When an Owners package accepts a revision, count that as an "involved owner" for the purposes of audit

Summary: Depends on D20129. Ref T13244. See PHI1058. When a revision has an "Accept" from a package, count the owners as "involved" in the change whether or not any actual human owners are actually accepting reviewers. If a user owns "/" and uses "force accept" to cause "/src/javascript" to accept, or a user who legitimately owns "/src/javascript" accepts on behalf of the package but not on behalf of themselves (for whatever reason), it generally makes practical sense that these changes have owners involved in them (i.e., that's what a normal user would expect in both cases) and don't need to trigger audits under "no involvement" rules. Test Plan: Used `bin/repository reparse --force --owners <commit>` to trigger audit logic. Saw a commit owned by `O1` with a revision counted as "involved" when `O1` had accepted the revision, even though no actual human owner had accepted it. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13244 Differential Revision: https://secure.phabricator.com/D20130
2024-09-20 01:08:50 +02:00 · 2019-02-07 13:41:34 -08:00 · 2019-02-07 13:41:34 -08:00 · ae54af32c1
commit ae54af32c1
parent 31a0ed92d0
2 changed files with 12 additions and 4 deletions
--- a/src/applications/repository/worker/PhabricatorRepositoryCommitOwnersWorker.php
+++ b/src/applications/repository/worker/PhabricatorRepositoryCommitOwnersWorker.php
@ -200,6 +200,12 @@ final class PhabricatorRepositoryCommitOwnersWorker
      ));
    $owner_phids = array_fuse($owner_phids);

+    // For the purposes of deciding whether the owners were involved in the
+    // revision or not, consider a review by the package itself to count as
+    // involvement. This can happen when human reviewers force-accept on
+    // behalf of packages they don't own but have authority over.
+    $owner_phids[$package->getPHID()] = $package->getPHID();
+
    // If the commit author is identifiable and a package owner, they're
    // involved.
    if ($author_phid) {
@ -225,13 +231,14 @@ final class PhabricatorRepositoryCommitOwnersWorker
    foreach ($revision->getReviewers() as $reviewer) {
      $reviewer_phid = $reviewer->getReviewerPHID();

-      // If this reviewer isn't a package owner, just ignore them.
+      // If this reviewer isn't a package owner or the package itself,
+      // just ignore them.
      if (empty($owner_phids[$reviewer_phid])) {
        continue;
      }

-      // If this reviewer accepted the revision and owns the package, we've
-      // found an involved owner.
+      // If this reviewer accepted the revision and owns the package (or is
+      // the package), we've found an involved owner.
      if (isset($accepted_statuses[$reviewer->getReviewerStatus()])) {
        $found_accept = true;
        break;
--- a/src/docs/user/userguide/owners.diviner
+++ b/src/docs/user/userguide/owners.diviner
@ -129,7 +129,8 @@ audits for commits which:

  - affect code owned by the package;
  - were not authored by a package owner; and
-  - were not accepted (in Differential) by a package owner.
+  - were not accepted (in Differential) by a package owner or the package
+    itself.

 Audits do not trigger if the package has been archived.