Require "Can Edit" on a build plan to abort or pause associated builds

Summary: Fixes T9614. This is kind of silly, but stop users from fighting turf wars over build resources or showing up on an install and just aborting a bunch of builds for the heck of it.

Test Plan:
  - Restarted / paused / aborted / etc builds.
  - Tried to do the same for builds I didn't have edit permission on the build plan for, got errors.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9614

Differential Revision: https://secure.phabricator.com/D15353

src/applications/harbormaster/controller/HarbormasterBuildActionController.php

@@ -39,6 +39,8 @@ final class HarbormasterBuildActionController
         return new Aphront400Response();
     }
 
+    $build->assertCanIssueCommand($viewer, $action);
+
     switch ($via) {
       case 'buildable':
         $return_uri = '/'.$build->getBuildable()->getMonogram();

src/applications/harbormaster/controller/HarbormasterBuildViewController.php

@@ -441,10 +441,29 @@ final class HarbormasterBuildViewController
       ->setUser($viewer)
       ->setObject($build);
 
-    $can_restart = $build->canRestartBuild();
+    $can_restart =
-    $can_pause = $build->canPauseBuild();
+      $build->canRestartBuild() &&
-    $can_resume = $build->canResumeBuild();
+      $build->canIssueCommand(
-    $can_abort = $build->canAbortBuild();
+        $viewer,
+        HarbormasterBuildCommand::COMMAND_RESTART);
+
+    $can_pause =
+      $build->canPauseBuild() &&
+      $build->canIssueCommand(
+        $viewer,
+        HarbormasterBuildCommand::COMMAND_PAUSE);
+
+    $can_resume =
+      $build->canResumeBuild() &&
+      $build->canIssueCommand(
+        $viewer,
+        HarbormasterBuildCommand::COMMAND_RESUME);
+
+    $can_abort =
+      $build->canAbortBuild() &&
+      $build->canIssueCommand(
+        $viewer,
+        HarbormasterBuildCommand::COMMAND_ABORT);
 
     $list->addAction(
       id(new PhabricatorActionView())

src/applications/harbormaster/controller/HarbormasterBuildableActionController.php

@@ -51,6 +51,14 @@ final class HarbormasterBuildableActionController
       }
     }
 
+    $restricted = false;
+    foreach ($issuable as $key => $build) {
+      if (!$build->canIssueCommand($viewer, $action)) {
+        $restricted = true;
+        unset($issuable[$key]);
+      }
+    }
+
     $return_uri = '/'.$buildable->getMonogram();
     if ($request->isDialogFormPost() && $issuable) {
       $editor = id(new HarbormasterBuildableTransactionEditor())
@@ -84,50 +92,102 @@ final class HarbormasterBuildableActionController
     switch ($action) {
       case HarbormasterBuildCommand::COMMAND_RESTART:
         if ($issuable) {
-          $title = pht('Really restart all builds?');
+          $title = pht('Really restart builds?');
+
+          if ($restricted) {
+            $body = pht(
+              'You only have permission to restart some builds. Progress '.
+              'on builds you have permission to restart will be discarded '.
+              'and they will restart. Side effects of these builds will '.
+              'occur again. Really restart all builds?');
+          } else {
             $body = pht(
               'Progress on all builds will be discarded, and all builds will '.
               'restart. Side effects of the builds will occur again. Really '.
               'restart all builds?');
-          $submit = pht('Restart All Builds');
+          }
+
+          $submit = pht('Restart Builds');
         } else {
           $title = pht('Unable to Restart Builds');
+
+          if ($restricted) {
+            $body = pht('You do not have permission to restart any builds.');
+          } else {
             $body = pht('No builds can be restarted.');
           }
+        }
         break;
       case HarbormasterBuildCommand::COMMAND_PAUSE:
         if ($issuable) {
-          $title = pht('Really pause all builds?');
+          $title = pht('Really pause builds?');
+
+          if ($restricted) {
+            $body = pht(
+              'You only have permission to pause some builds. Once the '.
+              'current steps complete, work will halt on builds you have '.
+              'permission to pause. You can resume the builds later.');
+          } else {
             $body = pht(
               'If you pause all builds, work will halt once the current steps '.
               'complete. You can resume the builds later.');
-          $submit = pht('Pause All Builds');
+          }
+          $submit = pht('Pause Builds');
         } else {
           $title = pht('Unable to Pause Builds');
+
+          if ($restricted) {
+            $body = pht('You do not have permission to pause any builds.');
+          } else {
             $body = pht('No builds can be paused.');
           }
+        }
         break;
       case HarbormasterBuildCommand::COMMAND_ABORT:
         if ($issuable) {
-          $title = pht('Really abort all builds?');
+          $title = pht('Really abort builds?');
+          if ($restricted) {
+            $body = pht(
+              'You only have permission to abort some builds. Work will '.
+              'halt immediately on builds you have permission to abort. '.
+              'Progress will be discarded, and builds must be completely '.
+              'restarted if you want them to complete.');
+          } else {
             $body = pht(
               'If you abort all builds, work will halt immediately. Work '.
               'will be discarded, and builds must be completely restarted.');
-          $submit = pht('Abort All Builds');
+          }
+          $submit = pht('Abort Builds');
         } else {
           $title = pht('Unable to Abort Builds');
+
+          if ($restricted) {
+            $body = pht('You do not have permission to abort any builds.');
+          } else {
             $body = pht('No builds can be aborted.');
           }
+        }
         break;
       case HarbormasterBuildCommand::COMMAND_RESUME:
         if ($issuable) {
-          $title = pht('Really resume all builds?');
+          $title = pht('Really resume builds?');
+          if ($restricted) {
+            $body = pht(
+              'You only have permission to resume some builds. Work will '.
+              'continue on builds you have permission to resume.');
+          } else {
             $body = pht('Work will continue on all builds. Really resume?');
-          $submit = pht('Resume All Builds');
+          }
+
+          $submit = pht('Resume Builds');
         } else {
           $title = pht('Unable to Resume Builds');
+          if ($restricted) {
+            $body = pht('You do not have permission to resume any builds.');
+          } else {
             $body = pht('No builds can be resumed.');
           }
+        }
         break;
     }
 

src/applications/harbormaster/controller/HarbormasterBuildableViewController.php

@@ -86,20 +86,33 @@ final class HarbormasterBuildableViewController
     $can_pause = false;
     $can_abort = false;
 
+    $command_restart = HarbormasterBuildCommand::COMMAND_RESTART;
+    $command_resume = HarbormasterBuildCommand::COMMAND_RESUME;
+    $command_pause = HarbormasterBuildCommand::COMMAND_PAUSE;
+    $command_abort = HarbormasterBuildCommand::COMMAND_ABORT;
+
     foreach ($buildable->getBuilds() as $build) {
       if ($build->canRestartBuild()) {
+        if ($build->canIssueCommand($viewer, $command_restart)) {
           $can_restart = true;
         }
+      }
       if ($build->canResumeBuild()) {
+        if ($build->canIssueCommand($viewer, $command_resume)) {
           $can_resume = true;
         }
+      }
       if ($build->canPauseBuild()) {
+        if ($build->canIssueCommand($viewer, $command_pause)) {
           $can_pause = true;
         }
+      }
       if ($build->canAbortBuild()) {
+        if ($build->canIssueCommand($viewer, $command_abort)) {
           $can_abort = true;
         }
       }
+    }
 
     $restart_uri = "buildable/{$id}/restart/";
     $pause_uri = "buildable/{$id}/pause/";

src/applications/harbormaster/editor/HarbormasterBuildTransactionEditor.php

@@ -88,6 +88,11 @@ final class HarbormasterBuildTransactionEditor
       return;
     }
 
+    $actor = $this->getActor();
+    if (!$build->canIssueCommand($actor, $command)) {
+      return;
+    }
+
     id(new HarbormasterBuildCommand())
       ->setAuthorPHID($xaction->getAuthorPHID())
       ->setTargetPHID($build->getPHID())

src/applications/harbormaster/storage/build/HarbormasterBuild.php

@@ -450,6 +450,42 @@ final class HarbormasterBuild extends HarbormasterDAO
     return $this;
   }
 
+  public function canIssueCommand(PhabricatorUser $viewer, $command) {
+    try {
+      $this->assertCanIssueCommand($viewer, $command);
+      return true;
+    } catch (Exception $ex) {
+      return false;
+    }
+  }
+
+  public function assertCanIssueCommand(PhabricatorUser $viewer, $command) {
+    $need_edit = false;
+    switch ($command) {
+      case HarbormasterBuildCommand::COMMAND_RESTART:
+        break;
+      case HarbormasterBuildCommand::COMMAND_PAUSE:
+      case HarbormasterBuildCommand::COMMAND_RESUME:
+      case HarbormasterBuildCommand::COMMAND_ABORT:
+        $need_edit = true;
+        break;
+      default:
+        throw new Exception(
+          pht(
+            'Invalid Harbormaster build command "%s".',
+            $command));
+    }
+
+    // Issuing these commands requires that you be able to edit the build, to
+    // prevent enemy engineers from sabotaging your builds. See T9614.
+    if ($need_edit) {
+      PhabricatorPolicyFilter::requireCapability(
+        $viewer,
+        $this->getBuildPlan(),
+        PhabricatorPolicyCapability::CAN_EDIT);
+    }
+  }
+
 
 /* -(  PhabricatorApplicationTransactionInterface  )------------------------- */