1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-17 20:32:41 +01:00
Commit graph

13309 commits

Author SHA1 Message Date
epriestley
ded641ae32 Add basic per-object privacy policies
Summary:
Provides a basic start for access policies. Objects expose various capabilities, like CAN_VIEW, CAN_EDIT, etc., and set a policy for each capability. We currently implement three policies, PUBLIC (anyone, including logged-out), USERS (any logged-in) and NOONE (nobody). There's also a way to provide automatic capability grants (e.g., the owner of an object can always see it, even if some capability is set to "NOONE"), but I'm not sure how great the implementation feels and it might change.

Most of the code here is providing a primitive for efficient policy-aware list queries. The problem with doing queries naively is that you have to do crazy amounts of filtering, e.g. to show the user page 6, you need to filter at least 600 objects (and likely more) before you can figure out which ones are 500-600 for them. You can't just do "LIMIT 500, 100" because that might have only 50 results, or no results. Instead, the query looks like "WHERE id > last_visible_id", and then we fetch additional pages as necessary to satisfy the request.

The general idea is that we move all data access to Query classes and have them do object filtering. The ID paging primitive allows efficient paging in most cases, and the executeOne() method provides a concise way to do policy checks for edit/view screens.

We'll probably end up with mostly broader policy UIs or configuration-based policies, but there are at least a few cases for per-object privacy (e.g., marking tasks as "Security", and restricting things to the members of projects) so I figured we'd start with a flexible primitive and the simplify it in the UI where we can.

Test Plan: Unit tests, played around in the UI with various policy settings.

Reviewers: btrahan, vrana, jungejason

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D2210
2012-04-14 10:13:29 -07:00
Bob Trahan
6be9f6f3a8 Make Maniphest Transaction preview tokenizer aware
Summary:
...pretty sure the JS is too hack-tastic but it works...! :D

also fixed a small error from assert_instances_of change where a null value is all errors and what have you

Test Plan: played around with tasks in firefox and safari. made cc, owner, and project changes, as well as priority, etc.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Maniphest Tasks: T1074

Differential Revision: https://secure.phabricator.com/D2234
2012-04-14 07:05:58 -07:00
Bob Trahan
304948f039 some fixes for code layout doc
Summary: use arc layout, include about the __tests__ folder, upsell unit testing

Test Plan: read the docs!

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2235
2012-04-14 07:05:29 -07:00
Bob Trahan
5b32a19a08 fixing a typo
Test Plan: verus is wrong; versus is correct

Reviewers: vrana

CC:
2012-04-13 09:51:52 -07:00
Bob Trahan
9bfb28253e Add a phabricator code layout doc
Summary: tried to cover the basics and sprinkle in lots of class references, etc. would really appreciate feedback...!  :D

Test Plan: read the docs!

Reviewers: epriestley, vrana

Reviewed By: vrana

CC: aran

Maniphest Tasks: T359

Differential Revision: https://secure.phabricator.com/D2223
2012-04-13 09:49:12 -07:00
vrana
4af3bb9f4b Allow View Standalone in Diff preview
Test Plan: Click View Standalone.

Reviewers: epriestley, jungejason

Reviewed By: jungejason

CC: aran

Differential Revision: https://secure.phabricator.com/D2225
2012-04-12 22:35:13 -07:00
vrana
50e3114896 Link to TOC in very large diff link
Test Plan: Visit the link.

Reviewers: epriestley, jungejason

Reviewed By: jungejason

CC: aran

Differential Revision: https://secure.phabricator.com/D2224
2012-04-12 22:04:13 -07:00
Bob Trahan
4e97491ee3 Various documentation updates focused around surfacing feedback article
Summary:
missed doing this for phame, so i poked around a bit and added it to
similar verbage as well as to a few "Next Steps" where I thought the feedback
might be provocative.

Test Plan: read the docs

Reviewers: vrana, epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2220
2012-04-12 19:09:33 -07:00
vrana
17b0277ec5 Fix SVN commit change parser for files moved from deleted directory
Summary: This is not perfect. Moved files are reported as deleted but I'm happy with it.

Test Plan: Reparsed two commits which was previously wrong, now semi-correct.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Maniphest Tasks: T1114

Differential Revision: https://secure.phabricator.com/D2215
2012-04-12 17:47:19 -07:00
epriestley
9a29107d01 Properly detect InnoDB setups which are "NO" or "DISABLED"
Summary: See D2160, http://dev.mysql.com/doc/refman/5.5/en/show-engines.html

Test Plan: Ran setup.

Reviewers: vrana, btrahan

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D2219
2012-04-12 13:44:19 -07:00
vrana
88cba92477 Fix English
Summary: I usually don't dare to fix English but this one doesn't seem correct even to me.

Test Plan: Read.

Reviewers: epriestley, jungejason

Reviewed By: jungejason

CC: aran

Differential Revision: https://secure.phabricator.com/D2214
2012-04-12 13:38:14 -07:00
Bob Trahan
51418900f7 Phame V1 - Phabricator blogging software
Summary:
'cuz we need to be phamous!

V1 feature set

- posts
-- standard thing you'd expect - a title and a remarkup-powered body and...
-- "phame" title - a short string that can be used to reference the story. this gets auto-updated when you mess with the title.
-- configuration - for now, do you want Facebook, Disqus or no comments? this is a per-post thing but feeds from an instance-wide configuration

Please do toss out any must have features or changes.

Test Plan: played around with this bad boy like whoa

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, vrana

Maniphest Tasks: T1111

Differential Revision: https://secure.phabricator.com/D2202
2012-04-12 13:09:04 -07:00
vrana
3d6b8bff34 Fix reticle with edit inline comment
Test Plan:
- Hover left comment on diff of diff.
- Hover right comment on diff of diff.
- Hover inline comment preview.
- Hover inline comment edit.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Maniphest Tasks: T1076

Differential Revision: https://secure.phabricator.com/D2213
2012-04-12 11:42:50 -07:00
epriestley
c458768415 Fix various threading issues, particularly in Gmail
Summary:
  - Add an explicit multiplexing option, and enable it by default. This is necessary for Mail.app to coexist with other clients ("Re:" breaks outlook at the very least, and generally sucks in the common case), and allows users with flexible clients to enable subject variance.
  - Add an option for subject line variance. Default to not varying the subject, so mail no longer says [Committed], [Closed], etc. This is so the defaults thread correctly in Gmail (not entirely sure this actually works).
  - Add a preference to enable subject line variance.
  - Unless all mail is multiplexed, don't enable or respect the "Re" or "vary subject" preferences. These are currently shown and respected in non-multiplex cases, which creates inconsistent results.

NOTE: @jungejason @nh @vrana This changes the default behavior (from non-multiplexing to multiplexing), and might break Facebook's integration. You should be able to keep the same behavior by setting the options appropriately, although if you can get the new defaults working they're probably better.

Test Plan:
Send mail from Maniphest, Differential and Audit. Updated preferences. Enabled/disabled multiplexing. Things seem OK?

NOTE: I haven't actually been able to repro the Gmail threading issue so I'm not totally sure what's going on there, maybe it started respecting "Re:" (or always has), but @cpiro and @20after4 both reported it independently. This fixes a bunch of bugs in any case and gives us more conservative set of defaults.

I'll see if I can buff out the Gmail story a bit but every client is basically a giant black box of mystery. :/

Reviewers: btrahan, vrana, jungejason, nh

Reviewed By: btrahan

CC: cpiro, 20after4, aran

Maniphest Tasks: T1097, T847

Differential Revision: https://secure.phabricator.com/D2206
2012-04-12 09:31:03 -07:00
Aizat Faiz
f0e89b7723 Fix typo 'retrive' to 'retrieve'. 2012-04-12 17:17:30 +08:00
vrana
0ad7a01b8d Add typehints to queryfx() et al.
Test Plan: /D123

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2203
2012-04-11 12:02:11 -07:00
epriestley
cd2bca664c Detect alternate Danish outlook reply pattern
Summary: Sometimes we get a lowercase "Meddelelse" in Danish outlook. Relax the patterns since the risk of hitting false positives here is essentially nonexistant.

Test Plan: Unit tests.

Reviewers: davidreuss, btrahan, vrana

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D2205
2012-04-11 10:31:04 -07:00
Edward Speyer
8f70d891fa AphrontFormSelectControl: Add <optgroup> to <select>
Summary:
Add <optgroup> style selects, if the array of options is actually an
array-of-arrays.

Test Plan: Made one, it looked OK.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2177
2012-04-10 21:35:51 -07:00
vrana
dea4901bb6 Unrequire filling Owners in Owners tool
Summary:
Owners field is filled by Primary Owner which is required.
So that it is not neccessary to require filling Owners explicitly.

Test Plan: Don't fill Owners and successfully save the form //before// this change.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2201
2012-04-10 21:30:56 -07:00
epriestley
2360504462 Fix null test plan database error
Summary:
Some Differential fields are not nullable; when Test Plan is switched to non-required mode we can end up trying to save a null value to a non-nullable column (see D2193).

(I should probably just alter the schema to make these fields nullable, but that might have farther-reaching effects.)

Test Plan: Reproduced error, applied patch, no more error.

Reviewers: btrahan, vrana, jungejason

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D2200
2012-04-10 16:54:05 -07:00
epriestley
28dfeeb5d5 Make sure exceptions are surfaced from setup
Summary: If setup throws an exception, we may swallow it currently. Make sure it's printed.

Test Plan: Changed "git" to "qit" to force a command failure, ran setup, got a more useful error.

Reviewers: btrahan, vrana, jungejason

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D2197
2012-04-10 15:39:59 -07:00
vrana
01bd844926 Display cursor hand on line number in revision but not in standalone view
Summary: Partially broken by D2166.

Test Plan:
Hover line number in revision.
Hover line number in standalone view.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2196
2012-04-10 15:05:54 -07:00
Bob Trahan
1175784d5d PhabricatorSlug
Summary:
This is to be used in Phame so the logic is shared where possible. The change has three main things going on

- broke out functionality from PhrictionDocument that isn't Phriction specific.
- swept up code base to use new PhabricatorSlug class.
- altered the regex ever so slightly per discussion and http://stackoverflow.com/questions/2028022/javascript-how-to-convert-unicode-string-to-ascii

I think maybe we should punt on unicode here for quite a bit -- http://www.456bereastreet.com/archive/201006/be_careful_with_non-ascii_characters_in_urls/ -- but we'll be well-positioned to add it with the code here.

Test Plan: used phriction to create, edit, view documents. used a tool (codemod) for the codebase sweeping

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2195
2012-04-10 14:18:20 -07:00
epriestley
01907bcccc Allow "Test Plan" to be disabled in config
Summary:
This is a somewhat common request, and far more difficult than necessary currently.

I think the field is useful enough to leave it default-enabled, but there's wide diversity in testing philosophy.

Test Plan: Verified "test plan" field appeared. Disabled config. Verified "test plan" field vanished.

Reviewers: btrahan, vrana, jungejason

Reviewed By: vrana

CC: aran, asouza

Differential Revision: https://secure.phabricator.com/D2193
2012-04-10 13:36:05 -07:00
epriestley
5f615c1e6e Fix a warning when viewing a revision not attached to a repository
Summary: We'll get a typehint warning on the repository if there's no repository. Check outside the method instead.

Test Plan: Loaded page, no warning.

Reviewers: btrahan, vrana, jungejason

Reviewed By: vrana

CC: aran

Differential Revision: https://secure.phabricator.com/D2194
2012-04-10 13:34:31 -07:00
epriestley
fe9ba6bc67 Improve DifferentialRevisionQuery and add the ability to query by arcanist project
Summary:
  - We currently post-filter by branches, but should do this in SQL. See T799.
  - We currently identify branch-name-matches as being in the working copy even if they belong to a different project (e.g., two different projects with commits on the branch "master"). See T1100.
  - Denormalize branch and project information into DifferentialRevision.
  - Expose project information in the API.

Test Plan: Ran conduit API queries with branches and arc project IDs, got reasonable results.

Reviewers: btrahan, vrana, jungejason

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T1100, T799

Differential Revision: https://secure.phabricator.com/D2190
2012-04-10 12:51:34 -07:00
vrana
b5adde88d4 Simplify selecting authors and revisions in blame
Summary: Déjà vu: D1736.

Test Plan: Double click besides author in blame.

Reviewers: epriestley, jungejason

Reviewed By: jungejason

CC: aran

Differential Revision: https://secure.phabricator.com/D2166
2012-04-10 11:41:31 -07:00
vrana
935f3657b5 Allow %f2 and other escape sequences in editor link
Test Plan: Open in Editor.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2184
2012-04-10 11:36:37 -07:00
vrana
e87e1786a6 Fix docs links after D2181
Test Plan:
  diviner .

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2188
2012-04-10 11:33:26 -07:00
vrana
65fc2545a3 Fix line links to source codes of generated documentation
Test Plan:
  diviner .

Click on source code links.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2183
2012-04-10 11:31:52 -07:00
vrana
76b534b560 Don't fetch all commits without blame in Diffusion
Summary:
Otherwise useless query is executed:

  lang=sql
  SELECT c.*
  FROM `repository_commit` c
  ORDER BY c.epoch DESC

Test Plan: /diffusion/X/browse/x

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2186
2012-04-10 09:58:36 -07:00
vrana
347bc357fd Display Browse in Diffusion and Open in Editor links in commit detail
Test Plan:
/rX1
Browse in Diffusion
Open in Editor

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2180
2012-04-10 09:54:38 -07:00
epriestley
488b1cf641 Allow Maniphest queries to be saved
Summary:
There have been a couple of requests for this since bookmarks are "out this year like woah" and "totally uncool dude".

Allow users to save named custom queries and make them the /maniphest/ default if they so desire.

A little messy. :/

Test Plan: Saved, edited, deleted custom queries. Made custom query default; made 'no default' default. Verified default behavior. Issued a modified search from a custom query.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, epriestley, 20after4

Maniphest Tasks: T923, T1034

Differential Revision: https://secure.phabricator.com/D1964
2012-04-10 09:46:04 -07:00
vrana
62a172af90 Fix reticle
Summary:
Now I understand that [[ https://secure.phabricator.com/diffusion/P/browse/master/webroot/rsrc/js/application/differential/behavior-edit-inline-comments.js;32f12d1f8fb7aeca$174-176 | behavior-edit-inline-comments.js:174-176 ]] and [[ https://secure.phabricator.com/diffusion/P/browse/master/src/applications/differential/controller/changesetview/DifferentialChangesetViewController.php;32f12d1f8fb7aeca$72-99 | DifferentialChangesetViewController.php:72-99 ]] need to stay in sync:

- 1 - isOnRight equals isNewFile
- 1/-1 - left is new, right is missing
- 1/2 - both are new

Test Plan: Hover inline comment.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Maniphest Tasks: T1076

Differential Revision: https://secure.phabricator.com/D2179
2012-04-09 22:09:02 -07:00
epriestley
32f12d1f8f Don't fatal when generating patch emails for diffs with binaries
Summary:
When Phabricator is configured to generate patch email, we'll fatal if the patch contains binaries and is generating to Git because ArcanistBundle can't load the binary data. Provide a callback to load the data. See D2174.

(This may cause us to generate absolutely enormous emails, but you get what you asked for...)

Test Plan: Created a diff with an image under "send git patches" email configuration.

Reviewers: Makinde, btrahan, vrana, jungejason

Reviewed By: Makinde

CC: aran

Differential Revision: https://secure.phabricator.com/D2175
2012-04-09 17:35:01 -07:00
vrana
974b576df0 Fix whitespace 2012-04-09 16:57:17 -07:00
vrana
6d313a1676 Improve speed of user feed
Test Plan: /p/x/feed/

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Maniphest Tasks: T1099

Differential Revision: https://secure.phabricator.com/D2176
2012-04-09 16:01:16 -07:00
vrana
e69c8abc15 Don't set feed width on chromeless page
Summary: Otherwise browser displays horizontal scrollbar at http://phabricator.org/.

Test Plan:
Add this rule in Firebug and display http://phabricator.org/.

/feed/

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2173
2012-04-09 15:11:41 -07:00
vrana
32d2395a45 Unify links to www.phabricator.com and phabricator.com
Test Plan:
  scripts/sql/upgrade_schema.php

Verify links at /directory/2/.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Maniphest Tasks: T1096

Differential Revision: https://secure.phabricator.com/D2172
2012-04-09 14:32:03 -07:00
epriestley
a5903d2a53 Use head_key() and last_key() to explicitly communicate intent
Summary:
PHP arrays have an internal "current position" marker. (I think because foreach() wasn't introduced until PHP 4 and there was no way to get rid of it by then?)

A few functions affect the position of the marker, like reset(), end(), each(), next(), and prev(). A few functions read the position of the marker, like each(), next(), prev(), current() and key().

For the most part, no one uses any of this because foreach() is vastly easier and more natural. However, we sometimes want to select the first or last key from an array. Since key() returns the key //at the current position//, and you can't guarantee that no one will introduce some next() calls somewhere, the right way to do this is reset() + key(). This is cumbesome, so we introduced head_key() and last_key() (like head() and last()) in D2161.

Switch all the reset()/end() + key() (or omitted reset() since I was feeling like taking risks + key()) calls to head_key() or last_key().

Test Plan: Verified most of these by visiting the affected pages.

Reviewers: btrahan, vrana, jungejason, Koolvin

Reviewed By: jungejason

CC: aran

Differential Revision: https://secure.phabricator.com/D2169
2012-04-09 11:08:59 -07:00
vrana
db2fef4c87 Don't display "Foul Magicks" in Maniphest
Summary:
There was a typo:
`PHID-!!!!-NO_PROJECT` instead of
`PHID-!!!!-NO-PROJECT`

Also use `<em>` to differentiate from project named "(No Project)".

Test Plan:
/maniphest/report/project/
Click on (No Project).

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2167
2012-04-09 08:22:49 -07:00
vrana
aa0d0396a6 Highlighting blame is broken if there is an unavailable commit
Test Plan: .../PhotoSnowlift.js?view=blame

Reviewers: jungejason

Reviewed By: jungejason

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D2165
2012-04-09 01:14:36 -07:00
vrana
7451c1f6c9 Support NO_BACKSLASH_ESCAPES in escapeStringForLikeClause()
Summary: Also simplify this clunky code.

Test Plan: /owners/view/search/?name=%25

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2114
2012-04-08 21:37:31 -07:00
vrana
a662b09e73 Fix reticle with inline comments editor
Test Plan: Hover textarea in inline comment editor

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Differential Revision: https://secure.phabricator.com/D2152
2012-04-08 21:35:47 -07:00
vrana
13775fde01 Prefer external [[]] links in Remarkup
Test Plan: I didn't repro it probably because of custom rules.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran

Maniphest Tasks: T1090

Differential Revision: https://secure.phabricator.com/D2150
2012-04-08 21:33:25 -07:00
vrana
2c8e6f99bd Standardize mysql.configuration-provider
Summary: NOTE: BC break!

Test Plan: /

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, nh

Differential Revision: https://secure.phabricator.com/D2130
2012-04-08 21:32:15 -07:00
epriestley
6c1e2cd8b2 Minor, make sure burnup buckets are unique year-over-year
Auditors: btrahan, vrana, jungejason
2012-04-08 16:33:51 -07:00
epriestley
6eb91b2a0e Improve documentation for System Agents and other account roles
Summary: Explain this stuff better and add some documentation links.

Test Plan: Read documentation, viewed account edit interfaces.

Reviewers: btrahan, vrana, jungejason

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T834

Differential Revision: https://secure.phabricator.com/D2158
2012-04-08 15:10:00 -07:00
epriestley
62e41040f0 Improve exception behavior for storage engine failures
Summary: See T1021. Raise configuration or implementation exceptions immediately. When all engines fail, raise an aggregate exception with details.

Test Plan: Forced all engines to fail, received an aggregate exception. Forced an engine to fail with a config exception, recevied it immediately.

Reviewers: btrahan, vrana, jungejason

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T1021

Differential Revision: https://secure.phabricator.com/D2157
2012-04-08 15:07:34 -07:00
epriestley
06367c4801 Improve insert behavior for drag-and-drop and paste uploads
Summary: In Safari, Firefox and Chrome, respect cursor position and selection ranges.

Test Plan: Dragged-and-dropped files into the middle of text, end of text, and a selected text range in Safari, Firefox and Chrome. Copy/pasted files into similar cases in Chrome. Got expected, normal behavior in all cases.

Reviewers: btrahan, vrana, jungejason

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T1016

Differential Revision: https://secure.phabricator.com/D2155
2012-04-08 15:05:40 -07:00