catch (Exception $ex) {
+            $console->writeOut("%s\n", pht('View policy is not mutable.'));
+          }
+          break;
+        case PhabricatorPolicyCapability::CAN_EDIT:
+          try {
+            $object->setEditPolicy(PhabricatorPolicies::POLICY_USER);
+            $console->writeOut("%s\n", pht('Unlocked edit policy.'));
+            $updated = true;
+          } catch (Exception $ex) {
+            $console->writeOut("%s\n", pht('Edit policy is not mutable.'));
+          }
+          break;
+        case PhabricatorPolicyCapability::CAN_JOIN:
+          try {
+            $object->setJoinPolicy(PhabricatorPolicies::POLICY_USER);
+            $console->writeOut("%s\n", pht('Unlocked join policy.'));
+            $updated = true;
+          } catch (Exception $ex) {
+            $console->writeOut("%s\n", pht('Join policy is not mutable.'));
+          }
+          break;
+      }
+    }
+
+    if ($updated) {
+      $object->save();
+      $console->writeOut("%s\n", pht('Saved object.'));
+    } else {
+      $console->writeOut(
+        "%s\n",
+        pht(
+          'Object has no mutable policies. Try unlocking parent/container '.
+          'object instead. For example, to gain access to a commit, unlock '.
+          'the repository it belongs to.'));
+    }
+  }
+
+}