1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-27 17:22:42 +01:00
Commit graph

1476 commits

Author SHA1 Message Date
epriestley
28f5d9f227 Remove old audit edit form in favor of Diffusion form
Summary: Since we embed comments/audits into Diffusion now, we don't need the
old edit interface.

Test Plan: Grepped for links to old interface.

Reviewers: btrahan, jungejason

Reviewed By: btrahan

CC: aran, epriestley

Maniphest Tasks: T904

Differential Revision: https://secure.phabricator.com/D1714
2012-02-28 21:13:14 -08:00
epriestley
1eeaeb62e4 Remove commit list from Diffusion in favor of Audit commit list
Summary:
We can drive this query better from the Audit tool now; get rid of the Diffusion
version.

Preserve usernames in URIs as per T900.

Test Plan: Clicked "Commits" from profile. Browsed audit commit filters.

Reviewers: btrahan, jungejason

Reviewed By: btrahan

CC: aran, epriestley

Maniphest Tasks: T904

Differential Revision: https://secure.phabricator.com/D1713
2012-02-28 21:12:08 -08:00
epriestley
f3549bb2d3 Show commits in /audit/
Summary:
The general idea here is to build a Differential-like dashboard which shows all
the things you need to audit and all the things that other people have raised
issues with, so you have a one-stop "what do I need to deal with?" interface.

  - Add problem commits to the "active" view of /audit/.
  - Add problem commits to homepage.
  - Add commit browsing interfaces to /audit/.
  - Add an "Audit" app button.

Test Plan: Looked at homepage, commit filters. Audited commits, verified state
changes reflected properly.

Reviewers: btrahan, jungejason

Reviewed By: btrahan

CC: aran, epriestley

Maniphest Tasks: T904

Differential Revision: https://secure.phabricator.com/D1712
2012-02-28 21:10:39 -08:00
epriestley
4117cdbdfb Enhance Maniphest custom queries
Summary:
Improve the custom query interface:

  - Allow search for tasks not in projects.
  - Allow search for tasks with no projects.
  - Allow custom search to include author/owner constraints.

Test Plan: Searched for various sorts of tasks.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, epriestley

Maniphest Tasks: T911

Differential Revision: https://secure.phabricator.com/D1722
2012-02-28 21:08:02 -08:00
epriestley
280d7cd294 Add excel export to Maniphest
Summary:
Allow Maniphest result sets to be exported to Excel.

Spreadsheet_Excel_Writer is awful but comparatively easy to get working. There's
also a "PHPExcel" package but it has some autoload conflicts right now and this
seems good-enough.

Test Plan: Exported a bunch of tasks to Excel.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, epriestley

Maniphest Tasks: T923

Differential Revision: https://secure.phabricator.com/D1721
2012-02-28 21:07:12 -08:00
epriestley
8a0a00f118 Make PhabricatorRepositoryCommmit schema changes for audit
Summary:
  - Add a proper mailKey field to make these things mailable. Backfill all
existing objects.
  - Denormalize authorPHID to the commit object so we can query by it
efficiently in a future diff. We currently use the search engine to drive
"commits by author" but that's not so good for audit, which needs more
constraints.
  - Add an overall audit status field so we can efficiently query "commits that
needs your attention".
  - Add enough code to convince myself that these fields are basically
reasonable and work correctly.

Test Plan:
  - Ran schema upgrades. Checked database state afterward.
  - Ran "reparse.php --owners --herald" to verify worker changes.
  - Looked at a commit, altered aggregate status via audits / reparse.php,
verified it responded correctly.

Reviewers: btrahan, jungejason

Reviewed By: jungejason

CC: aran, epriestley, nh

Maniphest Tasks: T904

Differential Revision: https://secure.phabricator.com/D1706
2012-02-28 21:06:34 -08:00
epriestley
07d75e35a4 Merge branch 'arcpatch-D1726' 2012-02-28 21:04:10 -08:00
David Fisher
e846a1747e Fix Feed Times on 32 Bit Servers
Summary:
The feed time is stored as the upper 32 bits of
PhabricatorFeedStoryData::chronologicalKey. These bits were previously accessed
by right shifting, which does not work properly on 32 bit machines (the result
is PHP_INT_MAX). We now attempt to use the bc extension (if available) and fall
back on mysql math otherwise. (See T500, D912).

Test Plan:
The calculation is unchanged for 64 bit machines. I checked both
paths on a 32 bit machine with bc extension available by setting the appropriate
if-condition to false and true.

Reviewers: epriestley

Reviewed By: epriestley

CC: ddfisher, aran, epriestley

Differential Revision: https://secure.phabricator.com/D1726
2012-02-28 21:04:02 -08:00
epriestley
6f4665756d Make Conduit parsers more flexible for 'arc diff --create'
Summary:
Adds softer parse modes with less validation for doing partial parses
during the "arc diff --create" flow.

Test Plan:
Ran "arc diff --create" and got sensible results for inputs like bad
reviewers but a good title/summary.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, epriestley

Maniphest Tasks: T614

Differential Revision: https://secure.phabricator.com/D1720
2012-02-28 16:56:19 -08:00
vrana
9b318e4044 Respect username letter case in Remarkup
Test Plan:
Type ##@makinde## to comment, verify that it is converted to ##@Makinde##.
Verify that ##@NonExistent## stays ##@NonExistent##.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1725
2012-02-28 15:20:29 -08:00
epriestley
fe05a63736 Minor, address feedback from D1705. 2012-02-27 19:22:59 -08:00
epriestley
67abac5201 Improve Audit tool filters
Summary: Add more filters/options to the /audit/ interface (By User, By Package,
By Project...)

Test Plan: Looked at audits via /audit/.

Reviewers: btrahan, jungejason

Reviewed By: jungejason

CC: aran, epriestley

Maniphest Tasks: T904

Differential Revision: https://secure.phabricator.com/D1705
2012-02-27 19:21:41 -08:00
epriestley
37a1db6fe1 Use HGPLAIN for local hg commands in Phabricator
Summary: See D1707 -- just in case the Phabricator server is configured
suspiciously.

Test Plan: Cursory inspection.

Reviewers: Makinde, btrahan

Reviewed By: Makinde

CC: aran, epriestley

Maniphest Tasks: T922

Differential Revision: https://secure.phabricator.com/D1708
2012-02-27 19:21:03 -08:00
epriestley
800aa92fd9 Refine "Tactical Command" layout and styling
Summary:
  - Move the buttons in the jump nav to iOS-style "application" buttons in the
header. These are sort of ugly right now, but I think serviceable enough. Some
day we will hire a designer whose entire job is to pick up after me.
    - This gives us more room (allowing us to restore "Maniphest" and
"Differential").
    - This also disassociates the app buttons from the jump nav, which was a
point of confusion (user expectation that the text input is related to the
buttons).
  - Allow "Active Revisions" and "Assigned Tasks" to collapse completely. They
didn't completely collapse before because the top-level "Active Tasks" / "Active
Revisions" was sort of overloaded as quick nav to apps. Now we have app buttons.
  - Reduce overall size of jump nav.

Test Plan: Looked at homepage in various states of need-for-attention.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1694
2012-02-27 13:14:32 -08:00
epriestley
c7094d2def Add preview and drafts to audits
Summary: Add comment previews and saved drafts to audits, like Maniphest /
Differential.

Test Plan: Typed stuff into the box. Got a preview. Reloaded page. Stuff was
still there. Submitted comment. Stuff is gone.

Reviewers: btrahan, jungejason

Reviewed By: btrahan

CC: aran, epriestley

Maniphest Tasks: T904

Differential Revision: https://secure.phabricator.com/D1699
2012-02-27 13:00:23 -08:00
epriestley
3289059452 Unify "toggle buttons" controls
Summary: This control is a very thin shell right now with Maniphest/Differential
code duplication; unify the implemenations better for use in Audit.

Test Plan: Clicked toggle buttons in Differential and Maniphest.

Reviewers: btrahan, jungejason

Reviewed By: btrahan

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1700
2012-02-27 12:59:05 -08:00
epriestley
d7a7bca85c Enable email for audits
Summary:
When users submit an audit, send email to relevant parties informing them.

Allow email to be replied to. Just basic support so far; no "!raise" stuff and
no threading with the Herald commit notification.

Test Plan: Made comments, got email. Replied to email, got comments.

Reviewers: btrahan, jungejason

Reviewed By: btrahan

CC: aran, epriestley

Maniphest Tasks: T904

Differential Revision: https://secure.phabricator.com/D1698
2012-02-27 12:57:57 -08:00
epriestley
cfbec38fbe When a user makes an audit comment, retroactively trigger an audit
Summary:
If a user comments on a commit but they don't currently have any audits they're
authoritative on, create a new one.

This makes it easier to handle other things more consistently, like figuring out
the overall audit status of a commit and who should get emails.

Test Plan: Made comments on commits I had authority on and did not have
authority on.

Reviewers: btrahan, jungejason

Reviewed By: jungejason

CC: aran, epriestley

Maniphest Tasks: T904

Differential Revision: https://secure.phabricator.com/D1697
2012-02-27 09:53:49 -08:00
epriestley
25fade5008 Add audits to search
Summary: Add audit information to the commit search index.

Test Plan: Updated a commit, searched for terms in its comments, got hits.

Reviewers: btrahan, jungejason

Reviewed By: jungejason

CC: aran, epriestley

Maniphest Tasks: T904

Differential Revision: https://secure.phabricator.com/D1696
2012-02-27 09:51:00 -08:00
epriestley
053d576ad6 Integrate Audit into feed
Summary: When a user posts an action in the audit tool, publish it to feed.

Test Plan: Made some comments, saw them show up in feed.

Reviewers: btrahan, jungejason

Reviewed By: jungejason

CC: aran, epriestley

Maniphest Tasks: T904

Differential Revision: https://secure.phabricator.com/D1695
2012-02-27 09:49:01 -08:00
epriestley
26599e6192 Show pending audits on home page
Summary: When a user has pending audits, show them on the homepage.

Test Plan: Looked at my homepage with and without pending audits.

Reviewers: btrahan, jungejason

Reviewed By: jungejason

CC: aran, epriestley

Maniphest Tasks: T904

Differential Revision: https://secure.phabricator.com/D1692
2012-02-27 09:48:18 -08:00
epriestley
1094527072 Allow Herald to trigger audits for users or projects
Summary:
Allows you to write a commit rule that triggers an audit by a user (personal
rules) or a project (global rules).

Mostly this is trying to make auditing more lightweight and accessible in
environments where setting up Owners packages doesn't make sense.

For instance, Disqus wants a rule like "trigger an audit for everything that
didn't have a Differential revision". While not necessarily scalable, this is a
perfectly reasonable rule for a small company, but a lot of work to implement
with Owners (and you'll get a lot of collateral damage if you don't make every
committer a project owner).

Instead, they can create a project called 'Unreviewed Commits' and write a rule
like:

	- When: Differential revision does not exist
 	- Action: Trigger an Audit for project: "Unreviewed Commits"

Then whoever cares can join that project and they'll see those audits in their
queue, and when they approve/raise on commits their actions will affect the
project audit.

Similarly, if I want to look at all commits that match some other rule (say,
XSS) but only want to do it like once a month, I can just set up an audit rule
and go through the queue when I feel like it.

NOTE: This abuses the 'packagePHID' field to also store user and project PHIDs.
Through the magic of handles, this (apparently) works fine for now; I'll do a
big schema patch soon but have several other edits I want to make at the same
time.

Also:

	- Adds an "active" fiew for /audit/, eventually this will be like the
Differential "active" view (stuff that is relevant to you right now).
	- On commits, highlight triggered audits you are responsible for.

Test Plan: Added personal and global audit triggers to Herald, reparsed some
commits with --herald, got audits. Browsed all audit interfaces to make sure
nothing exploded. Viewed a commit where I was responsible for only some audits.
Performed audits and made sure the triggers I am supposed to be responsible for
updated properly.

Reviewers: btrahan, jungejason

Reviewed By: jungejason

CC: aran, epriestley

Maniphest Tasks: T904

Differential Revision: https://secure.phabricator.com/D1690
2012-02-27 09:36:30 -08:00
John-Ashton Allen
08dd3bc1d9 Fixed jump nav repo functionality to not mess with other jump nav functionality
Summary: just changed the regex to only look at the beginning of the string

Test Plan: works with: s PhabricatorDAO, rP, r,
rPda892bde7c6e9c8f08572fde2d55c934f26dbb86

Reviewers: epriestley

Reviewed By: epriestley

CC: ddfisher, aran, epriestley

Differential Revision: https://secure.phabricator.com/D1703
2012-02-27 09:30:36 -08:00
vrana
da892bde7c Go to correct position after revealing comments
Test Plan:
Go to revision with lots of comments in Firefox.
Click on one of the last three comments permalink.
Repeat in Chrome.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1702
2012-02-26 13:13:51 -08:00
vrana
991fee2118 Use wide links instead of fake cursor in Differential
Summary:
Current approach has several problems:

- if there is no link in the cell then it still shows a link cursor
- if there is a link then it is clickable only on the text

Test Plan:
Display file in Differential, hover over cell with link.
Repeat for Paste.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1701
2012-02-26 13:12:07 -08:00
Korvin Szanto
e24a6acf58 Multiline Highlighting in Diffusion
Summary:
I added multiline highlighting with the syntax:

  http://site/path/to/file$from-to

NOTE: you can reverse the from and to

Test Plan: Open a file in diffusion and attempt to highlight multiple lines

Reviewers: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1693
2012-02-25 12:32:59 -08:00
Evan Priestley
ecc81ca9dc Merge pull request #93 from Koolvin/arcpatch-D1666
What's New flood protection
2012-02-25 08:39:18 -08:00
Nick Harper
913510a9a9 Update location for "Related Commits" link in owners tool list
Summary:
D1631 updated the url for related commits, but missed the link here. This
rev updates the link in the owners tool list.

Task ID: #

Blame Rev:

Test Plan:
clicked the link, and it worked

Revert Plan:

Tags:

Reviewers: epriestley, jungejason

Reviewed By: jungejason

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1691
2012-02-24 16:20:42 -08:00
Natthu Bharambe
a22827865f Merge branch 'master' of github.com:facebook/phabricator 2012-02-24 15:29:04 -08:00
Natthu Bharambe
ed1928eee2 Show lint/unit failure explanation in Phabricator
Summary:
Tweaked lint/unit field specifications to introduce the failure
explanation read from arc:[lint|unit]-excuse.

Task ID: #

Blame Rev:

Test Plan:
Create dumb diffs with errors - run modified 'arc' and change
conduit_url to http://phabricator.dev1020.facebook.com/api/ - verified
that explanation shows up with proper formatting.

Revert Plan:

Tags:

Reviewers: epriestley, nh

Reviewed By: epriestley

CC: Girish, akramer, blair, aran, epriestley, andreygoder

Differential Revision: https://secure.phabricator.com/D1689
2012-02-24 15:28:06 -08:00
epriestley
e5f3ad14e1 Allow audit comments to be added from Diffusion
Summary:
This is intended to supplant the existing "audit edit" interface. I've changed
them to both drive down the same write pathway, but the UIs are still different.
I'll fully merge them in a future diff.

Add a comment box (like Maniphest and Differential) to Diffusion. When users
make comments, their comments appear on the commit. Any audits triggers they are
responsible for are updated to reflect actions they take, as well.

Currently, audits can only be triggered by packages, but I intend to allow them
to be triggered by users and projects (via herald rules) in an upcoming diff.
Thus some of the language like "projects, users or packages" when the code is
clearly dealing only with "packagePHID".

Test Plan: Made audit updates via commit interface and via existing edit
interface. Verified both interfaces updated correctly, and that audit
responsibility rules were applied properly.

Reviewers: btrahan, jungejason

Reviewed By: btrahan

CC: aran, epriestley

Maniphest Tasks: T904

Differential Revision: https://secure.phabricator.com/D1688
2012-02-24 15:04:53 -08:00
Bob Trahan
3c4070a168 OAuth Server -- add controllers to RUD client authorizations and CRUD clients
Summary:
beyond the title, this diff tweaks the test console to have a bit more
functionality.  also makes a small change to CSS for AphrontFormControlMarkup,
which IMO fixes a display issue on
https://secure.phabricator.com/settings/page/profile/ where the Profile URI is
all up in the air and whatnot

I think this is missing pagination.  I am getting tired of the size though and
will add later.  See T905.

Test Plan:
viewed, updated and deleted client authorizations.  viewed, created,
updated and deleted clients

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Maniphest Tasks: T849, T850, T848

Differential Revision: https://secure.phabricator.com/D1683
2012-02-24 14:56:18 -08:00
epriestley
5f46a61e6d Show audit comments on the Diffusion commit view
Summary: We already allow you to create comments, but we don't show them on the
commit page. After style / view unification this is easy; show comments on the
commit page.

Test Plan: Made comments on a commit using the audit too, saw them show up in
Diffusion.

Reviewers: btrahan, jungejason

Reviewed By: btrahan

CC: aran, epriestley

Maniphest Tasks: T904

Differential Revision: https://secure.phabricator.com/D1687
2012-02-24 14:14:39 -08:00
epriestley
282d6e5ffa Unify Maniphest + Differential comment styles
Summary:
I want to add comments to commits, and they should obviously share code with the
nearly-identical comments in Maniphest and Differential. Unify code/style as
much as possible.

This program made possible by a generous grant from D1513.

Test Plan:
  - Looked at a bunch of different Differential and Maniphest comments; they
appeared to render identically to how they looked before.
  - Tested some edge cases like anchors and "show details" on description edits
in Maniphest.

Reviewers: btrahan, jungejason

Reviewed By: btrahan

CC: aran, epriestley

Maniphest Tasks: T904

Differential Revision: https://secure.phabricator.com/D1686
2012-02-24 13:02:35 -08:00
epriestley
97ea6ea619 Add a basic first-class audit UI
Summary:
Currently, audits are only accessible through the Owners tool. Start moving them
to their own first-class tool in preparation for broader audit integration.

  - Lay some infrastructure groundwork (e.g. AuditQuery).
  - Build a basic /audit/ view.
  - Show audits on the commit page in Diffusion.

This has some code duplication with stuff we've already got, but I'll merge
everything together as we move forward on this.

Test Plan: Looked at /audit/ and a commit.

Reviewers: btrahan, jungejason

Reviewed By: btrahan

CC: aran, epriestley

Maniphest Tasks: T904

Differential Revision: https://secure.phabricator.com/D1685
2012-02-24 13:02:14 -08:00
epriestley
386dcfff7e Rough batch editor for Maniphest
Summary:
First stab at a batch editor for Maniphest. Basically, you can select a group of
tasks and then import them into the "batch" interface, where you can edit all of
them at once.

High level goal is to make it easier for users in PM/filer/support/QA roles to
deal with large numbers of tasks quickly.

This implementation has a few major limitations:

  - The only available actions are "add projects" and "remove projects".
  - There is no review / undo / log stuff.
  - All the changes are applied in-process, which may not scale terribly well.

However, the immediate need is just around projects and this seemed like a
reasonable place to draw the line for a minimal useful version of the tool.

Test Plan: Used batch editor to add and remove projects from groups of tasks.

Reviewers: btrahan, yairlivne

Reviewed By: btrahan

CC: aran, epriestley, sandra

Maniphest Tasks: T441

Differential Revision: https://secure.phabricator.com/D1680
2012-02-24 13:00:48 -08:00
Korvin Szanto
31cbb7fbe2 What's New flood protection
Summary:
Added what's new flood protection and fixed array_push issues.
Also added rhetoric for "Commit"

Test Plan: say "What's new?" twice within one minute

Reviewers: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1684
2012-02-23 19:18:22 -08:00
Evan Priestley
aad7ddaa75 Merge pull request #92 from Koolvin/arcpatch-D1666
IRC Bot what's new directive
2012-02-23 18:08:09 -08:00
Korvin Szanto
5e39522ac4 IRC Bot what's new directive
Summary:
Added "What's new?" to the ircbot

====Matches

```What is new?
What's new?
Whats new```

Test Plan:
<`Korvin> what is new?
<korvinbot-local> Derpen created D1: Herped the derp - http://phabricator.net/D1

It shows five.

Reviewers: epriestley

Reviewed By: epriestley

CC: epriestley, aran

Differential Revision: https://secure.phabricator.com/D1666
2012-02-23 18:01:25 -08:00
vrana
97144c0932 Support paste file uploads
Summary:
This is so freaking cool that I will try to implement it also on Facebook.
Idea is from
http://strd6.com/2011/09/html5-javascript-pasting-image-data-in-chrome/.
I don't know how to properly detect support but lying about it is not a big
deal.

Test Plan:
Go to revision comment textarea.
Paste some text data - works as usual.
Paste some image data in Chrome - file is uploaded and a link to it is inserted.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1681
2012-02-23 16:36:58 -08:00
vrana
48ab6aa465 Display //no name// for files without name to make the link clickable
Test Plan: /file/

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1679
2012-02-23 13:23:04 -08:00
epriestley
bf3dd8663c Add "buoyant" headers to Differential
Summary:
As you scroll through a diff, add a fixed-position header to the top of the
document to provide context. This is particularly useful with keyboard
navigation.

The technical implementation is that we seed the document with invisible
markers. When the user scrolls past one, we show a header with that text until
they scroll past another.

Test Plan:
Scrolled through a revision, was presented with context.

https://secure.phabricator.com/file/data/5xhh2jmoon6ukr5qjkh3/PHID-FILE-463ituscyhyw7utnox7m/Screen_Shot_2012-02-22_at_2.48.19_PM.png

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, epriestley

Maniphest Tasks: T696

Differential Revision: https://secure.phabricator.com/D1673
2012-02-23 12:26:14 -08:00
epriestley
cdd55eda14 Use absolute widths for Maniphest task columns instead of "min-width" plus
"width: ...%"

Summary:
There's an occasional display glitch with the current CSS
(http://cl.ly/2B0Q2l3T0N2n3M0k092A) that we think this will fix.

Seems least-bad in light of this:
https://secure.phabricator.com/file/data/2f5wamew66aggnlqw7oo/PHID-FILE-aikqvnrmw525cn2wfzb2/widenarrow.png

Test Plan: Looked at Maniphest in a couple of browsers at different screen
widths.

Reviewers: paularmstrong, btrahan

Reviewed By: btrahan

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1669
2012-02-22 22:52:45 -08:00
blair
913c931cb0 [mailing list] add paging
Summary:
The mailing list page in MetaMTA only showed the first 100
sorted by ID, so it made it seem like lists were missing. Changed it to
do paging and short by name, so it has some user-understandable order.

Test Plan:
 - Go to /mail/lists/
 - Step through pager, confirm ordering.

Reviewers: nh, epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1670
2012-02-22 12:47:13 -08:00
epriestley
5c5514b948 Improve Remarkup list documentation for D1660
Summary: Document "--" list sytle and improve explicitness of list documentation
in general.

Test Plan: Generated, read documentation.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1661
2012-02-22 10:06:52 -08:00
epriestley
84afd3d469 Fix a minor parameter issue
Summary: D1595 split encodeJSONForHTTPResponse() into two methods, but left a
straggling $use_javelin_shield parameter which is no longer used.

Test Plan: Caught errors in error log.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1663
2012-02-22 10:06:06 -08:00
epriestley
17965cc8be Improve display of "Added Reviewers" and "Added CCs" in Differential, link diffs
Summary:
When a comments add reviewers or CCs, we just dump that sort of nastily into the
body. Put it in the header like Maniphest instead.

Also, record the diff associated with "update" actions and link to it (T871).

Test Plan: {F8546} {F8547}

Reviewers: btrahan, davidreuss

Reviewed By: davidreuss

CC: aran, epriestley

Maniphest Tasks: T871

Differential Revision: https://secure.phabricator.com/D1659
2012-02-22 08:03:48 -08:00
epriestley
e48b290094 Fix URI map rules to restore public feed
Summary: The /public/ rule needs to come before the more general subfilter rule.

Test Plan: Hit "all", "my projects" and "public" feeds, they all work.

Reviewers: davidreuss

Reviewed By: davidreuss

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1667
2012-02-22 08:03:15 -08:00
Nick Harper
07e5591015 [diffusion] Fix pending differential revisions list
Summary:
DifferentialRevisionListView requires setFields to be called before
calling getRequiredHandlePHIDs; this adds that call for DiffusionController

Test Plan:
loaded diffusion and saw the "Pending Differential Revisions" section
populated, and no errors in the darkconsole

Reviewers: epriestley, btrahan, jungejason

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1665
2012-02-21 22:47:36 -08:00
Bob Trahan
af295e0b26 OAuth Server enhancements -- more complete access token response and groundwork
for scope

Summary:
this patch makes the access token response "complete" relative to spec by
returning when it expires AND that the token_type is in fact 'Bearer'.

This patch also lays the groundwork for scope by fixing the underlying data
model and adding the first scope checks for "offline_access" relative to expires
and the "whoami" method.   Further, conduit is augmented to open up individual
methods for access via OAuth generally to enable "whoami" access.   There's also
a tidy little scope class to keep track of all the various scopes we plan to
have as well as strings for display (T849 - work undone)

Somewhat of a hack but Conduit methods by default have SCOPE_NOT_ACCESSIBLE.  We
then don't even bother with the OAuth stuff within conduit if we're not supposed
to be accessing the method via Conduit.   Felt relatively clean to me in terms
of additional code complexity, etc.

Next up ends up being T848 (scope in OAuth) and T849 (let user's authorize
clients for specific scopes which kinds of needs T850).  There's also a bunch of
work that needs to be done to return the appropriate, well-formatted error
codes.  All in due time...!

Test Plan:
verified that an access_token with no scope doesn't let me see
anything anymore.  :(  verified that access_tokens made awhile ago expire.  :(

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Maniphest Tasks: T888, T848

Differential Revision: https://secure.phabricator.com/D1657
2012-02-21 16:33:06 -08:00
epriestley
228c3781a2 Add gRaphael charting library
Summary:
I typed up like 30 pages here and then got my soul crushed by T895, but here's
the summary:

I looked at several charting libraries. There aren't very many that seem to be
any good and have an open-source license.

I also want the charts to be scriptable in JS so we can add good interactivity
where appropriate.

Raphael is an SVG drawing library which seems very solid. gRaphael is a charting
library on top of Raphael that is a lot less solid, but seems kind of OK.

Overall, I think this selection gives us a lot of flexibility, although we'll
have to pay some costs up front. I'd rather do that then get limited later,
though.

That said, I'm open to other suggestions here if anyone has experience or wants
to take a different stab at researching things.

This is largely for @vii and D1643.

Test Plan: Created a basic, fairly OK chart (see next revision).

Reviewers: btrahan, vii

Reviewed By: btrahan

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1654
2012-02-21 15:10:24 -08:00
epriestley
1caa812172 Move feed off home page to just /feed/
Summary:
I haven't actually been using this as much as I thought, and am more interested
in the full view than the per-project view.

Let's try moving it off /home/ and then maybe adding some filtering options at
some point.

Test Plan: Looked at "all" and "my projects" in feed. Looked at home page.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1658
2012-02-21 15:10:11 -08:00
John Fremlin VII
583cca0d7c Various statistics about revisions at /differential/stats/revisions/
Summary:
Show some statistics, like number of revisions, number of
revisions per week, lines per revision, etc. for phrivolous amusement.

Test Plan:
 - Went to /differential/stats/revisions/
Numbers seem right
 - Clicked 'Accepted'
Again
 - Changed to another user with long history
Load time was not too long though delay noticeable
 - Clicked 'Requested changes to'
User was preserved, looks good

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1643
2012-02-21 12:13:18 -08:00
David Fisher
fc4e23c50f Added Additional Fuctionality to Jump Nav: Jump to users, projects, symbols, or
create new tasks

Summary: see title

Test Plan: Tested jump nav and found the correct urls were being loaded. Old
functionality was not effected.

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: ddfisher, allenjohnashton, kpark517, aran, epriestley

Differential Revision: https://secure.phabricator.com/D1642
2012-02-20 10:23:51 -08:00
Bob Trahan
be66a52050 Make conduit read access_token and login the pertinent $user
Summary: This makes the oauth server a bunch more useful.

Test Plan:
- used /oauth/phabricator/diagnose/ and it actually passed!
- played around with conduit via hacking URL to include access_token on a logged
out browser
- linked my account to itself by going to /settings/page/phabricator/, clicking
"link" account, then cutting and pasting the pertinent ?code=X into
/oauth/phabricator/login/.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Maniphest Tasks: T852

Differential Revision: https://secure.phabricator.com/D1644
2012-02-20 10:21:23 -08:00
epriestley
92f3ffd811 Drive differential revision list with custom fields
Summary:
Build the revision list table out of custom fields instead of hard-coding it, so
installs can add all sorts of zany things to it.

NOTE: You may need to implement sortFieldsForRevisionList() if you have a custom
DifferentialFieldSelector, or some fields might show up out of order.

This implementation will preserve the expected behavior:

  public function sortFieldsForRevisionList(array $fields) {
    $default = new DifferentialDefaultFieldSelector();
    return $default->sortFieldsForRevisionList($fields);
  }

Test Plan:
  - Loaded differential revision list, identical to old list.
  - Profiled page to verify the cost increase isn't significant (it's quite
small).

Reviewers: jungejason, btrahan

Reviewed By: btrahan

CC: aran, btrahan, davidreuss, epriestley

Maniphest Tasks: T773, T729

Differential Revision: https://secure.phabricator.com/D1388
2012-02-20 05:38:21 -08:00
Bob Trahan
7a3f33b5c2 OAuth - Phabricator OAuth server and Phabricator client for new Phabricator OAuth Server
Summary:
adds a Phabricator OAuth server, which has three big commands:
 - auth - allows $user to authorize a given client or application.  if $user has already authorized, it hands an authoization code back to $redirect_uri
 - token - given a valid authorization code, this command returns an authorization token
 - whoami - Conduit.whoami, all nice and purdy relative to the oauth server.
Also has a "test" handler, which I used to create some test data.  T850 will
delete this as it adds the ability to create this data in the Phabricator
product.

This diff also adds the corresponding client in Phabricator for the Phabricator
OAuth Server.  (Note that clients are known as "providers" in the Phabricator
codebase but client makes more sense relative to the server nomenclature)

Also, related to make this work well
 - clean up the diagnostics page by variabilizing the provider-specific
information and extending the provider classes as appropriate.
 - augment Conduit.whoami for more full-featured OAuth support, at least where
the Phabricator client is concerned

What's missing here...   See T844, T848, T849, T850, and T852.

Test Plan:
- created a dummy client via the test handler.   setup development.conf to have
have proper variables for this dummy client.  went through authorization and
de-authorization flows
- viewed the diagnostics page for all known oauth providers and saw
provider-specific debugging information

Reviewers: epriestley

CC: aran, epriestley

Maniphest Tasks: T44, T797

Differential Revision: https://secure.phabricator.com/D1595
2012-02-19 14:00:13 -08:00
epriestley
9748520b0e Add "overflow: auto" to all comment boxes
Summary: Set these all to "overflow: auto".

Test Plan:
Made comments like "MMMMMMM..." in:

  - Differential comment preview.
  - Differential comment (saved).
  - Maniphest comment preview.
  - Maniphest comment (saved).
  - Differential inline comment draft.
  - Differential inline comment preview.
  - Differential inline comment (saved).

Also tested code blocks.

Reviewers: nh, btrahan, jungejason

Reviewed By: jungejason

CC: aran, epriestley

Maniphest Tasks: T883

Differential Revision: https://secure.phabricator.com/D1641
2012-02-19 09:07:35 -08:00
epriestley
c8b9418ebc Update documentation and CSS for nested and enumerated lists
Summary: Update Phabricator for Remarkup changes in D1638.

Test Plan: Looked at various sorts of nested, enumerated, and phantom-item
lists.

Reviewers: btrahan, jungejason

Reviewed By: jungejason

CC: aran, epriestley

Maniphest Tasks: T885

Differential Revision: https://secure.phabricator.com/D1639
2012-02-19 09:06:47 -08:00
epriestley
bfea830d09 Add email preferences to receive fewer less-important notifications
Summary:
A few similar requests have come in across several tools and use cases that I
think this does a reasonable job of resolving.

We currently send one email for each update an object receives, but these aren't
always appreciated:

  - Asana does post-commit review via Differential, so the "committed" mails are
useless.
  - Quora wants to make project category edits to bugs without spamming people
attached to them.
  - Some users in general are very sensitive to email volumes, and this gives us
a good way to reduce the volumes without incurring the complexity of
delayed-send-batching.

The technical mechanism is basically:

  - Mail may optionally have "mail tags", which indicate content in the mail
(e.g., "maniphest-priority, maniphest-cc, maniphest-comment" for a mail which
contains a priority change, a CC change, and a comment).
  - If a mail has tags, remove any recipients who have opted out of all the
tags.
  - Some tags can't be opted out of via the UI, so this ensures that important
email is still delivered (e.g., cc + assign + comment is always delivered
because you can't opt out of "assign" or "comment").

Test Plan:
  - Disabled all mail tags in the web UI.
  - Used test console to send myself mail with an opt-outable tag, it was
immediately dropped.
  - Used test console to send myself mail with an opt-outable tag and a custom
tag, it was delivered.
  - Made Differential updates affecting CCs with and without comments, got
appropriate delivery.
  - Made Maniphest updates affecting project, priority and CCs with and without
comments, got appropriate delivery.
  - Verified mail headers in all cases.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, epriestley, moskov

Maniphest Tasks: T616, T855

Differential Revision: https://secure.phabricator.com/D1635
2012-02-17 22:57:07 -08:00
epriestley
ab9c6f10d0 Improve remarkup documentation
Summary:
Some user feedback:

  - Named link information not present in quick reference.
  - Named link information buried in Phriction docs.
  - Optional omission of trailing "=" in headers not documented.

Fix these things.

Test Plan: generated, read documentation

Reviewers: btrahan, paularmstrong, Josereyes

Reviewed By: btrahan

CC: aran, epriestley

Maniphest Tasks: T884

Differential Revision: https://secure.phabricator.com/D1637
2012-02-17 19:39:13 -08:00
Nick Harper
2cf26d8036 Remove links to maniphest, phriction in tactical command, jump nav
Summary:
We don't use maniphest or phriction in our install, so the links/references to
them in tactical command and jump nav can be confusing for users. This hides
these elements if they aren't enabled.

Test Plan: loaded the front page of phabricator in my sandbox, saw they went
away

Reviewers: epriestley, btrahan, jungejason

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1636
2012-02-17 16:45:39 -08:00
epriestley
8b851e4978 Minor, fix simpleoptions parse of {F123} notation. 2012-02-17 16:22:38 -08:00
Nick Harper
89128a70d5 Remove references to nonexistent PhabricatorOAuthProviderPhabricator
Summary:
This gets added in D1595 (which hasn't landed yet), but was referred to in
D1632 (already committed). This unbreaks master for me.

Test Plan: I no longer get an error trying to load
PhabricatorOAuthProviderPhabricator

Reviewers: btrahan, epriestley

Reviewed By: epriestley

CC: jungejason, aran, epriestley

Differential Revision: https://secure.phabricator.com/D1633
2012-02-17 12:28:17 -08:00
Bob Trahan
5ba9edff51 OAuth -- generalize / refactor providers and diagnostics page
Summary: split out from D1595

Test Plan: oauth/facebook/diagnose still looks good!

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1632
2012-02-17 11:13:51 -08:00
epriestley
2bcf153e7e Minor, fix chatlog handler comment. 2012-02-17 10:24:55 -08:00
epriestley
7200040479 Add a basic chatlog
Summary:
This is pretty simple and unpolished, but it's getting pretty big and it seems
like a reasonable starting point.

  - Log chat in various "channels".
  - Conduit record and query methods.
  - IRCBot integration for IRC logging

Major TODO:

  - Web UI is really unpolished and has no search, paging, anchor-linking, etc.
Basically all presentation stuff, though.
  - I think the bot should have a map of channels to log with channel aliases?
  - The "channels" should probably be in a separate table.
  - The "authors" should probably be correlated to Phabricator accounts somehow,
where possible.

Test Plan: Used phabotlocal to log #phabricator.

Reviewers: kdeggelman, btrahan, Koolvin

Reviewed By: btrahan

CC: aran, epriestley

Maniphest Tasks: T837

Differential Revision: https://secure.phabricator.com/D1625
2012-02-17 10:21:38 -08:00
jungejason
50363695bb Support searching for Related Commits by package owner
Summary:
add support for searching by package owner for Related Commits
and commits that Need Attention.

Test Plan:
verified that

- searching by package still works when there is or there is no commits
  found
- searching by package owner works when there is or there is no commits
  found

Reviewers: epriestley, nh

Reviewed By: epriestley

CC: aran, epriestley, prithvi, dihde14, Girish

Differential Revision: https://secure.phabricator.com/D1631
2012-02-17 10:15:54 -08:00
jungejason
fb9d48f38b Refactor Owners pages and Improve the Nav Filter
Summary:
Getting ready to support searching for the related commits by
package owner (D1631):

- Add 'relative' option to the Nav Filter
- Refactor Owners page

Test Plan: - owners page still renders with the filter displayed correctly.

Reviewers: epriestley, nh

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1630
2012-02-17 08:56:19 -08:00
epriestley
ff4c67d207 Minor, fix help URI for jump nav. 2012-02-15 17:52:47 -08:00
epriestley
965a4da042 Add a "jump nav" element to the homepage, for quick tool/object navigation
Summary:
  - Restore quick methods for getting to common features (upload file, create
task, etc.)
  - Provide a flexible cli-like navigation element similar to stuff used at
Facebook (bunny1 / lolbunny).

Test Plan: Used jump nav and nav buttons.

Reviewers: btrahan, fratrik

Reviewed By: btrahan

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1619
2012-02-15 17:49:23 -08:00
epriestley
29acc848c1 Add a "feed" filter to the home page; align things; allow browsing older stories
Summary:
Pretty straightforward; see title. Kind of gross but I have a bunch
more iterations in mind here (like filtering). Paging this is a little tricky
since we can't easily use AphrontPagerView, as it relies on OFFSET, and I think
that's sort of sketchy to use here for UX reasons (query performance and view
consistency as feed updates).

Test Plan: Looked at feed, paged through feed.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1616
2012-02-15 17:48:14 -08:00
epriestley
fce6a7089c Fix production file links for some alt-domain configurations
Summary:
We sometimes call PhabricatorEnv::getProductionURI($file->getBestURI()) or
similar, but this may currently cause us to construct a URI like this:

  http://domain.com/http://cdn-domain.com/file/data/xxx/yyy/name.jpg

Instead, if the provided URI has a domain already, leave it unmodified.

Test Plan: Attached a file to a task; got an email with a valid URI instead of
an invalid URI.

Reviewers: btrahan

Reviewed By: btrahan

CC: Makinde, aran, epriestley

Differential Revision: https://secure.phabricator.com/D1622
2012-02-15 17:06:36 -08:00
epriestley
4bd336cedc Add a "group by priority" to the homepage revision query
Summary: The effect of this is just to order tasks by (priority, modified)
instead of (modified), i.e. in the same default order as Maniphest, so the top
10 tasks here are the top 10 tasks in your assigned list.

Test Plan: Looked at "Assigned Tasks" on the homepage.

Reviewers: fratrik, btrahan

Reviewed By: btrahan

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1621
2012-02-15 13:57:50 -08:00
epriestley
eb4256b97d When a user is a member of no projects, show them no triage tasks, not all
triage tasks

Summary: The "with projects ... " query boils down to "all triage tasks" when
you don't belong to any projects. Just render the "no needs triage in projects
you are a member of" element unconditionally in this case.

Test Plan: Looked at homepage as a user with no project memberships but some
triage-requiring tasks before and after this change. Prior to this change, all
triage tasks show; afterwards, none.

Reviewers: fratrik, btrahan

Reviewed By: fratrik

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1620
2012-02-15 13:06:10 -08:00
Nick Harper
0b9d0c9d08 [conduit] create phid.query method
Summary:
Provide a phid.query method that returns the same information as phid.info,
but allows querying for multiple phids at once.

Test Plan: Called the method from the web conduit console.

Reviewers: btrahan, epriestley, jungejason

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1617
2012-02-15 11:17:20 -08:00
epriestley
da1d57b60a When viewing raw file content in Differential, cache it into the File tool
before displaying it

Summary:
@alok reported a vulnerability where Flash will run carefully-crafted plain text
files.

When the user requests a raw file, cache it into Files if it isn't already
there. Then redirect them to Files. This solves the problem by executing the
SWF/TXT with CDN-domain permissions, not content-domain permissions, provided
the install is correctly configured. (Followup diff coming to make this more
universally true.)

NOTE: We'll still show raw data in Diffusion. The barrier to XSS here is much
higher (you need commit access) but I'll do something similar there. We aren't
vulnerable in Paste, since we already use Files.

Test Plan: Clicked "View Old File", "View New File" in an alt-domain
configuration, got redirected to a cookie-free domain before being delivered the
response.

Reviewers: btrahan, alok

Reviewed By: btrahan

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1607
2012-02-14 17:00:20 -08:00
epriestley
cd651001b6 Add a contextual "scope" dropdown for searches
Summary: Add a "Search for ... in (document group)" thing that picks the current
scope based on the current application.

Test Plan: Conducted searches in several browsers.

Reviewers: btrahan, skrul

Reviewed By: btrahan

CC: aran, epriestley

Maniphest Tasks: T858

Differential Revision: https://secure.phabricator.com/D1610
2012-02-14 17:00:12 -08:00
epriestley
6e48bfcb0a Use Filesystem::getMimeType() instead of file
Summary: The `file` binary doesn't exist everywhere, use the more flexible
wrapper introduce in D1609.

Test Plan: Uploaded a file via drag-and-drop, it got MIME'd correctly.

Reviewers: btrahan, davidreuss, Koolvin

Reviewed By: btrahan

CC: aran, epriestley

Maniphest Tasks: T869

Differential Revision: https://secure.phabricator.com/D1615
2012-02-14 17:00:05 -08:00
epriestley
35c5852d3f Add a safeguard against multiple patches with the same version
Summary:
I accidentally added two "104" patches. This actually works OK for the most part
but is fundamentally bad and wrong.

Merge the patches (installs applied both as "104", so we can't move one to
"105") and add a safeguard.

Test Plan: Ran upgrade_schema.php with two "104" patches, got error'd. Ran
without, got successs.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1614
2012-02-14 16:24:02 -08:00
epriestley
6a11d8d0d1 Reduce size of "Unbreak Now" and "Needs Triage" panels when no action is
required

Summary: Make these things like 1/4th the size if they aren't actionable.

Test Plan: Loaded home page with actionable, unactionable panels.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1613
2012-02-14 16:23:53 -08:00
vrana
44b7b4bfc0 Send only one request at a time from ShapedRequest
Summary:
'this._request' was never set so 'waiting' was always false.
Result was that several requests were sent at once which wastes resources and
leads to weird bugs when responses don't arrive in sending order.

Blame Rev: D258

Test Plan:
Write a comment extremely fast, watch for requests sent.
Add sleep(5) for some inputs to DifferentialCommentPreviewController, verify
correct order.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1612
2012-02-14 15:58:11 -08:00
epriestley
ba05ac595c Minor, fix a fatal on Herald Admin controller
Summary:
Just a bad merge for the edit history, I think. We need to pass $user or we
fatal trying to render timestamps.

https://secure.phabricator.com/herald/all/view/differential/

Test Plan: Looked at Herald admin view.

Reviewers: jungejason, xela, nh, btrahan, fratrik

Reviewed By: fratrik

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1611
2012-02-14 15:40:04 -08:00
vrana
6a17de65df Ability to add reviewers while requesting review
Summary: It makes perfect sense to add more reviewers while requesting review.

Test Plan:
Request review. Verify that Add Reviewers field shows and works.
Add some reviewer. Verify that comment preview works.
Submit. Verify that reviewers are saved and displayed.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1473
2012-02-14 15:14:12 -08:00
epriestley
549146bc7c Move ALL files to serve from the alternate file domain, not just files without
"Content-Disposition: attachment"

Summary:
We currently serve some files off the primary domain (with "Content-Disposition:
attachment" + a CSRF check) and some files off the alternate domain (without
either).

This is not sufficient, because some UAs (like the iPad) ignore
"Content-Disposition: attachment". So there's an attack that goes like this:

	- Alice uploads xss.html
	- Alice says to Bob "hey download this file on your iPad"
        - Bob clicks "Download" on Phabricator on his iPad, gets XSS'd.

NOTE: This removes the CSRF check for downloading files. The check is nice to
have but only raises the barrier to entry slightly. Between iPad / sniffing /
flash bytecode attacks, single-domain installs are simply insecure. We could
restore the check at some point in conjunction with a derived authentication
cookie (i.e., a mini-session-token which is only useful for downloading files),
but that's a lot of complexity to drop all at once.

(Because files are now authenticated only by knowing the PHID and secret key,
this also fixes the "no profile pictures in public feed while logged out"
issue.)

Test Plan: Viewed, info'd, and downloaded files

Reviewers: btrahan, arice, alok

Reviewed By: arice

CC: aran, epriestley

Maniphest Tasks: T843

Differential Revision: https://secure.phabricator.com/D1608
2012-02-14 14:52:27 -08:00
epriestley
c8b4bfdcd1 Encode "<" and ">" in JSON/Ajax responses to prevent content-sniffing attacks
Summary:
Some browsers will still sniff content types even with "Content-Type" and
"X-Content-Type-Options: nosniff". Encode "<" and ">" to prevent them from
sniffing the content as HTML.

See T865.

Also unified some of the code on this pathway.

Test Plan: Verified Opera no longer sniffs the Conduit response into HTML for
the test case in T865. Unit tests pass.

Reviewers: cbg, btrahan

Reviewed By: cbg

CC: aran, epriestley

Maniphest Tasks: T139, T865

Differential Revision: https://secure.phabricator.com/D1606
2012-02-14 14:51:51 -08:00
vrana
8da4f981fb Always display Branch in revision
Summary:
I, as an author, sometimes forget branch associated with a revision.
Plus setting ##differential.show-host-field## makes a false sense of security
that branch will stay hidden so that I can name it
//finally_solve_this_crap_which_makes_no_sense//. But it is published in
Accepted and Request Changes e-mails anyway.

Test Plan: Display revision with disabled ##differential.show-host-field##.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1602
2012-02-13 11:02:46 -08:00
jungejason
5b8577db59 Add documentation for the Owners tool
Summary:
As title.

Please help me to improve the wording!

Test Plan:
generate the documentation from the diviner file; read it; spell
check

Reviewers: epriestley, nh

Reviewed By: nh

CC: aran, dihde14, mpodobnik, prithvi, TomL, epriestley

Differential Revision: https://secure.phabricator.com/D1395
2012-02-11 16:42:18 -08:00
vrana
95feb31fbf Whitespace parameter on Show Raw File is useless
Test Plan: Show Raw File

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1600
2012-02-11 09:13:19 -08:00
vrana
63fbd5db04 Avoid double '/' in Phriction URL
Test Plan:
/project/view/11/
Hover Wiki.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1601
2012-02-11 08:48:24 -08:00
Nick Harper
f2636fcb04 Fix spelling mistake in PhabricatorOwnerRelatedListController
Summary: selected was misspelled

Test Plan: none

Reviewers: epriestley, jungejason

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1586
2012-02-10 16:48:14 -08:00
vrana
cd22d837cb Revive added reviewers and ccs
Test Plan: Display revision with added reviewers.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1598
2012-02-10 11:48:57 -08:00
Korvin Szanto
ad9a2ab00c D1535
IRC bot responds to T1000 as if you were referencing the nanomorph mimetic poly-alloy assassin.
2012-02-10 09:47:57 -08:00
epriestley
ecd4b03a4e Unbreak OAuth Registration
Summary:
@vrana patched an important external-CSRF-leaking hole recently (D1558), but
since we are sloppy in building this form it got caught in the crossfire.

We set action to something like "http://this.server.com/oauth/derp/", but that
triggers CSRF protection by removing CSRF tokens from the form. This makes OAuth
login not work.

Instead, use the local path only so we generate a CSRF token.

Test Plan: Registered locally via oauth.

Reviewers: vrana, btrahan

Reviewed By: vrana

CC: aran, epriestley, demo

Maniphest Tasks: T853

Differential Revision: https://secure.phabricator.com/D1597
2012-02-08 13:42:48 -08:00
vrana
8482569a47 Add line link to Paste
Summary: Better something than nothing.

Test Plan: View paste, click on line number.

Reviewers: codeblock, epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1596
2012-02-08 10:54:57 -08:00
epriestley
a1c20638fa Add very very basic reporting to Maniphest
Summary: Rough cut for Quora, we want this too eventually but it's super basic
right now so I'm not linking it anywhere. Once we get a couple more iterations
I'll put it in the UI.

Test Plan: Looked at stats for test data.

Reviewers: btrahan

Reviewed By: btrahan

CC: anjali, aran, epriestley

Differential Revision: https://secure.phabricator.com/D1594
2012-02-08 09:47:14 -08:00
epriestley
7a5ec015d9 Split "Create Another Task" button into "Similar Task" and "Empty Task"
Summary: Looping on this interface is pretty useful but you don't always want to
keep the projects/owners.

Test Plan: Clicked both buttons.

Reviewers: btrahan

Reviewed By: btrahan

CC: anjali, aran, epriestley

Differential Revision: https://secure.phabricator.com/D1593
2012-02-08 09:44:22 -08:00
epriestley
3f46d30e8f Replace home directory list with a dashboard
Summary:
Rough cut that still needs a lot of polish, but replace the directory list with
more of a dashboard type thing:

  - Show "Unbreak Now", triage-in-your-projects, and other stuff that you're
supposed to deal with, then feed.
  - Move tools a click a way behind nav -- this also lets us put more stuff
there and subtools, etc., later.
  - Remove tabs.
  - Merge the category/item editing views.
  - I also added a light blue wash to the side nav, not sure if I like that or
not.

Test Plan:
  - Viewed all elements in empty and nonempty states.
  - Viewed applications, edited items/categories.

Reviewers: btrahan, aran

Reviewed By: btrahan

CC: aran, epriestley, davidreuss

Maniphest Tasks: T21, T631

Differential Revision: https://secure.phabricator.com/D1574
2012-02-07 16:04:48 -08:00
vrana
3e3f73235c Break all old differential comment anchors
Test Plan: Display revision, verify text, click on links.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Maniphest Tasks: T845

Differential Revision: https://secure.phabricator.com/D1591
2012-02-07 15:19:39 -08:00
epriestley
4caa684724 Simplify Project status field
Summary:
This was a sort of speculative feature added by a contributor some time ago and
just serves as a label; for now, simplify it into "active" and "archived" and
remove "archived" projects from the "active" list.

  - Fix a bug where we'd publish a "renamed from X to X" transaction that had no
effect.
  - Publish stories about status changes.
  - Remove the "edit affiliation" controller, which has no links in the UI
(effectively replaced by join/leave links).
  - Add query/conduit support.

Test Plan: Edited the status of several projects.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, epriestley

Maniphest Tasks: T681

Differential Revision: https://secure.phabricator.com/D1573
2012-02-07 14:59:38 -08:00