1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-27 09:12:41 +01:00
Commit graph

1189 commits

Author SHA1 Message Date
Joshua Spence
b3e196b694 Rename PhabricatorPolicyRule subclasses for consistency
Summary: Ref T5655. Fixes T6849. This is another take on D11131, which was missing the DB migration and was reverted in rP7c4de0f6be77ddaea593e1f41ae27211ec179a55.

Test Plan: Ran `./bin/storage upgrade` and verified that the classes were renamed in the `phabricator_policy.policy` table.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T6849, T5655

Differential Revision: https://secure.phabricator.com/D11166
2015-01-03 23:48:55 +11:00
Joshua Spence
c7cd844a07 Remove deprecated task subscriber class
Summary: This class is no longer used after D10965.

Test Plan: `grep`

Reviewers: btrahan, epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11133
2015-01-03 11:32:14 +11:00
Joshua Spence
7c2a7d0365 Modernize remaining edge types
Summary: Modernize remaining edges to subclass `PhabricatorEdgeType`. Largely based on D11045.

Test Plan: Browsed around and performed various actions include subscribing, unsubscribing and watching.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D11116
2015-01-03 10:58:20 +11:00
Joshua Spence
a2ece77f99 Define function before use
Summary: Silences a JSHint warning.

Test Plan: `arc lint`

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11141
2015-01-03 10:31:44 +11:00
Chad Little
800b3b030f Basic style for exception page
Summary: Fixes T6846, cleans up spacing, makes it look scary red.

Test Plan: Fake an exception, see new layout

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T6846

Differential Revision: https://secure.phabricator.com/D11161
2015-01-02 13:48:18 -08:00
Chad Little
e048eaf1f5 Correct ObjectItem height when no attributes are attached
Summary: If we have a byline, but no attributes, the height of the entire object is off by 4 pixels.

Test Plan: Review list of recent commits, see correct padding.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11128
2015-01-02 11:39:12 -08:00
epriestley
08126d3904 Improve top-level exception handling
Summary:
Fixes T6692. Addresses two main issues:

  - The write guard would sometimes not get disposed of on exception pathways, generating an unnecessary secondary error which was just a symptom of the original root error.
    - This was generally confusing and reduced the quality of reports we received because users would report the symptomatic error sometimes instead of the real error.
    - Instead, reflow the handling so that we always dispose of the write guard if we create one.
  - If we missed the Controller-level error page generation (normally, a nice page with full CSS, etc), we'd jump straight to Startup-level error page generation (very basic plain text).
    - A large class of errors occur too early or too late to be handled by Controller-level pages, but many of these errors are not fundamental, and the plain text page is excessively severe.
    - Provide a mid-level simple HTML error page for errors which can't get full CSS, but also aren't so fundamental that we have no recourse but plain text.

Test Plan:
Mid-level errors now produce an intentional-looking error page:

{F259885}

Verified that setup errors still render properly.

@chad, feel free to tweak the exception page -- I just did a rough pass on it. Like the setup error stuff, it doesn't have Celerity, so we can't use `{$colors}` and no other CSS will be loaded.

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley, chad

Maniphest Tasks: T6692

Differential Revision: https://secure.phabricator.com/D11126
2015-01-02 10:49:27 -08:00
Joshua Spence
f0db6e4818 Migrate Project edges to subclass PhabricatorEdgeType
Summary: Modernize Project edges to subclass `PhabricatorEdgeType`. Largely based on D11045.

Test Plan: Add a member to a project, saw new rows in the `phabricator_project.edge` and `phabricator_user.edge` tables.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11111
2015-01-02 10:10:59 +11:00
Fabian Stelzer
cd677161e1 Do not CC users without permissions to view an object
Summary:
Ref T4411
I'm not quite sure if this is the right place for this as it will be difficult to provide proper user feedback of why we removed a particular subscriber.
Is the ApplicationTransactionEditor generally the right place to extract mentioned phids in comments?
On the other hand in some cases we cannot really give user feedback why a user was not subscribed (e.g.: commits & diffs)

Adding a diff to a repo where the user mentioned has no view permissions the subscriber is currently still added. Still would have to find where this is donet...

Any other places?

Unrelated: Is there any way to remove a subscriber from a commit/audit ?

Test Plan:
 - Edited tasks with the mentioned user having view permissions to this specific task and without
 - Raised concern with a commit and commented on the audit with the user having view permissions to the repo and without
 - Added a commit to a repo with and without the mentioned user having permissions
 - Mention a user in a task & commit comment with and without permissions
 - Mentioning a user in a diff description & comments with and without permissions to the specific diff

Reviewers: chad, #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: chad, Korvin, epriestley

Maniphest Tasks: T4411

Differential Revision: https://secure.phabricator.com/D11049
2015-01-01 08:05:52 -08:00
Joshua Spence
7cab903943 Migrate Differential revision edges to use modern EdgeType subclasses
Summary: Modernize Differential edges to subclass `PhabricatorEdgeType`. Largely based on D11045.

Test Plan: From previous experience, these changes are fairly trivial and safe. I poked around a little to make sure things looked reasonably okay.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, Krenair, epriestley

Differential Revision: https://secure.phabricator.com/D11074
2015-01-01 15:07:03 +11:00
Alex Monk
a84cd99893 Paste: Add edit policy
Summary: T5549

Test Plan: Set edit policy on paste, check that only users meeting the policy requirements can edit it.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Maniphest Tasks: T5549

Differential Revision: https://secure.phabricator.com/D11097
2014-12-31 08:24:57 -08:00
Joshua Spence
07dbd520bd Define diff as a local variable
Summary: This should be a local variable, not a global variable. This silences a few JSHint warnings.

Test Plan: `arc lint`

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11070
2014-12-30 02:58:51 -08:00
Joshua Spence
6b17a5a6ca Fix str being defined as a global variable
Summary: This variable should be local, not global. This silences a few JSHint warnings.

Test Plan: `arc lint`

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11068
2014-12-30 02:57:53 -08:00
Joshua Spence
fdd1357ce2 Fix next_src being defined as a global variable
Summary: This variable should be local, not global. This silences a bunch of JSHint warnings.

Test Plan: `arc lint`

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11067
2014-12-30 02:56:50 -08:00
Joshua Spence
02b2883555 Use better variable names
Summary:
Use `p` and `c` instead of (reusing) `k`. This silences the following JSHint warning:

```
>>> Lint for webroot/rsrc/js/application/projects/behavior-project-boards.js:

   Warning  (W004) JSHintW004
    'k' is already defined.

              57       'phui-tag-shade-blue': (sum > 0 && !over_limit),
              58       'phui-tag-shade-red': (over_limit)
              59     };
    >>>       60     for (var k in color_map) {
              61       JX.DOM.alterClass(data.countTagNode, k, !!color_map[k]);
              62     }
              63   }
```

Test Plan: `arc lint`

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11066
2014-12-30 02:56:22 -08:00
Joshua Spence
5251f08fb4 Use window.confirm instead of confirm
Summary:
This silences the following JSHint warning:

```
>>> Lint for webroot/rsrc/js/application/uiexample/notification-example.js:

   Warning  (W117) JSHintW117
    'confirm' is not defined.

              39           notification.listen(
              40             'activate',
              41             function() {
    >>>       42               if (!confirm('Close notification?')) {
              43                 JX.Stratcom.context().kill();
              44               }
              45             });

```

Test Plan: `arc lint`

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11065
2014-12-30 02:55:12 -08:00
Joshua Spence
558e1ee3b8 Define JavaScript functions before they are used
Summary: This should be a fairly minor change that silences a bunch of JSHint warnings.

Test Plan: `arc lint` showed less warnings.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11064
2014-12-30 02:53:32 -08:00
Joshua Spence
e6684af73c Let JSHint know that the show_details function is an exported global
Summary:
The `show_details` function is used by DarkConsole. Adding this comment silences the following JSHint warning:

```
>>> Lint for webroot/rsrc/js/core/behavior-error-log.js:

   Warning  (W098) JSHintW098
    'show_details' is defined but never used.

               5
               6 var current_details = null;
               7
    >>>        8 function show_details(row) {
               9   var node = JX.$('row-details-' + row);
              10
              11   if (current_details !== null) {
```

Test Plan: `arc lint`

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11063
2014-12-30 02:51:36 -08:00
Joshua Spence
3f0bc79e0a Minor JavaScript fix
Summary: Currently, `editdata` is implicitly defined as a global variable (and JSHint complains about this). Instead, change it to be a local variable.

Test Plan: `arc lint` showed one less warning.

Reviewers: #blessed_reviewers, epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11062
2014-12-30 02:50:32 -08:00
Joshua Spence
e3b3662ce9 Minor indentation fixes
Summary: Some CSS files are indented inconsistently, with a single space instead of two.

Test Plan: N/A

Reviewers: #blessed_reviewers, epriestley, chad

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11061
2014-12-30 02:50:01 -08:00
Joshua Spence
0d1403833c Minor fixes for CSS linter issues
Summary: Fixes a few line length linter issues with CSS resources.

Test Plan: `arc lint`

Reviewers: #blessed_reviewers, epriestley, chad

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11060
2014-12-30 02:48:26 -08:00
Alex Monk
102e431feb Migrate Maniphest task blockers to modern EdgeType classes
Summary:
Prevents "edited tasks, added: 1; removed: 1"

Fixes T6757, using D9839 as an example

Test Plan: Added and removed blockers to/from tasks, saw the expected history entries.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Maniphest Tasks: T6757

Differential Revision: https://secure.phabricator.com/D11045
2014-12-28 06:40:39 -08:00
Bob Trahan
9219645287 Daemons - add "objectPHID" to task tables.
Summary: Ref T5402. This more or less "fixes" it but there's probably some polish to do?

Test Plan:
stopped and started daemons. error logs look good.

ran bin/storage upgrade.  noted that `adjust` added the appropriate indices for active and archive task.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T5402

Differential Revision: https://secure.phabricator.com/D11044
2014-12-23 16:30:05 -08:00
Chad Little
06a3cf04fe Catch undefinied title attribute in lightbox
Summary: If the image name in not defined, don't set it. Fixes T6793

Test Plan: View a lightboxed image, no 'undefined' alt tag

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T6793

Differential Revision: https://secure.phabricator.com/D11037
2014-12-23 09:28:57 -08:00
Fabian Stelzer
2fedb6f941 Start phd daemons as the correctly configured user and refuse otherwise
Summary:
Fixes T5196
If no phd.user is configured the behaviour is unchanged besides printing a warning when run as root (Usually i would add an exit(1) here but that would break existing installs who do that).
If phd.user is set and the current user is root it will run the daemon as: su USER -c "command" (I'm not sure if this works for every platform needed)
Otherwise it will refuse to start if configured and current user mismatch.

Test Plan: Stopped & Started phd daemon with various users and different phd.user settings including root

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: vinzent, epriestley

Maniphest Tasks: T5196

Differential Revision: https://secure.phabricator.com/D11036
2014-12-23 08:15:51 -08:00
Bob Trahan
e76499bbbb Maniphest - kill TYPE_PROJECTS
Summary: Fixes T5245. Migrate old TYPE_PROJECTS transaction to new style edge transactions. Kill remaining rendering code.

Test Plan:
issued some fun queries to get some old-style transaction in my install:

```
// go from nothing to 1
INSERT INTO maniphest_transaction (phid, authorPHID, objectPHID, viewPolicy, editPolicy, commentVersion, transactionType, oldValue, newValue, contentSource, metadata, dateCreated, dateModified)
VALUES ('PHID-XACT-TASK-000000000000000', 'PHID-USER-zo35vxnoi4bxqak6yqhc', 'PHID-TASK-hb5wphctibxxqryo6ssi', 'users', 'users', 0, 'projects', '[]', '["PHID-PROJ-4teaxbjk5okv7mdz2qlx"]', '', '{}', 1419274578, 1419274578)

// go from 1 to 2
INSERT INTO maniphest_transaction (phid, authorPHID, objectPHID, viewPolicy, editPolicy, commentVersion, transactionType, oldValue, newValue, contentSource, metadata, dateCreated, dateModified)
VALUES ('PHID-XACT-TASK-111111111111111', 'PHID-USER-zo35vxnoi4bxqak6yqhc', 'PHID-TASK-hb5wphctibxxqryo6ssi', 'users', 'users', 0, 'projects', '["PHID-PROJ-4teaxbjk5okv7mdz2qlx"]', '["PHID-PROJ-4teaxbjk5okv7mdz2qlx", "PHID-PROJ-a7giqlyyfirqswg6gn6x"]', '', '{}', 1419274580, 1419274580)

// swap 1 for 1 with 2 in set
INSERT INTO maniphest_transaction (phid, authorPHID, objectPHID, viewPolicy, editPolicy, commentVersion, transactionType, oldValue, newValue, contentSource, metadata, dateCreated, dateModified)
VALUES ('PHID-XACT-TASK-222222222222222', 'PHID-USER-zo35vxnoi4bxqak6yqhc', 'PHID-TASK-hb5wphctibxxqryo6ssi', 'users', 'users', 0, 'projects', '["PHID-PROJ-4teaxbjk5okv7mdz2qlx", "PHID-PROJ-a7giqlyyfirqswg6gn6x"]', '["PHID-PROJ-4teaxbjk5okv7mdz2qlx", "PHID-PROJ-cety4gr55gpxzhwtrkhx"]', '', '{}', 1419274582, 1419274582)

// go from 2 to 1
INSERT INTO maniphest_transaction (phid, authorPHID, objectPHID, viewPolicy, editPolicy, commentVersion, transactionType, oldValue, newValue, contentSource, metadata, dateCreated, dateModified)
VALUES ('PHID-XACT-TASK-333333333333333', 'PHID-USER-zo35vxnoi4bxqak6yqhc', 'PHID-TASK-hb5wphctibxxqryo6ssi', 'users', 'users', 0, 'projects', '["PHID-PROJ-4teaxbjk5okv7mdz2qlx", "PHID-PROJ-cety4gr55gpxzhwtrkhx"]', '["PHID-PROJ-4teaxbjk5okv7mdz2qlx"]', '', '{}', 1419274584, 1419274584)
```

took a screenshot. ran the migration script and compared the screenshots and things looked correctly migrated...!

old style:

{F255408}

new style:

{F255407}

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T5245

Differential Revision: https://secure.phabricator.com/D11032
2014-12-22 11:54:02 -08:00
Chad Little
a6f63c0fa2 leafy greens 2014-12-22 07:09:43 -08:00
Chad Little
b925f42c55 Remove docs sprite, replace with FontAwesome
Summary: Removes the docs sprite in Conpherence with FontAwesome, adds additional icons. Unsure what happens if someone customized this config option.

Test Plan: Added images and files to a Conpherence, saw new icons.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11028
2014-12-20 20:59:24 -08:00
Chad Little
740e47f77b Remove button bar sprite images
Summary: These were converted to FontAwesome, but the images remained. Also removing a stray apps sprite (unused).

Test Plan: Visit button bar UIExample, Calendar. No issues. Grep codebase.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11026
2014-12-20 11:13:46 -08:00
Chad Little
1e0f1f4936 Remove payments sprite
Summary: Removes unused payments sprite and code, also some unused conpherence generated images. We use images in login (and could use FontAwesome, maybe).

Test Plan: grep codebase, pull up uiexamples icons page

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11025
2014-12-20 09:44:53 -08:00
Chad Little
f07f7bfaa4 Remove unused Conpherence sprites
Summary: These were refactored out a while ago

Test Plan: Grep codebase, use Conpherence on desktop, mobile.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11023
2014-12-20 07:44:50 -08:00
Chad Little
ab4207a2c5 Darken footer color
Summary: Ref T6792, uses slightly darker color as a base.

Test Plan: n/a

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T6792

Differential Revision: https://secure.phabricator.com/D11022
2014-12-19 15:56:09 -08:00
Chad Little
fe0c1adf0e Use darker text color in blockquote
Summary: Ref T6792, make blockquote text use darkblue, not blue.

Test Plan: Quote a bunch of text

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T6792

Differential Revision: https://secure.phabricator.com/D11018
2014-12-19 14:05:47 -08:00
Bob Trahan
9141da84c8 Maniphest - convert old CC transactions to modern SUBSCRIBER transactions
Summary: database migration + drop old view code. Fixes T5604.

Test Plan: grepped src/ for TYPE_CCS (no hits); viewed some tasks with old cc transactions and noted they still rendered correctly post data conversion

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T5604

Differential Revision: https://secure.phabricator.com/D11015
2014-12-18 14:42:46 -08:00
Chad Little
8ff9d52a59 Fix property list stacked UI
Summary: The stacked version of property lists is supposed to display like a normal definition list.

Test Plan: Test the stacked layout in Herald.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11014
2014-12-18 14:42:26 -08:00
epriestley
d2df3064bc Allow Almanac services to be locked
Summary:
Fixes T6741. This allows Almanac services to be locked from the CLI. Locked services (and their bindings, interfaces and devices) can not be edited. This serves two similar use cases:

  - For normal installs, you can protect cluster configuration from an attacker who compromises an account (or generally harden services which are intended to be difficult to edit).
  - For Phacility, we can lock externally-managed instance cluster configuration without having to pull any spooky tricks.

Test Plan:
  - Locked and unlocked services.
  - Verified locking a service locks connected properties, bindings, binding properties, interfaces, devices, and device properties.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T6741

Differential Revision: https://secure.phabricator.com/D11006
2014-12-18 14:31:36 -08:00
Chad Little
0d4a13f9ca Make label color and byline color match in ObjectItemList
Summary: We're using two different greys here.

Test Plan:
Inspect both elements, now serving the same grey.

{F253237}

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D11009
2014-12-18 11:08:04 -08:00
epriestley
3fa519da74 Allow Almanac service types to define default properties
Summary:
Ref T5833. This allows Almanac ServiceTypes to define default properties for a service, which show up in the UI and are more easily editable.

Overall, this makes it much easier to make structured/usable/consistent service records: you can check a checkbox that says "prevent new allocations" instead of needing to know the meaning of a key.

Test Plan: {F251593}

Reviewers: chad, btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5833

Differential Revision: https://secure.phabricator.com/D10996
2014-12-17 11:10:50 -08:00
epriestley
c85327ca3e Give AlmanacServices a service type
Summary:
Ref T5833. This allows services to be typed, to distinguish between different kinds of services. This makes a few things easier:

  - It's easier for clients to select the services they're interested in (see note in T5873 about Phacility). This isn't a full-power solution, but gets is some of the way there.
  - It's easier to set appropriate permissions around when modifications to the Phabricator cluster are allowed. These service nodes need to be demarcated as special in some way no matter what (see T6741). This also defines a new policy for users who are permitted to create services.
  - It's easier to browse/review/understand services.
  - Future diffs will allow ServiceTypes to specify more service structure (for example, default properties) to make it easier to configure services correctly. Instead of a free-for-all, you'll get a useful list of things that consumers of the service expect to read.

The "custom" service type allows unstructured/freeform services to be created.

Test Plan:
  - Created a new service (and hit error cases).
  - Edited an existing service.
  - Saw service types on list and detail views.
  - Poked around new permission stuff.
  - Ran `almanac.queryservices` with service class specification.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5833

Differential Revision: https://secure.phabricator.com/D10995
2014-12-17 11:10:27 -08:00
epriestley
39f2bbaeea Add Conduit Tokens to make authentication in Conduit somewhat more sane
Summary:
Ref T5955. Summary of intended changes:

**Improve Granularity of Authorization**: Currently, users have one Conduit Certificate. This isn't very flexible, and means that you can't ever generate an API token with limited permissions or IP block controls (see T6706). This moves toward a world where you can generate multiple tokens, revoke them individually, and assign disparate privileges to them.

**Standardize Token Management**: This moves Conduit to work the same way that sessions, OAuth authorizations, and temporary tokens already work, instead of being this crazy bizarre mess.

**Make Authentication Faster**: Authentication currently requires a handshake (conduit.connect) to establish a session, like the web UI. This is unnecessary from a security point of view and puts an extra round trip in front of all Conduit activity. Essentially no other API anywhere works like this.

**Make Authentication Simpler**: The handshake is complex, and involves deriving hashes. The session is also complex, and creates issues like T4377. Handshake and session management require different inputs.

**Make Token Management Simpler**: The certificate is this huge long thing right now, which is not necessary from a security perspective. There are separate Arcanist handshake tokens, but they have a different set of issues. We can move forward to a token management world where neither of these problems exist.

**Lower Protocol Barrier**: The simplest possible API client is very complex right now. It should be `curl`. Simplifying authentication is a necessary step toward this.

**Unblock T2783**: T2783 is blocked on nodes in the cluster making authenticated API calls to other nodes. This provides a simpler way forward than the handshake mess (or enormous-hack-mess) which would currently be required.

Test Plan:
  - Generated tokens.
  - Generated tokens for a bot account.
  - Terminated tokens (and for a bot account).
  - Terminated all tokens (and for a bot account).
  - Ran GC and saw it reap all the expired tokens.

NOTE: These tokens can not actually be used to authenticate yet!

{F249658}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5955

Differential Revision: https://secure.phabricator.com/D10985
2014-12-15 11:14:23 -08:00
epriestley
4505724cc4 Allow repositories to be bound to an AlmanacService
Summary:
Ref T2783. This is primarily exploratory and just figuring out what we're blocked on:

  - Allow a Repository to be bound to a Service. The Service may eventually define multiple read/write nodes, etc.
    - There's no UI to do this binding yet, you have to touch the database manually.
  - If a repository is bound to a Service, effect Conduit calls via calls to the remote service instead of executing them in-process.
    - These don't actually work yet since there's no authentication (see T5955).

Test Plan:
  - Made a nice Service with a nice Binding to a nice Interface on a nice Device.
  - Force-associated a repository with the service using a raw MySQL query.
  - Saw Phabricator try to make a remote call to the service (on localhost) and fail because of missing auth stuff.
  - Also ran `almanac.queryservices`.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T2783

Differential Revision: https://secure.phabricator.com/D10982
2014-12-12 12:07:11 -08:00
Bob Trahan
3a85d0bf5a Transactions - change show all key from "~" to "@"
Summary: (some) international keyboard layouts can not type "~" in a way as to trigger this so use "@" instead. Save the suggested "+" as that seems like it would be useful for some future "adding stuff" keyboard workflow. Pretty stoked to get this squared away as I am quite confident our unreleased product will now be a huge smashing success. Ref T6683.

Test Plan: made sure my choice was okay via https://en.wikipedia.org/wiki/Dead_key#Dead_keys_on_various_keyboard_layouts; used the "@" key to show all transactions

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T6683

Differential Revision: https://secure.phabricator.com/D10983
2014-12-12 11:23:56 -08:00
Chad Little
e63b62fa78 Properly ensure timeline items have a 1px spacer
Summary: Some browsers, mobile, didn't show 1px space between objects (due to font renderings). This enforces the size for consistent cross-browser display.

Test Plan: Test IE10

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D10970
2014-12-11 07:52:23 -08:00
Bob Trahan
7d96870570 Maniphest - use subscribers framework properly
Summary: Fixes T5604. This should fix some random bugs, lets us move forward more easily, and all that good stuff about killing code debt.

Test Plan:
- Conduit method maniphest.createtask
  - verified creating user subscribed
  - verified subscription transaction
- Conduit method maniphest.update
  - verified subscribers set as specified to ccPHIDs parameter
  - verified subscription transaction
- Herald
  - verified herald rule to add subscriber worked
  - verified no subscribers removed accidentally
- edit controller
  - test create and verify author gets added IFF they put themselves in subscribers control box
  - test update gets set to exactly what user enters
- lipsum generator'd tasks work
- bulk add subscribers works
- bulk remove subscriber works
- detail controller
  - added myself by leaving a comment
  - added another user via explicit action
  - added another user via implicit mention
- task merge via search attach controller
- mail reply handler
  - add subscriber via ./bin/mail receive-test
  - unsubscribe via ./bin/mail receive-test

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T5604

Differential Revision: https://secure.phabricator.com/D10965
2014-12-10 16:27:30 -08:00
epriestley
3297bc2ed9 Implement more correct white-icon menu behavior
Summary: I didn't get this quite right.

Test Plan:
  - Clicked to open, saw white, then closed by:
    - Clicking document outside menu;
    - clicking menu icon again;
    - clicking a different menu icon.
  - In all three cases, got correct close + un-white behavior.

Reviewers: chad

Reviewed By: chad

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D10967
2014-12-10 16:26:40 -08:00
epriestley
eb9c3c6663 Make alert icons stay white while menus are open
Summary: I think this is what you're after?

Test Plan: clicky clicky

Reviewers: chad

Reviewed By: chad

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D10966
2014-12-10 16:11:32 -08:00
Bob Trahan
9b865f18e8 Transactions - make "show older" area bigger and include keyboard command
Summary: Fixes T6683.

Test Plan: clicked the yellow box and it worked! pressed '~' and it worked!

Reviewers: epriestley, chad

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T6683

Differential Revision: https://secure.phabricator.com/D10932
2014-12-10 12:12:38 -08:00
Chad Little
6a0ec944a1 On narrow dashboard columns, don't show col2 of obj-item
Summary: Hides the second column of info on narrow (33%) columns on dashboards on object-items.

Test Plan:
Tested a narrow left and narrow right column, 160px is gained back.

{F248276}

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D10962
2014-12-10 11:40:56 -08:00
Chad Little
786c7b0df6 Have home dashboards go to single column on narrow desktops
Summary: Ref T6723. Because of the sidenav, some dashboard layouts may perform poorly on more narrow desktop displays. This provides an additional media query and CSS rules.

Test Plan:
Move viewport to 1001 px, see desktop, move to 999 pixels, see tablet-like display.

{F248158}

{F248159}

{F248160}

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T6723

Differential Revision: https://secure.phabricator.com/D10956
2014-12-10 08:51:09 -08:00
Chad Little
9d062044e7 Remove Remarkup icons from source
Summary: These are not used

Test Plan: grep codebase

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D10938
2014-12-09 11:24:59 -08:00