1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2025-01-04 20:01:00 +01:00
Commit graph

5711 commits

Author SHA1 Message Date
epriestley
c72f3b4bf1 Lock uri.allowed-protocols in Config
Summary: This allows administrative overreach. Administrators can enable `javascript:` and then XSS things if this isn't locked.

Test Plan: Viewed value on web UI, verified it was locked.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D6975
2013-09-13 11:48:43 -07:00
epriestley
de10d91963 Make normalization of "#yolo" hashtags less aggressive
Summary: Fixes T3825. See that task for details.

Test Plan: Verified that `#\herp` no longer matches project `#herp`, but `#herp` still works fine.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3825

Differential Revision: https://secure.phabricator.com/D6970
2013-09-13 11:48:11 -07:00
epriestley
7a39ac43b4 Add a "list<regex>" config option and move regex config to it
Summary:
Fixes T3807. Several issues:

  - Currently, we split config of type `list<string>` on commas, which makes it impossible to enter a regex with a comma in it.
    - Split on newlines only.
  - Some of the examples are confusing (provided in JSON instead of the format you actually have to enter them).
    - Show examples in the same format you should enter text.
  - We didn't validate regexps.
    - Introduce `list<regex>` to validate regexes.

@hlau: Note that the old config format for the bugtraq stuff implied the delimiters on the regular expression. They are no longer implied. The examples show the correct format.

Test Plan: Viewed and edited affected config, hitting error and success cases.

Reviewers: btrahan

Reviewed By: btrahan

CC: hlau, aran

Maniphest Tasks: T3807

Differential Revision: https://secure.phabricator.com/D6969
2013-09-13 11:48:00 -07:00
Bob Trahan
ea0dc5625d Purge loadRelativeEdges
Summary:
Fixes T3821. Maybe. The existing code seemed to have a bug and actually return the //commit phid//. Judging by the function name this is not intended.

Also, sorry to step on toes here -- I thought no one was assigned and was curious about loadRelativeEdges and here we are...

Test Plan: lots of logic here as I have no idea how to use Releeph.

Reviewers: epriestley

Reviewed By: epriestley

CC: Korvin, aran

Maniphest Tasks: T3821

Differential Revision: https://secure.phabricator.com/D6967
2013-09-13 11:40:52 -07:00
Bob Trahan
c41c593388 Herald - make dry runs work for "apply once" rules after they have been applied
Summary: Fixes T3719

Test Plan: https://secure.phabricator.com/T3719#comment-7

Reviewers: epriestley

Reviewed By: epriestley

CC: Korvin, aran

Maniphest Tasks: T3719

Differential Revision: https://secure.phabricator.com/D6968
2013-09-13 11:38:49 -07:00
Chad Little
85424e7472 Small button dropdowns
Summary: Adds the small caret to differential. Cleans up dropdown frame.

Test Plan: Test caret in differential.

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: Korvin, aran

Differential Revision: https://secure.phabricator.com/D6983
2013-09-13 10:48:02 -07:00
epriestley
b38a688cf7 Ignore failures when rebuilding project search index in Maniphest migration
Summary: See <https://github.com/facebook/phabricator/issues/386>. Just ignore any issues here, they aren't worth complaining about.

Auditors: btrahan
2013-09-13 09:39:46 -07:00
Chad Little
4a6efd36b4 Standard colors for progress bars
Summary: Consilidate some of the bar colors, used in Releeph?

Test Plan: UIExamples

Reviewers: epriestley

Reviewed By: epriestley

CC: Korvin, aran

Differential Revision: https://secure.phabricator.com/D6974
2013-09-13 08:29:16 -07:00
epriestley
eca3f44301 Make "pro" controller render results the same way the less-pro controller does
Summary: Swaps the rendering over to the current rendering. This is mostly copy/paste out of TaskListController, which is going to get nuked, with some cleanup.

Test Plan:
{F58064}

  - Ran a bunch of queries.
  - Viewed empty states.
  - Drag-and-dropped stuff.
  - (Batch editor / excel export need a tweak to run the new-style queries.)

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D6961
2013-09-12 16:58:09 -07:00
Chad Little
2b4cc8d360 Left and right CSS arrow
Summary: Let's try these out

Test Plan: Tested in Diviner

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: Korvin, aran

Differential Revision: https://secure.phabricator.com/D6965
2013-09-12 16:08:47 -07:00
Bob Trahan
0ce85df708 Make Herald have "exists" and "not exists" options for differential reviewers on commit rules
Summary: Fixes T1485.

Test Plan: made a herald rule for "not exists". committed to master with no diff. audit was triggered

Reviewers: epriestley

Reviewed By: epriestley

CC: Korvin, aran

Maniphest Tasks: T1485

Differential Revision: https://secure.phabricator.com/D6964
2013-09-12 16:00:09 -07:00
Bob Trahan
ab2ae9e47f Differential - make sure not to return change type header if we're not top level
Summary: Followup to D6924. Fixes T3824.

Test Plan: deleted a file in a diff. was able to view file content without JS errors

Reviewers: epriestley

Reviewed By: epriestley

CC: Korvin, aran

Maniphest Tasks: T3824

Differential Revision: https://secure.phabricator.com/D6963
2013-09-12 16:00:00 -07:00
Chad Little
35611f71f6 Fix icon buttons
Summary: Fix CSS classname

Test Plan: UIExamples

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: Korvin, aran

Differential Revision: https://secure.phabricator.com/D6962
2013-09-12 15:19:52 -07:00
epriestley
9b3520ea57 Add "group" to Maniphest "pro" search
Summary: This is the last missing filter.

Test Plan: Grouped results by a bunch of stuff.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D6960
2013-09-12 14:48:52 -07:00
epriestley
926b47ef70 Call array_unique() in Handle/Object queries
Summary: I think the old thing did this, but this makes queries a bit less ridiculous. For example, `secure.phabricator.com` currently issues a query for 664 handles on my task list, but only 73 of them are unique (basically, all the projects plus all the authors). This proably is slightly good for performance, but mostly makes the "Services" tab manageable.

Test Plan: Looked at Maniphest and some other pages, saw handles and objects where they were expected to be.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D6959
2013-09-12 14:48:24 -07:00
epriestley
ddfc6bbc9e Service "Group by: Project" in Maniphest out of a local index
Summary:
See discussion in D6955. Currently, the logic for "Group by: Project" is roughly:

  - Load every possible result.
  - Lots of in-process garbage.

Instead, use the new local project name index (from D6957) to service this query more reasonably. Basically:

  - Join a table which has keyed project names.
  - Order by that table.

Test Plan: {F58033}

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D6958
2013-09-12 13:08:25 -07:00
epriestley
e50eccf109 Provide and populate an object name index for Maniphest
Summary: See discussion in D6955. This provides a table we can JOIN against to (effectively) "ORDER BY project name", populates it intially, and keeps it up to date as projects are edited.

Test Plan:
  - Ran storage upgrade, verified projects populated into the table.
  - Edited a project, verified its entry updated.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D6957
2013-09-12 13:06:44 -07:00
epriestley
da50aef7f2 Add event dispatch for updated search indexes
Summary:
See discussion in D6955. Provide an event for applications and users to update secondary search indexes.

Facebook: I don't recall exactly how all the search stuff is rigged up, but this might provide a more practical / less fragile alternative. I think it publishes into ElasticSearch now, and then intern somehow handles the result merge at display time, implictly relying on Phabricator's storage format? A cleaner approach might be to publish a secondary "intern" index in a standard format.

Test Plan: Ran `bin/search index --type proj --trace`, saw events fire.

Reviewers: btrahan

Reviewed By: btrahan

CC: FacebookPOC, aran

Differential Revision: https://secure.phabricator.com/D6956
2013-09-12 13:05:54 -07:00
epriestley
e96201773d Index projects in the main search index
Summary:
Part one of a large and complicated plot:

  - The last filter for Maniphest "pro" queries is "Group By".
  - This is currently executed in a convoluted and ridiculous way, loading massive amounts of data.
  - The primary reason it works like it does is that we don't have a project name index available in Maniphest, so we can't sort in the DB.
  - So, I want to provide a name index to Maniphest and push this work to the DB.

To do that, my plan is:

  - Index projects in Search.
  - Add a "did update index" event.
  - Have Maniphest listen for it.
  - When projects are updated, update their indexes in Maniphest.
  - Rewrite the giant mess of "group by: project" to be somewhat reasonable.
  - This may also extend to some future "group by: assignee".

This is the first small step down this path, which just indexes projects in search.

Test Plan: Ran `bin/search index --type project`, then searched for projects.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D6955
2013-09-12 13:05:19 -07:00
epriestley
df86f87289 Add a "dateCreated" key to Maniphest
Summary: Depends on D6952. Unpunts there since I'm rolling into a swamp full of schema changes.

Test Plan: Issued date-constrained query and saw key as a candidate.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D6954
2013-09-12 13:04:31 -07:00
epriestley
8f8c61be31 Remove legacy "touched" table and indexing
Summary: Noticed this in the schema. "Touches" were an idea that never really got off the ground, as we built out more/better notification channels instead. Essentially, they recorded any object you'd ever interacted with. Maybe this will be useful some day, but for now it does nothing and can't be interacted with. Nuke it.

Test Plan: `grep`, loaded Maniphest.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D6953
2013-09-12 13:04:09 -07:00
epriestley
1c43fceffb Add date filtering to Maniphest "pro" search
Summary: Adds date created filtering. There's a task for this somewhere that I can't immediately find.

Test Plan: Filtered tasks.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D6952
2013-09-12 13:03:39 -07:00
epriestley
bdef58216e Restore project filtering to Maniphest "pro" search
Summary: Restores any/all/user/exclude project filters to the new search.

Test Plan: Filtered stuff by projects.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D6951
2013-09-12 13:03:14 -07:00
epriestley
f679ea7d7e Add "fulltext" to Maniphest pro search
Summary: Restores this field to the new ApplicationSearch-based search.

Test Plan: Used fulltext search to find tasks.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D6950
2013-09-12 13:03:05 -07:00
epriestley
a3c6e9aebf Move ManiphestTaskQuery into query/
Summary: Move this into a more consistent location.

Test Plan: Loaded Maniphest.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D6949
2013-09-12 13:02:55 -07:00
Chad Little
262edcc542 Swap file upload icon on Remarkup Bar
Summary: It's a cloud, with an arrow. Serious. Business.

Test Plan: reload page. marvel at my photosynthesis skillz

Reviewers: epriestley, btrahan

Reviewed By: epriestley

CC: Korvin, aran

Maniphest Tasks: T3746

Differential Revision: https://secure.phabricator.com/D6947
2013-09-11 21:22:12 -07:00
epriestley
da6cdc6bd0 Fix issue with loadRelativeEdges()
Summary: I'm going to just delete all this code at some point, but fixing it now means piles of single gets, so unbreak it first. I'll file something.

Test Plan: Releeph is less fataley.

Reviewers: andrewjcg, btrahan

Reviewed By: andrewjcg

CC: aran

Differential Revision: https://secure.phabricator.com/D6945
2013-09-11 17:24:02 -07:00
Bob Trahan
b902005bed Kill PhabricatorObjectDataHandle
Summary: Ref T603. Killing this class is cool because the classes that replace it are policy-aware. Tried to keep my wits about me as I did this and fixed a few random things along the way. (Ones I remember right now are pulling a query outside of a foreach loop in Releeph and fixing the text in UIExample to note that the ace of hearts if "a powerful" card and not the "most powerful" card (Q of spades gets that honor IMO))

Test Plan: tested the first few changes (execute, executeOne X handle, object) then got real mechanical / careful with the other changes.

Reviewers: epriestley

Reviewed By: epriestley

CC: Korvin, aran, FacebookPOC

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D6941
2013-09-11 12:27:28 -07:00
Bob Trahan
07b8becfc6 Policy - introduce parentQuery and pass around policy configuration from parent to child
Summary: Ref T603. Ref D6941.

Test Plan: Clicked around all over - looked good. I plan to re-test D6941 to make sure the executeOne case works now as intended

Reviewers: epriestley

Reviewed By: epriestley

CC: Korvin, aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D6944
2013-09-11 12:19:34 -07:00
Guy Warner
b23697eec9 PNG thumbnail compression
Summary: Fixes T3800

Test Plan: upload png and check size

Reviewers: epriestley

Reviewed By: epriestley

CC: Korvin, aran

Maniphest Tasks: T3800

Differential Revision: https://secure.phabricator.com/D6942
2013-09-11 09:31:28 -07:00
epriestley
0ce3121170 Continue not fataling on legacy Maniphest queries
Summary: Ref T3817. See that task for discussion.

Auditors: btrahan
2013-09-11 08:50:39 -07:00
epriestley
004edbaf7c Don't fatal after failing to load grouped projects in Maniphest
Summary: Fixes T3817. This junk is getting wiped out soon so I'm punting here
and fixing the symptom rather than the root cause.

Auditors: btrahan
2013-09-11 08:44:53 -07:00
Chad Little
1fa59c2e42 Tighten spacing on audit status icons
Summary: Less space

Test Plan: Checked out audit page.

Reviewers: epriestley

Reviewed By: epriestley

CC: Korvin, aran

Differential Revision: https://secure.phabricator.com/D6940
2013-09-10 15:47:56 -07:00
epriestley
b91508c045 Fix a second minor merge issue
Auditors: chad, btrahan
2013-09-10 15:42:37 -07:00
epriestley
a4c076ac79 Fix a minor merge issue with a class rename
Auditors: chad, btrahan
2013-09-10 15:41:39 -07:00
epriestley
a8171889bd Add "IDs" and "Priority" to pro search
Summary: Ref T2625. Restore these, too.

Test Plan: Executed queries using these fields.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2625

Differential Revision: https://secure.phabricator.com/D6937
2013-09-10 15:34:13 -07:00
epriestley
f386099735 Add support for "status" and "order" to pro search
Summary: Ref T2625. Further expands the "pro" search.

Test Plan: Used new options to query tasks.

Reviewers: btrahan, garoevans

Reviewed By: garoevans

CC: aran

Maniphest Tasks: T2625

Differential Revision: https://secure.phabricator.com/D6935
2013-09-10 15:34:11 -07:00
epriestley
8c9d61bedc Add "assigned" and "authors" to Maniphest pro search
Summary: Ref T2625. Moves this a step toward being able to replace the current search.

Test Plan: Used search interface.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2625

Differential Revision: https://secure.phabricator.com/D6934
2013-09-10 15:34:10 -07:00
epriestley
e814291526 Introduce ManiphestTaskSearchEngine plus ManiphestTaskListControllerPro
Summary:
Ref T603. Ref T2625. Cutting this over is tricky because of Maniphest's existing saved queries. Plan here is:

  - Build out the "pro" controller at `/maniphest/query/`.
  - Once it's at parity, migrate custom queries.
  - Nuke the old UI.

This provides a minimal implementation with no filter support.

Test Plan: Looked at `/maniphest/query/`, saw results technically available.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603, T2625

Differential Revision: https://secure.phabricator.com/D6933
2013-09-10 15:34:08 -07:00
epriestley
1f86c73428 Simplify policy filtering for projects and ObjectQuery
Summary:
Ref T603. Moves to detangle and optimize how we apply policies to filtering objects. Notably:

  - Add a short circuit for omnipotent users.
  - When performing project filtering, do a stricter check for user membership. We don't actually care if the user can see the project or not according to other policy constraints, and checking if they can may be complicated.
  - When performing project filtering, do a local check to see if we're filtering the project itself. This is a common case (a project editable by members of itself, for example) and we can skip queries when it is satisfied.
  - Don't perform policy filtering in ObjectQuery. All the data it aggregates is already filtered correctly.
  - Clean up a little bit of stuff in Feed.

Test Plan: Pages like the Maniphest task list and Project profile pages now issue dramatically fewer queries.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D6931
2013-09-10 15:34:07 -07:00
epriestley
1e42c62b8f Make ManiphestTaskQuery a (mostly) policy-aware query
Summary: Ref T603.

Test Plan: Viewed home and maniphest, fiddled all the knobs.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D6930
2013-09-10 15:34:06 -07:00
epriestley
a2571de575 Remove obsolete/deprecated withTaskIDs() / withTaskPHIDs()
Summary: Ref T603. These were deprecated some time ago in favor of the more standard withIDs() / withPHIDs().

Test Plan: `grep`, loaded some interfaces.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D6929
2013-09-10 15:34:04 -07:00
epriestley
e625c91867 Pass viewer to all ManiphestTaskQuery objects
Summary: Ref T603. Prepare for conversion to a policy-aware query.

Test Plan: Browsed various interfaces which use this stuff.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D6928
2013-09-10 15:34:03 -07:00
epriestley
5651141520 Make Maniphest custom fields extend PhabricatorCustomField
Summary:
Ref T418. These implementations share no method names, so we can safely just move Maniphest fields into the `PhabricatorCustomField` hierarchy.

Replaces two Maniphest-specific custom field exceptions which nothing catches.

Test Plan: Viewed Maniphest, edited/altered custom fields.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T418

Differential Revision: https://secure.phabricator.com/D6927
2013-09-10 15:31:48 -07:00
epriestley
e8126fa958 Don't mangle inline comments with tables in them in Differential
Summary:
Fixes T3814. Broadly, remarkup tables in inline comments did not work properly. I ran into several messes here and cleaned up some of them:

  - Some of this code is doing `JX.$N('div', {}, JX.$H(response.markup))`, to turn an HTML response into a node, passing that around, and then doing junk with it. This is super old and gross.
    - The slightly more modern pattern is `JX.$H(response.markup).getFragment().firstChild`, but this is kind of yuck too and not as safe as it could be.
    - Introduce `JX.$H(response.markup).getNode()`, which actually expresses intent here. We have a bunch of `getFragment().firstChild` callsites which should switch to this, but I didn't clean those up yet because I don't want to test them all.
    - Switch the `JX.$N('div', {}, JX.$H(response.markup))`-style callsites to `JX.$H(response.markup).getNode()`.
  - `copyRows()` is too aggressive in finding `<tr />` tags. This actually causes the bug in T3814. We only want to find these tags at top level, not all tags. Don't copy `<tr />` tags which belong to some deeper table.
  - Once this is fixed, there's another bug with mousing over the cells in tables in inline comments. We select the nearest `<td />`, but that's the cell in the remarkup table. Instead, select the correct `<td />`.
  - At this point, these last two callsites were looking ugly. I provided `findAbove()` to clean them up.

Test Plan: Created, edited, deleted, moused over, and reloaded a revision with inline comments including remarkup tables. Used "Show more context" links.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3814

Differential Revision: https://secure.phabricator.com/D6924
2013-09-10 15:31:32 -07:00
epriestley
51eb8a301a Clean up Diffusion repository list
Summary: Simplify rendering of the repository list. For inactive repositories, mark them disabled.

Test Plan: {F57615}

Reviewers: btrahan, rockybean

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D6921
2013-09-10 15:29:46 -07:00
epriestley
c74ebf9ce0 Restore repository shortcuts, for now
Summary:
These need to die soon since they're not structurally policy-aware, but keep them around for the moment until we can replace them.

There is no UI to create these, and only Facebook has them.

Test Plan: {F57614}

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D6920
2013-09-10 15:29:42 -07:00
epriestley
0da6321b2c Provide ordering options in Diffusion application search
Summary: Fixes T2298. Allows repositories to be ordered by name, callsign, commit, or date created. Slightly messy because of cursor paging.

Test Plan: Sorted commits.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2298

Differential Revision: https://secure.phabricator.com/D6919
2013-09-10 15:29:37 -07:00
epriestley
9872d57f87 Allow Diffusion repostories to be filtered by active/inactive status
Summary: Adds a status filter and makes the default query "active" repositories.

Test Plan: Used new filter to execute queries.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D6918
2013-09-10 15:26:23 -07:00
epriestley
904add9f44 Use ApplicationSearch in Diffusion
Summary:
Ref T2625. Switches Diffusion to ApplicationSearch. Notes:

  - Rendering is a bit rough, I'll clean that up next.
  - Ordering is a bit arbitrary, also coming shortly.

Test Plan: Used `/diffusion/` to execute various searches.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2625

Differential Revision: https://secure.phabricator.com/D6917
2013-09-10 15:26:08 -07:00