1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2025-01-20 11:41:08 +01:00

Make most repository reads policy-aware

Summary: Ref T603. This swaps almost all queries against the repository table over to be policy aware.

Test Plan:
  - Made an audit comment on a commit.
  - Ran `save_lint.php`.
  - Looked up a commit with `diffusion.getcommits`.
  - Looked up lint messages with `diffusion.getlintmessages`.
  - Clicked an external/submodule in Diffusion.
  - Viewed main lint and repository lint in Diffusion.
  - Completed and validated Owners paths in Owners.
  - Executed dry runs via Herald.
  - Queried for package owners with `owners.query`.
  - Viewed Owners package.
  - Edited Owners package.
  - Viewed Owners package list.
  - Executed `repository.query`.
  - Viewed "Repository" tool repository list.
  - Edited Arcanist project.
  - Hit "Delete" on repository (this just tells you to use the CLI).
  - Created a repository.
  - Edited a repository.
  - Ran `bin/repository list`.
  - Ran `bin/search index rGTESTff45d13dffcfb3ea85b03aac8cc36251cacdf01c`
  - Pushed and parsed a commit.
  - Skipped all the Drydock stuff, as it it's hard to test and isn't normally reachable.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D7132
This commit is contained in:
epriestley 2013-09-25 16:54:48 -07:00
parent b8154cb5e9
commit c467cc464f
31 changed files with 123 additions and 87 deletions

View file

@ -403,8 +403,10 @@ final class PhabricatorAuditCommentEditor extends PhabricatorEditor {
$prefix = PhabricatorEnv::getEnvConfig('metamta.diffusion.subject-prefix'); $prefix = PhabricatorEnv::getEnvConfig('metamta.diffusion.subject-prefix');
$repository = id(new PhabricatorRepository()) $repository = id(new PhabricatorRepositoryQuery())
->load($commit->getRepositoryID()); ->setViewer($this->getActor())
->withIDs(array($commit->getRepositoryID()))
->executeOne();
$threading = self::getMailThreading($repository, $commit); $threading = self::getMailThreading($repository, $commit);
list($thread_id, $thread_topic) = $threading; list($thread_id, $thread_topic) = $threading;

View file

@ -112,9 +112,10 @@ final class ConduitAPI_differential_query_Method
foreach ($path_pairs as $pair) { foreach ($path_pairs as $pair) {
list($callsign, $path) = $pair; list($callsign, $path) = $pair;
if (!idx($repos, $callsign)) { if (!idx($repos, $callsign)) {
$repos[$callsign] = id(new PhabricatorRepository())->loadOneWhere( $repos[$callsign] = id(new PhabricatorRepositoryQuery())
'callsign = %s', ->setViewer($request->getUser())
$callsign); ->withCallsigns(array($callsign))
->executeOne();
if (!$repos[$callsign]) { if (!$repos[$callsign]) {
throw id(new ConduitException('ERR-INVALID-PARAMETER')) throw id(new ConduitException('ERR-INVALID-PARAMETER'))

View file

@ -228,8 +228,10 @@ final class DiffusionLintSaveRunner {
private function blameAuthors() { private function blameAuthors() {
$repository = id(new PhabricatorRepository())->load( $repository = id(new PhabricatorRepositoryQuery())
$this->branch->getRepositoryID()); ->setViewer(PhabricatorUser::getOmnipotentUser())
->withIDs(array($this->branch->getRepositoryID()))
->executeOne();
$queries = array(); $queries = array();
$futures = array(); $futures = array();

View file

@ -52,9 +52,10 @@ final class ConduitAPI_diffusion_getcommits_Method
$callsigns = ipull($commits, 'callsign'); $callsigns = ipull($commits, 'callsign');
$callsigns = array_unique($callsigns); $callsigns = array_unique($callsigns);
$repos = id(new PhabricatorRepository())->loadAllWhere( $repos = id(new PhabricatorRepositoryQuery())
'callsign IN (%Ls)', ->setViewer($request->getUser())
$callsigns); ->withCallsigns($callsigns)
->execute();
$repos = mpull($repos, null, 'getCallsign'); $repos = mpull($repos, null, 'getCallsign');
foreach ($commits as $name => $info) { foreach ($commits as $name => $info) {

View file

@ -42,8 +42,10 @@ final class ConduitAPI_diffusion_getlintmessages_Method
$branch_name = $request->getValue('branch'); $branch_name = $request->getValue('branch');
if ($branch_name == '') { if ($branch_name == '') {
$repository = id(new PhabricatorRepository()) $repository = id(new PhabricatorRepositoryQuery())
->load($project->getRepositoryID()); ->setViewer($request->getUser())
->withIDs(array($project->getRepositoryID()))
->executeOne();
$branch_name = $repository->getDefaultArcanistBranch(); $branch_name = $repository->getDefaultArcanistBranch();
} }

View file

@ -12,7 +12,9 @@ final class DiffusionExternalController extends DiffusionController {
$uri = $request->getStr('uri'); $uri = $request->getStr('uri');
$id = $request->getStr('id'); $id = $request->getStr('id');
$repositories = id(new PhabricatorRepository())->loadAll(); $repositories = id(new PhabricatorRepositoryQuery())
->setViewer($request->getUser())
->execute();
if ($uri) { if ($uri) {
$uri_path = id(new PhutilURI($uri))->getPath(); $uri_path = id(new PhutilURI($uri))->getPath();

View file

@ -221,9 +221,10 @@ final class DiffusionLintController extends DiffusionController {
} }
if ($paths) { if ($paths) {
$repositories = id(new PhabricatorRepository())->loadAllWhere( $repositories = id(new PhabricatorRepositoryQuery())
'phid IN (%Ls)', ->setViewer($this->getRequest()->getUser())
array_unique(mpull($paths, 'getRepositoryPHID'))); ->withPHIDs(mpull($paths, 'getRepositoryPHID'))
->execute();
$repositories = mpull($repositories, 'getID', 'getPHID'); $repositories = mpull($repositories, 'getID', 'getPHID');
$branches = id(new PhabricatorRepositoryBranch())->loadAllWhere( $branches = id(new PhabricatorRepositoryBranch())->loadAllWhere(
@ -233,7 +234,11 @@ final class DiffusionLintController extends DiffusionController {
} }
foreach ($paths as $path) { foreach ($paths as $path) {
$branch = idx($branches, $repositories[$path->getRepositoryPHID()]); $branch = idx(
$branches,
idx(
$repositories,
$path->getRepositoryPHID()));
if ($branch) { if ($branch) {
$condition = qsprintf( $condition = qsprintf(
$conn, $conn,

View file

@ -10,9 +10,10 @@ final class DiffusionPathCompleteController extends DiffusionController {
$request = $this->getRequest(); $request = $this->getRequest();
$repository_phid = $request->getStr('repositoryPHID'); $repository_phid = $request->getStr('repositoryPHID');
$repository = id(new PhabricatorRepository())->loadOneWhere( $repository = id(new PhabricatorRepositoryQuery())
'phid = %s', ->setViewer($request->getUser())
$repository_phid); ->withPHIDs(array($repository_phid))
->executeOne();
if (!$repository) { if (!$repository) {
return new Aphront400Response(); return new Aphront400Response();
} }

View file

@ -10,9 +10,10 @@ final class DiffusionPathValidateController extends DiffusionController {
$request = $this->getRequest(); $request = $this->getRequest();
$repository_phid = $request->getStr('repositoryPHID'); $repository_phid = $request->getStr('repositoryPHID');
$repository = id(new PhabricatorRepository())->loadOneWhere( $repository = id(new PhabricatorRepositoryQuery())
'phid = %s', ->setViewer($request->getUser())
$repository_phid); ->withPHIDs(array($repository_phid))
->executeOne();
if (!$repository) { if (!$repository) {
return new Aphront400Response(); return new Aphront400Response();
} }

View file

@ -265,6 +265,7 @@ final class DiffusionSymbolQuery extends PhabricatorOffsetPagedQuery {
$repo_ids = array_filter($repo_ids); $repo_ids = array_filter($repo_ids);
if ($repo_ids) { if ($repo_ids) {
// TODO: (T603) Provide a viewer here.
$repos = id(new PhabricatorRepository())->loadAllWhere( $repos = id(new PhabricatorRepository())->loadAllWhere(
'id IN (%Ld)', 'id IN (%Ld)',
$repo_ids); $repo_ids);

View file

@ -31,6 +31,8 @@ final class DrydockWorkingCopyBlueprint extends DrydockBlueprint {
"Lease is missing required 'repositoryID' attribute."); "Lease is missing required 'repositoryID' attribute.");
} }
// TODO: (T603) Figure out the interaction between policies and
// Drydock.
$repository = id(new PhabricatorRepository())->load($repository_id); $repository = id(new PhabricatorRepository())->load($repository_id);
if (!$repository) { if (!$repository) {

View file

@ -19,6 +19,7 @@ final class HarbormasterRunnerWorker extends PhabricatorWorker {
"Commit '{$id}' does not exist!"); "Commit '{$id}' does not exist!");
} }
// TODO: (T603) Policy interaction?
$repository = id(new PhabricatorRepository())->loadOneWhere( $repository = id(new PhabricatorRepository())->loadOneWhere(
'id = %d', 'id = %d',
$commit->getRepositoryID()); $commit->getRepositoryID());

View file

@ -110,6 +110,8 @@ final class HeraldDifferentialRevisionAdapter extends HeraldAdapter {
$repository = false; $repository = false;
// TODO: (T603) Implement policy stuff in Herald.
if ($diff->getRepositoryUUID()) { if ($diff->getRepositoryUUID()) {
$repository = id(new PhabricatorRepository())->loadOneWhere( $repository = id(new PhabricatorRepository())->loadOneWhere(
'uuid = %s', 'uuid = %s',

View file

@ -20,35 +20,14 @@ final class HeraldTestConsoleController extends HeraldController {
} }
if (!$errors) { if (!$errors) {
$matches = null; $object = id(new PhabricatorObjectQuery())
$object = null; ->setViewer($user)
if (preg_match('/^D(\d+)$/', $object_name, $matches)) { ->withNames(array($object_name))
$object = id(new DifferentialRevision())->load($matches[1]); ->executeOne();
if (!$object) {
$e_name = pht('Invalid'); if (!$object) {
$errors[] = pht('No Differential Revision with that ID exists.');
}
} else if (preg_match('/^r([A-Z]+)(\w+)$/', $object_name, $matches)) {
$repo = id(new PhabricatorRepository())->loadOneWhere(
'callsign = %s',
$matches[1]);
if (!$repo) {
$e_name = pht('Invalid');
$errors[] = pht('There is no repository with the callsign: %s.',
$matches[1]);
}
$commit = id(new PhabricatorRepositoryCommit())->loadOneWhere(
'repositoryID = %d AND commitIdentifier = %s',
$repo->getID(),
$matches[2]);
if (!$commit) {
$e_name = pht('Invalid');
$errors[] = pht('There is no commit with that identifier.');
}
$object = $commit;
} else {
$e_name = pht('Invalid'); $e_name = pht('Invalid');
$errors[] = pht('This object name is not recognized.'); $errors[] = pht('No object exists with that name.');
} }
if (!$errors) { if (!$errors) {
@ -61,7 +40,7 @@ final class HeraldTestConsoleController extends HeraldController {
'commitID = %d', 'commitID = %d',
$object->getID()); $object->getID());
$adapter = HeraldCommitAdapter::newLegacyAdapter( $adapter = HeraldCommitAdapter::newLegacyAdapter(
$repo, $object->getRepository(),
$object, $object,
$data); $data);
} else { } else {

View file

@ -65,11 +65,17 @@ final class ConduitAPI_owners_query_Method
return $packages; return $packages;
} }
private static function queryByPath($repo_callsign, $path) { private static function queryByPath(
$repository = id(new PhabricatorRepository())->loadOneWhere('callsign = %s', PhabricatorUser $viewer,
$repo_callsign); $repo_callsign,
$path) {
if (empty($repository)) { $repository = id(new PhabricatorRepositoryQuery())
->setViewer($viewer)
->withCallsigns(array($repo_callsign))
->executeOne();
if (!$repository) {
throw id(new ConduitException('ERR_REP_NOT_FOUND')) throw id(new ConduitException('ERR_REP_NOT_FOUND'))
->setErrorDescription( ->setErrorDescription(
'Repository callsign '.$repo_callsign.' not recognized'); 'Repository callsign '.$repo_callsign.' not recognized');
@ -144,7 +150,7 @@ final class ConduitAPI_owners_query_Method
$packages = self::queryByOwner($owner); $packages = self::queryByOwner($owner);
} else if ($is_path_query) { } else if ($is_path_query) {
$packages = self::queryByPath($repo, $path); $packages = self::queryByPath($request->getUser(), $repo, $path);
} }
return self::buildPackageInformationDictionaries($packages); return self::buildPackageInformationDictionaries($packages);

View file

@ -29,9 +29,10 @@ final class PhabricatorOwnersDetailController
} }
if ($repository_phids) { if ($repository_phids) {
$repositories = id(new PhabricatorRepository())->loadAllWhere( $repositories = id(new PhabricatorRepositoryQuery())
'phid in (%Ls)', ->setViewer($user)
array_keys($repository_phids)); ->withPHIDs(array_keys($repository_phids))
->execute();
$repositories = mpull($repositories, null, 'getPHID'); $repositories = mpull($repositories, null, 'getPHID');
} else { } else {
$repositories = array(); $repositories = array();

View file

@ -142,7 +142,9 @@ final class PhabricatorOwnersEditController
} }
$this->setSideNavFilter($side_nav_filter); $this->setSideNavFilter($side_nav_filter);
$repos = id(new PhabricatorRepository())->loadAll(); $repos = id(new PhabricatorRepositoryQuery())
->setViewer($user)
->execute();
$default_paths = array(); $default_paths = array();
foreach ($repos as $repo) { foreach ($repos as $repo) {

View file

@ -21,8 +21,10 @@ final class PhabricatorOwnersListController
$repository_phid = ''; $repository_phid = '';
if ($request->getStr('repository') != '') { if ($request->getStr('repository') != '') {
$repository_phid = id(new PhabricatorRepository()) $repository_phid = id(new PhabricatorRepositoryQuery())
->loadOneWhere('callsign = %s', $request->getStr('repository')) ->setViewer($user)
->withCallsigns(array($request->getStr('repository')))
->executeOne()
->getPHID(); ->getPHID();
} }
@ -157,8 +159,10 @@ final class PhabricatorOwnersListController
} }
$callsigns = array('' => pht('(Any Repository)')); $callsigns = array('' => pht('(Any Repository)'));
$repositories = id(new PhabricatorRepository()) $repositories = id(new PhabricatorRepositoryQuery())
->loadAllWhere('1 = 1 ORDER BY callsign'); ->setViewer($user)
->setOrder(PhabricatorRepositoryQuery::ORDER_CALLSIGN)
->execute();
foreach ($repositories as $repository) { foreach ($repositories as $repository) {
$callsigns[$repository->getCallsign()] = $callsigns[$repository->getCallsign()] =
$repository->getCallsign().': '.$repository->getName(); $repository->getCallsign().': '.$repository->getName();
@ -238,9 +242,10 @@ final class PhabricatorOwnersListController
} }
if ($repository_phids) { if ($repository_phids) {
$repositories = id(new PhabricatorRepository())->loadAllWhere( $repositories = id(new PhabricatorRepositoryQuery())
'phid in (%Ls)', ->setViewer($this->getRequest()->getUser())
array_keys($repository_phids)); ->withPHIDs(array_keys($repository_phids))
->execute();
} else { } else {
$repositories = array(); $repositories = array();
} }

View file

@ -297,6 +297,8 @@ final class PhabricatorOwnersPackage extends PhabricatorOwnersDAO
$cur_paths = mgroup($cur_paths, 'getRepositoryPHID', 'getPath'); $cur_paths = mgroup($cur_paths, 'getRepositoryPHID', 'getPath');
foreach ($new_paths as $repository_phid => $paths) { foreach ($new_paths as $repository_phid => $paths) {
// TODO: (T603) Thread policy stuff in here.
// get repository object for path validation // get repository object for path validation
$repository = id(new PhabricatorRepository())->loadOneWhere( $repository = id(new PhabricatorRepository())->loadOneWhere(
'phid = %s', 'phid = %s',

View file

@ -113,7 +113,7 @@ final class ReleephProject extends ReleephDAO
return $this->assertAttached($this->repository); return $this->assertAttached($this->repository);
} }
// TODO: Remove once everything uses ProjectQuery. // TODO: Remove once everything uses ProjectQuery. Also, T603.
public function loadPhabricatorRepository() { public function loadPhabricatorRepository() {
return $this->loadOneRelative( return $this->loadOneRelative(
new PhabricatorRepository(), new PhabricatorRepository(),

View file

@ -33,7 +33,9 @@ final class ConduitAPI_repository_query_Method
} }
protected function execute(ConduitAPIRequest $request) { protected function execute(ConduitAPIRequest $request) {
$repositories = id(new PhabricatorRepository())->loadAll(); $repositories = id(new PhabricatorRepositoryQuery())
->setViewer($request->getUser())
->execute();
$results = array(); $results = array();
foreach ($repositories as $repository) { foreach ($repositories as $repository) {

View file

@ -19,7 +19,9 @@ final class PhabricatorRepositoryArcanistProjectEditController
return new Aphront404Response(); return new Aphront404Response();
} }
$repositories = id(new PhabricatorRepository())->loadAll(); $repositories = id(new PhabricatorRepositoryQuery())
->setViewer($user)
->execute();
$repos = array( $repos = array(
0 => 'None', 0 => 'None',
); );

View file

@ -10,8 +10,12 @@ final class PhabricatorRepositoryDeleteController
} }
public function processRequest() { public function processRequest() {
$viewer = $this->getRequest()->getUser();
$repository = id(new PhabricatorRepository())->load($this->id); $repository = id(new PhabricatorRepositoryQuery())
->setViewer($viewer)
->withIDs(array($this->id))
->executeOne();
if (!$repository) { if (!$repository) {
return new Aphront404Response(); return new Aphront404Response();
} }

View file

@ -16,8 +16,12 @@ final class PhabricatorRepositoryEditController
public function processRequest() { public function processRequest() {
$request = $this->getRequest(); $request = $this->getRequest();
$viewer = $request->getUser();
$repository = id(new PhabricatorRepository())->load($this->id); $repository = id(new PhabricatorRepositoryQuery())
->setViewer($viewer)
->withIDs(array($this->id))
->executeOne();
if (!$repository) { if (!$repository) {
return new Aphront404Response(); return new Aphront404Response();
} }

View file

@ -3,17 +3,15 @@
final class PhabricatorRepositoryListController final class PhabricatorRepositoryListController
extends PhabricatorRepositoryController { extends PhabricatorRepositoryController {
public function shouldRequireAdmin() {
return false;
}
public function processRequest() { public function processRequest() {
$request = $this->getRequest(); $request = $this->getRequest();
$user = $request->getUser(); $user = $request->getUser();
$is_admin = $user->getIsAdmin(); $is_admin = $user->getIsAdmin();
$repos = id(new PhabricatorRepository())->loadAll(); $repos = id(new PhabricatorRepositoryQuery())
->setViewer($user)
->execute();
$repos = msort($repos, 'getName'); $repos = msort($repos, 'getName');
$rows = array(); $rows = array();

View file

@ -13,7 +13,9 @@ final class PhabricatorRepositoryManagementListWorkflow
public function execute(PhutilArgumentParser $args) { public function execute(PhutilArgumentParser $args) {
$console = PhutilConsole::getConsole(); $console = PhutilConsole::getConsole();
$repos = id(new PhabricatorRepository())->loadAll(); $repos = id(new PhabricatorRepositoryQuery())
->setViewer(PhabricatorUser::getOmnipotentUser())
->execute();
if ($repos) { if ($repos) {
foreach ($repos as $repo) { foreach ($repos as $repo) {
$console->writeOut("%s\n", $repo->getCallsign()); $console->writeOut("%s\n", $repo->getCallsign());

View file

@ -17,10 +17,10 @@ final class PhabricatorRepositoryCommitSearchIndexer
$commit_message = $commit_data->getCommitMessage(); $commit_message = $commit_data->getCommitMessage();
$author_phid = $commit_data->getCommitDetail('authorPHID'); $author_phid = $commit_data->getCommitDetail('authorPHID');
$repository = id(new PhabricatorRepository())->loadOneWhere( $repository = id(new PhabricatorRepositoryQuery())
'id = %d', ->setViewer($this->getViewer())
$commit->getRepositoryID()); ->withIDs(array($commit->getRepositoryID()))
->executeOne();
if (!$repository) { if (!$repository) {
throw new Exception("No such repository!"); throw new Exception("No such repository!");
} }

View file

@ -452,6 +452,8 @@ final class PhabricatorRepository extends PhabricatorRepositoryDAO
} }
public static function loadAllByPHIDOrCallsign(array $names) { public static function loadAllByPHIDOrCallsign(array $names) {
// TODO: (T603) Get rid of this.
$repositories = array(); $repositories = array();
foreach ($names as $name) { foreach ($names as $name) {
$repo = id(new PhabricatorRepository())->loadOneWhere( $repo = id(new PhabricatorRepository())->loadOneWhere(

View file

@ -32,7 +32,7 @@ final class PhabricatorRepositoryArcanistProject
PhabricatorRepositoryPHIDTypeArcanistProject::TYPECONST); PhabricatorRepositoryPHIDTypeArcanistProject::TYPECONST);
} }
// TODO: Remove. // TODO: Remove. Also, T603.
public function loadRepository() { public function loadRepository() {
if (!$this->getRepositoryID()) { if (!$this->getRepositoryID()) {
return null; return null;

View file

@ -31,9 +31,10 @@ abstract class PhabricatorRepositoryCommitParserWorker
return; return;
} }
$repository = id(new PhabricatorRepository())->load( $repository = id(new PhabricatorRepositoryQuery())
$this->commit->getRepositoryID()); ->setViewer(PhabricatorUser::getOmnipotentUser())
->withIDs(array($this->commit->getRepositoryID()))
->executeOne();
if (!$repository) { if (!$repository) {
return; return;
} }
@ -92,6 +93,8 @@ abstract class PhabricatorRepositoryCommitParserWorker
return $suffix; return $suffix;
} }
// TODO: (T603) This method should probably take a viewer.
$repository = id(new PhabricatorRepository()) $repository = id(new PhabricatorRepository())
->load($commit->getRepositoryID()); ->load($commit->getRepositoryID());
$link = DiffusionView::linkCommit($repository, $link = DiffusionView::linkCommit($repository,

View file

@ -15,6 +15,7 @@ final class PhabricatorOwnersPackagePathValidator {
return; return;
} }
// TODO: (T603) This should be policy-aware.
$repository = $repository =
id(new PhabricatorRepository())->load($commit->getRepositoryID()); id(new PhabricatorRepository())->load($commit->getRepositoryID());
$move_map = array(); $move_map = array();