Consolidate readers of "differential.revisionID" property

Summary: Depends on D20467. Ref T13277. Currently, the "MessageParserWorker" writes this property on commits, then Herald and Audit both read it. Make them share code so this property has one writer and one reader. This property isn't great, but at least now the badness is hidden. Currently, we can't just use edges because they may not have been written yet. I am likely to just do this, soon: - Just write the edges (in "MessageParserWorker"). - Hide the edges from mail. However, we'll sort-of lose the "revisionMatchData" explanation thing if I do that. Maybe this is fine? But when commits match because hashes match, it legitimately isn't obvious. For now, just reduce the amount of harm/badness here. Test Plan: - Ran `bin/repository reparse --publish ...`. - Ran a Herald "Audit" rule using the "Accepted Differential revision" field. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13277 Differential Revision: https://secure.phabricator.com/D20468
2024-11-10 08:52:39 +01:00 · 2019-04-23 10:15:34 -07:00 · 2019-04-23 10:15:34 -07:00 · 56f5c2443b
commit 56f5c2443b
parent 45f01dc716
3 changed files with 47 additions and 31 deletions
--- a/src/applications/diffusion/herald/HeraldCommitAdapter.php
+++ b/src/applications/diffusion/herald/HeraldCommitAdapter.php
@ -175,31 +175,34 @@ final class HeraldCommitAdapter
  }

  public function loadDifferentialRevision() {
-    $viewer = $this->getViewer();
-
    if ($this->affectedRevision === null) {
-      $this->affectedRevision = false;
+      $viewer = $this->getViewer();

-      $commit = $this->getObject();
-      $data = $commit->getCommitData();
+      // NOTE: The viewer here is omnipotent, which means that Herald discloses
+      // some information users do not normally have access to when rules load
+      // the revision related to a commit. See D20468.

-      $revision_id = $data->getCommitDetail('differential.revisionID');
-      if ($revision_id) {
-        // NOTE: The Herald rule owner might not actually have access to
-        // the revision, and can control which revision a commit is
-        // associated with by putting text in the commit message. However,
-        // the rules they can write against revisions don't actually expose
-        // anything interesting, so it seems reasonable to load unconditionally
-        // here.
+      // A user who wants to learn about "Dxyz" can write a Herald rule which
+      // uses all the "Related revision..." fields, then push a commit which
+      // contains "Differential Revision: Dxyz" in the message to make Herald
+      // evaluate the commit with "Dxyz" as the related revision.

-        $revision = id(new DifferentialRevisionQuery())
-          ->withIDs(array($revision_id))
-          ->setViewer($viewer)
-          ->needReviewers(true)
-          ->executeOne();
-        if ($revision) {
-          $this->affectedRevision = $revision;
-        }
+      // At time of writing, this commit will link to the revision and the
+      // transcript for the commit will disclose some information about the
+      // revision (like reviewers, subscribers, and build status) which the
+      // commit author could not otherwise see.
+
+      // For now, we just accept this. The disclosures are relatively
+      // uninteresting and you have to jump through a lot of hoops (and leave
+      // a lot of evidence) to get this information.
+
+      $revision = DiffusionCommitRevisionQuery::loadRevisionForCommit(
+        $viewer,
+        $this->getObject());
+      if ($revision) {
+        $this->affectedRevision = $revision;
+      } else {
+        $this->affectedRevision = false;
      }
    }

--- a/src/applications/diffusion/query/DiffusionCommitRevisionQuery.php
+++ b/src/applications/diffusion/query/DiffusionCommitRevisionQuery.php
@ -46,4 +46,23 @@ final class DiffusionCommitRevisionQuery
    return $map;
  }

+  public static function loadRevisionForCommit(
+    PhabricatorUser $viewer,
+    PhabricatorRepositoryCommit $commit) {
+
+    $data = $commit->getCommitData();
+
+    $revision_id = $data->getCommitDetail('differential.revisionID');
+    if (!$revision_id) {
+      return null;
+    }
+
+    return id(new DifferentialRevisionQuery())
+      ->setViewer($viewer)
+      ->withIDs(array($revision_id))
+      ->needReviewers(true)
+      ->executeOne();
+  }
+
+
 }
--- a/src/applications/repository/worker/PhabricatorRepositoryCommitPublishWorker.php
+++ b/src/applications/repository/worker/PhabricatorRepositoryCommitPublishWorker.php
@ -135,16 +135,10 @@ final class PhabricatorRepositoryCommitPublishWorker
    $data = $commit->getCommitData();

    $author_phid = $data->getCommitDetail('authorPHID');
-    $revision_id = $data->getCommitDetail('differential.revisionID');
-    if ($revision_id) {
-      $revision = id(new DifferentialRevisionQuery())
-        ->setViewer($viewer)
-        ->withIDs(array($revision_id))
-        ->needReviewers(true)
-        ->executeOne();
-    } else {
-      $revision = null;
-    }
+
+    $revision = DiffusionCommitRevisionQuery::loadRevisionForCommit(
+      $viewer,
+      $commit);

    $requests = $commit->getAudits();
    $requests = mpull($requests, null, 'getAuditorPHID');