1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-22 23:02:42 +01:00
Commit graph

8741 commits

Author SHA1 Message Date
epriestley
288498f8d0 Add conduit.getcapabilities and a modern CLI handshake workflow
Summary:
Ref T5955.

  - Add `conduit.getcapabilities` to help arc (and other clients) determine formats, protocols, etc., the server supports.
  - Fixes T3117. Add a more modern version of the handshake workflow that allows all generated tokens to remain valid for an hour.
  - Generally, add a CLI token type. This token type expires after an hour when generated, then becomes permanent if used.

Test Plan:
  - See D10988.
  - Ran `conduit.getcapabilities` and inspected output.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T3117, T5955

Differential Revision: https://secure.phabricator.com/D10989
2014-12-15 11:14:53 -08:00
epriestley
0507626f01 Accept Conduit tokens as an authentication mechanism
Summary:
  - Ref T5955. Accept the tokens introduced in D10985 as an authentication token.
  - Ref T3628. Permit simple `curl`-compatible decoding of parameters.

Test Plan:
  - Ran some sensible `curl` API commands:

```
epriestley@orbital ~/dev/phabricator $ curl -g "http://local.phacility.com/api/user.whoami?api.token=api-f7dfpoyelk4mmz6vxcueb6hcbtbk" ; echo
{"result":{"phid":"PHID-USER-cvfydnwadpdj7vdon36z","userName":"admin","realName":"asdf","image":"http:\/\/local.phacility.com\/res\/1410737307T\/phabricator\/3eb28cd9\/rsrc\/image\/avatar.png","uri":"http:\/\/local.phacility.com\/p\/admin\/","roles":["admin","verified","approved","activated"]},"error_code":null,"error_info":null}
```

```
epriestley@orbital ~/dev/phabricator $ curl -g "http://local.phacility.com/api/differential.query?api.token=api-f7dfpoyelk4mmz6vxcueb6hcbtbk&ids[]=1" ; echo
{"result":[{"id":"1","phid":"PHID-DREV-v3a67ixww3ccg5lqbxee","title":"zxcb","uri":"http:\/\/local.phacility.com\/D1","dateCreated":"1418405590","dateModified":"1418405590","authorPHID":"PHID-USER-cvfydnwadpdj7vdon36z","status":"0","statusName":"Needs Review","branch":null,"summary":"","testPlan":"zxcb","lineCount":"6","activeDiffPHID":"PHID-DIFF-pzbtc5rw6pe5j2kxtlr2","diffs":["1"],"commits":[],"reviewers":[],"ccs":[],"hashes":[],"auxiliary":{"phabricator:projects":[],"phabricator:depends-on":[],"organization.sqlmigration":null},"arcanistProjectPHID":null,"repositoryPHID":null,"sourcePath":null}],"error_code":null,"error_info":null}
```

  - Ran older-style commands like `arc list` against the local install.
  - Ran commands via web console.
  - Added and ran a unit test to make sure nothing is using forbidden parameter names.
  - Terminated a token and verified it no longer works.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T3628, T5955

Differential Revision: https://secure.phabricator.com/D10986
2014-12-15 11:14:41 -08:00
epriestley
39f2bbaeea Add Conduit Tokens to make authentication in Conduit somewhat more sane
Summary:
Ref T5955. Summary of intended changes:

**Improve Granularity of Authorization**: Currently, users have one Conduit Certificate. This isn't very flexible, and means that you can't ever generate an API token with limited permissions or IP block controls (see T6706). This moves toward a world where you can generate multiple tokens, revoke them individually, and assign disparate privileges to them.

**Standardize Token Management**: This moves Conduit to work the same way that sessions, OAuth authorizations, and temporary tokens already work, instead of being this crazy bizarre mess.

**Make Authentication Faster**: Authentication currently requires a handshake (conduit.connect) to establish a session, like the web UI. This is unnecessary from a security point of view and puts an extra round trip in front of all Conduit activity. Essentially no other API anywhere works like this.

**Make Authentication Simpler**: The handshake is complex, and involves deriving hashes. The session is also complex, and creates issues like T4377. Handshake and session management require different inputs.

**Make Token Management Simpler**: The certificate is this huge long thing right now, which is not necessary from a security perspective. There are separate Arcanist handshake tokens, but they have a different set of issues. We can move forward to a token management world where neither of these problems exist.

**Lower Protocol Barrier**: The simplest possible API client is very complex right now. It should be `curl`. Simplifying authentication is a necessary step toward this.

**Unblock T2783**: T2783 is blocked on nodes in the cluster making authenticated API calls to other nodes. This provides a simpler way forward than the handshake mess (or enormous-hack-mess) which would currently be required.

Test Plan:
  - Generated tokens.
  - Generated tokens for a bot account.
  - Terminated tokens (and for a bot account).
  - Terminated all tokens (and for a bot account).
  - Ran GC and saw it reap all the expired tokens.

NOTE: These tokens can not actually be used to authenticate yet!

{F249658}

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5955

Differential Revision: https://secure.phabricator.com/D10985
2014-12-15 11:14:23 -08:00
epriestley
2c7be52fc2 Lock phabricator.show-prototypes
Summary:
Two goals:

  - If an attacker compromises an administrator account (without compromising the host itself), they can currently take advantage of vulnerabilities in prototype applications by enabling the applications, then exploiting the vulnerability. Locking this option requires CLI access to enable prototypes, so installs which do not have prototypes enabled have no exposure to security issues in prototype applications.
  - Making this very slightly harder to enable is probably a good thing, given the state of the world and support.

Test Plan: Verified that web UI shows the value is locked and instructs the user to update via the CLI.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D10993
2014-12-15 11:00:20 -08:00
epriestley
2037979142 Prevent Phame blogs from using invalid skins
Summary: Via HackerOne. An attacker with access to both Phame and the filesystem could potentially load a skin that lives outside of the configured skin directories, because we had insufficient checks on the actual skin at load time.

Test Plan: Attempted to build a blog with an invalid skin; got an exception instead of a mis-load of a sketchy skin.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D10992
2014-12-15 10:41:49 -08:00
epriestley
2a9db94ba6 Restore Maniphest subscriber transaction mail tag
Summary: Fixes T6748. This just didn't get aligned when CCs became a modern transaction.

Test Plan: Added a CC to a task, used `bin/mail show-outbound` to verify it showed up as a CC tag.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T6748

Differential Revision: https://secure.phabricator.com/D10991
2014-12-14 07:49:30 -08:00
epriestley
4505724cc4 Allow repositories to be bound to an AlmanacService
Summary:
Ref T2783. This is primarily exploratory and just figuring out what we're blocked on:

  - Allow a Repository to be bound to a Service. The Service may eventually define multiple read/write nodes, etc.
    - There's no UI to do this binding yet, you have to touch the database manually.
  - If a repository is bound to a Service, effect Conduit calls via calls to the remote service instead of executing them in-process.
    - These don't actually work yet since there's no authentication (see T5955).

Test Plan:
  - Made a nice Service with a nice Binding to a nice Interface on a nice Device.
  - Force-associated a repository with the service using a raw MySQL query.
  - Saw Phabricator try to make a remote call to the service (on localhost) and fail because of missing auth stuff.
  - Also ran `almanac.queryservices`.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T2783

Differential Revision: https://secure.phabricator.com/D10982
2014-12-12 12:07:11 -08:00
Bob Trahan
2b99b4add8 Home - limit "status" queries to 100 and show 99+ if we hit that
Summary: Fixes T6595. This diff has two issues as is... 1) the differential data fetching is pretty cheesey, but it looks like we can't just issue three separate databases to get the right data? 2) the translations break, since I am turning this into a string (and not an int) so the whole pluralization bit fails. I think 1 is okay as is and 2 needs to be fixed though I am not sure how to best do that...

Test Plan: loaded home page and it looked nice...!

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T6595

Differential Revision: https://secure.phabricator.com/D10979
2014-12-12 12:02:25 -08:00
Bob Trahan
905fc217b8 Phriction - validateTransactions that need parent ancestry to complete successfully
Summary:
Fixes T6651, T6682. Since policy is defined by ancestry, you can't make things outside the core tree.

An alternative fix would be to automagically stub everything in these cases. This has potential negative policy implications - consider making a public document with several levels of depth that automagically stubs out its ancestry as public - and additionally the PhabricatorApplicationTransactionEditor framework would make this very tricky code (i.e. you are expected to validateTransactions in said hook *and* return an error if things aren't valid and not do some automagic stubbing, etc.)

Test Plan: tried to move a doc from location/that/exists to locationz/thatz/dontz/existz/ and got an error message with links to each missing doc. tried to create a doc at locatonz/thatz/dontz/existsz/ and got an error message with links to each missing doc.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T6682, T6651

Differential Revision: https://secure.phabricator.com/D10978
2014-12-12 11:35:43 -08:00
Bob Trahan
3a85d0bf5a Transactions - change show all key from "~" to "@"
Summary: (some) international keyboard layouts can not type "~" in a way as to trigger this so use "@" instead. Save the suggested "+" as that seems like it would be useful for some future "adding stuff" keyboard workflow. Pretty stoked to get this squared away as I am quite confident our unreleased product will now be a huge smashing success. Ref T6683.

Test Plan: made sure my choice was okay via https://en.wikipedia.org/wiki/Dead_key#Dead_keys_on_various_keyboard_layouts; used the "@" key to show all transactions

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T6683

Differential Revision: https://secure.phabricator.com/D10983
2014-12-12 11:23:56 -08:00
Bob Trahan
dda8e64a3e Maniphest - load subscribers in getApplicationTransactionsObject
Summary: Fixes T6734. This is a very generic fix, which basically attaches the subscribers if necessary. This seems like a good idea given there's some crazy generic code doing this sort of thing? This would end up being a new pattern for these types of objects that may be loaded by a general object query but then get some editor action against them.

Test Plan: I can't actually reproduce this in my sandbox so I'll verify live again.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T6734

Differential Revision: https://secure.phabricator.com/D10976
2014-12-11 11:30:33 -08:00
epriestley
bc5598865f Fix a stray comma on File previews
Summary:
There's a comma to the lower-left of my profile picture here:

{F248962}

This is on a page like https://secure.phabricator.com/F248948

What's happening is that some `render()` method is returning a valid result like `array($stuff, null)`. This is getting passed to JS as an array, which is implicitly `join()`'ing it into a string, adding a comma.

Instead, make sure we render these to strings on the server side before shipping them to the client.

Test Plan: No more comma on file previews.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D10974
2014-12-11 11:10:52 -08:00
Bob Trahan
a2126631f3 Maniphest - fix bug updating tasks with blocked relationships
Summary: Ref T5604. Found this trying to open T5604 live. Basically this internal query needs the needSubscriberPHID set to true.

Test Plan: doing it live

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T5604

Differential Revision: https://secure.phabricator.com/D10975
2014-12-11 10:31:14 -08:00
Bob Trahan
b718b429af Transactions - make quotes work for older transactions
Summary: Fixes T6731. I don't really understand the intent behind the two view classes here, but to get this to work I need to pass yet more data to the lower-level class.

Test Plan: Viewed a task with many comments. Clicked "show older". Quoted everything I could. Verified for each quote that it quoted correctly, inlcuding linking to the prior transaction.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T6731

Differential Revision: https://secure.phabricator.com/D10973
2014-12-11 10:27:28 -08:00
Chad Little
f5301e8e94 Move 'Query' in Maniphest Search to be above the fold
Summary: (Needed a clean branch). Moves the field up and renames to Query

Test Plan: Visit Maniphest Search, see new field, test a query

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D10971
2014-12-11 08:57:31 -08:00
Chad Little
e63b62fa78 Properly ensure timeline items have a 1px spacer
Summary: Some browsers, mobile, didn't show 1px space between objects (due to font renderings). This enforces the size for consistent cross-browser display.

Test Plan: Test IE10

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D10970
2014-12-11 07:52:23 -08:00
epriestley
5050389fce Don't run Herald when applying inverse edge transactions
Summary: Fixes T6727. Repro is: mention a task on another task, in a comment.

The inverse edge editor applying the "alincoln mentioned this in <other task>" transaction doesn't have enough data to execute Herald rules.

Just don't try to execute the rules, since they don't make much sesne from a product perspective and are tricky from a technical perspective.

Test Plan: Commented on `T1` with `T2` in comment body and a Herald rule that examines subscribers.

Reviewers: btrahan

NOTE: Cowboy committing this since any task mention fatals.
2014-12-10 16:53:44 -08:00
Bob Trahan
7d96870570 Maniphest - use subscribers framework properly
Summary: Fixes T5604. This should fix some random bugs, lets us move forward more easily, and all that good stuff about killing code debt.

Test Plan:
- Conduit method maniphest.createtask
  - verified creating user subscribed
  - verified subscription transaction
- Conduit method maniphest.update
  - verified subscribers set as specified to ccPHIDs parameter
  - verified subscription transaction
- Herald
  - verified herald rule to add subscriber worked
  - verified no subscribers removed accidentally
- edit controller
  - test create and verify author gets added IFF they put themselves in subscribers control box
  - test update gets set to exactly what user enters
- lipsum generator'd tasks work
- bulk add subscribers works
- bulk remove subscriber works
- detail controller
  - added myself by leaving a comment
  - added another user via explicit action
  - added another user via implicit mention
- task merge via search attach controller
- mail reply handler
  - add subscriber via ./bin/mail receive-test
  - unsubscribe via ./bin/mail receive-test

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T5604

Differential Revision: https://secure.phabricator.com/D10965
2014-12-10 16:27:30 -08:00
epriestley
3297bc2ed9 Implement more correct white-icon menu behavior
Summary: I didn't get this quite right.

Test Plan:
  - Clicked to open, saw white, then closed by:
    - Clicking document outside menu;
    - clicking menu icon again;
    - clicking a different menu icon.
  - In all three cases, got correct close + un-white behavior.

Reviewers: chad

Reviewed By: chad

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D10967
2014-12-10 16:26:40 -08:00
epriestley
eb9c3c6663 Make alert icons stay white while menus are open
Summary: I think this is what you're after?

Test Plan: clicky clicky

Reviewers: chad

Reviewed By: chad

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D10966
2014-12-10 16:11:32 -08:00
lkassianik
aeb4267b95 Don't show "Primary Hashtag" when creating a project
Summary: Fixes T6598, "Primary Hashtag" field should only be visible in edit mode of existing projects.

Test Plan: Create project, "Primary Hashtag" field should be hidden. Edit an existing project, "Primary Hashtag" field should appear above "Additional Hashtags" as before.

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Maniphest Tasks: T6598

Differential Revision: https://secure.phabricator.com/D10964
2014-12-10 15:33:13 -08:00
epriestley
db51d7d92a Make ConduitCall always local/in-process
Summary:
Ref T2783. ConduitCall currently has logic to pick a random remote server, but this is ultimately not appropriate: we always want to send requests to a specific server. For example, we want to send repository requests to a server which has that repository locally. The repository tier is not homogenous, so we can't do this below the call level.

Make ConduitCall always-local; logic above it will select ConduitCall for an in-process request or do service selection for an off-host request via ConduitClient.

Test Plan:
  - Browsed some pages using ConduitCall, everything worked.
  - Grepped for removed stuff.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T2783

Differential Revision: https://secure.phabricator.com/D10959
2014-12-10 15:27:07 -08:00
epriestley
d151c88040 Add some missing capability checks for repository mirror edits
Summary: Via HackerOne. These endpoints have insufficient policy checks.

Test Plan: Verified endpoints now check policies correctly.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Differential Revision: https://secure.phabricator.com/D10957
2014-12-10 15:23:55 -08:00
Bob Trahan
9b865f18e8 Transactions - make "show older" area bigger and include keyboard command
Summary: Fixes T6683.

Test Plan: clicked the yellow box and it worked! pressed '~' and it worked!

Reviewers: epriestley, chad

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T6683

Differential Revision: https://secure.phabricator.com/D10932
2014-12-10 12:12:38 -08:00
Chad Little
6a0ec944a1 On narrow dashboard columns, don't show col2 of obj-item
Summary: Hides the second column of info on narrow (33%) columns on dashboards on object-items.

Test Plan:
Tested a narrow left and narrow right column, 160px is gained back.

{F248276}

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D10962
2014-12-10 11:40:56 -08:00
Chad Little
08bd383aae Add title to PHUIObjectItemView's name for hover display
Summary: This adds back the title to the header link and scans through the codebase for instances where

Test Plan: Tested as many ObjectItemLists as I could find (each app homepage), there may be outliers, but can resolve those individually.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D10961
2014-12-10 10:26:55 -08:00
epriestley
574a9fa665 Revert "Add title to ObjectItemList headers for truncated displays"
This reverts commit f71a83f52e.
2014-12-10 09:38:37 -08:00
Chad Little
f71a83f52e Add title to ObjectItemList headers for truncated displays
Summary: Ref T6723. This allows you to hover over truncated headers and get the full text if needed.

Test Plan:
Hover over header, see full title

{F248197}

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T6723

Differential Revision: https://secure.phabricator.com/D10958
2014-12-10 09:26:20 -08:00
Chad Little
786c7b0df6 Have home dashboards go to single column on narrow desktops
Summary: Ref T6723. Because of the sidenav, some dashboard layouts may perform poorly on more narrow desktop displays. This provides an additional media query and CSS rules.

Test Plan:
Move viewport to 1001 px, see desktop, move to 999 pixels, see tablet-like display.

{F248158}

{F248159}

{F248160}

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T6723

Differential Revision: https://secure.phabricator.com/D10956
2014-12-10 08:51:09 -08:00
lkassianik
edc4c219ca Title/Description quering for Passphrase credential
Summary: Fixes T6562, Title/Description querying for Passphrase

Test Plan: Open Passphrase, open advanced queries, enter a title and/or description. Search results should show credentials matching the search.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T6562

Differential Revision: https://secure.phabricator.com/D10953
2014-12-09 16:23:09 -08:00
Bob Trahan
d5e7cd5590 Conpherence - fix add participant / remove participant form
Summary: Ref T6713. We were dropping latest transaction ID. This should fix the "easy" part of T6713.

Test Plan: tried to add participants and it worked! (removing participants only allows yourself, but that worked too.)

Reviewers: chad, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T6713

Differential Revision: https://secure.phabricator.com/D10952
2014-12-09 11:29:21 -08:00
Chad Little
9d062044e7 Remove Remarkup icons from source
Summary: These are not used

Test Plan: grep codebase

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D10938
2014-12-09 11:24:59 -08:00
Bob Trahan
5b59a81ab9 Projects - fix missing subscriber handling code in the editor
Summary: Fixes T6719. At some point, we added automagical subscriptions via @mentions, and these were failing in project descriptions from a lack of an implementation in the editor. Said "implementation" is to do nothing, but it needs to be there nonetheless.

Test Plan: updated a project mentioning someone in the description and it worked. also saw a 'subscriber added' transaction

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T6719

Differential Revision: https://secure.phabricator.com/D10951
2014-12-09 10:14:14 -08:00
Joshua Spence
54f8aa8cd9 Minor linter fixes
Summary: Self explanatory

Test Plan: `arc lint`

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D10946
2014-12-09 18:37:32 +11:00
Chad Little
e3f99947ac Fix crumb alignment with new notification layout
Summary: Crumbs misalign because the hit area on the icons was 2px too large.

Test Plan: Test on pages with crumbs. IE, FF, Chrome...

Reviewers: epriestley, btrahan

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D10949
2014-12-08 21:04:24 -08:00
Chad Little
34fb98da66 Update message and notification icons to use fonts
Summary: Cleans up spacing, updates to fonts instead of images. Fixed some mobile issues.

Test Plan:
Test with and without counts on desktop, tablet, mobile. Test layout in FF, Chrome, IE.

{F246745}

{F246746}

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D10948
2014-12-08 13:53:29 -08:00
lkassianik
4506018339 Clicking the search icon in empty search field should link to advanced search
Summary: Fixes T6664, clicking search icon in empty search field should link to advanced search

Test Plan: navigate to home page, click search icon or click into search box and hit enter. Advanced search page should open.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T6664

Differential Revision: https://secure.phabricator.com/D10947
2014-12-08 11:27:15 -08:00
epriestley
139c63bd84 When a worker task fails permanently, log the reason
Summary: Ref T6238. This makes debugging permanent task failures easier (we log reasoning for temporary failures already, just not permanent ones).

Test Plan: Saw more useful permanent failure log.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T6238

Differential Revision: https://secure.phabricator.com/D10945
2014-12-08 11:27:10 -08:00
Joshua Spence
9e54e6e886 Fix an undefined variable
Summary:
The `$timeline` variable is undefined. I was seeing the following error in the logs:

```
EXCEPTION: (RuntimeException) Undefined variable: timeline at [<phutil>/src/error/PhutilErrorHandler.php:210]
   #0 PhutilErrorHandler::handleError(integer, string, string, integer, array) called at [<phabricator>/src/applications/harbormaster/controller/HarbormasterStepEditController.php:205]
   #1 HarbormasterStepEditController::processRequest() called at [<phabricator>/src/aphront/AphrontController.php:33]
   #2 AphrontController::handleRequest(AphrontRequest) called at [<phabricator>/webroot/index.php:103]
```

Test Plan: Created a build step without a fatal error.

Reviewers: btrahan, hach-que, epriestley, #blessed_reviewers

Reviewed By: epriestley, #blessed_reviewers

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D10941
2014-12-08 04:11:12 -08:00
Chad Little
46b775820a Remove text-rendering CSS rule
Summary: This rule is making text actually more difficult to read on Windows, as well as is broken on Win/Chrome, and evidentally has performance issues on mobile browsers.

Test Plan: Turn it off, can still read web page

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D10940
2014-12-07 20:08:15 -08:00
epriestley
9a7383121d Move cancel/retry/free task queue actions to bin/worker
Summary:
Fixes T6702. Ref T3554. Currently, tasks can be cancelled, retried and freed from the web UI by any logged in user.

This isn't appreciably dangerous (I can't come up with a way that a user could do anything security-affecting), but I think I probably intended this to be admin-only, but these actions should move to the CLI anyway.

Move them to the CLI. Lay some groundwork for some future `bin/worker cancel --class SomeTaskClass`, but don't implement that yet.

Test Plan: Used `cancel`, `retry` and `free` from the CLI. Hit all the error/success states.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T3554, T6702

Differential Revision: https://secure.phabricator.com/D10939
2014-12-06 09:14:16 -08:00
Chad Little
a0907819cd Add addtional hints you haven't submitted comments on a Diff
Summary: Ref T3669. Probably. Adds a yellow warning at the top of the Diff View and makes the comment draft icon yellow on lists of revisions.

Test Plan:
Test a diff with many warnings, see warning. Test a diff with draft comments, see warning. Test new icon in list view.

{F230133}

{F230134}

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T3669

Differential Revision: https://secure.phabricator.com/D10789
2014-12-05 16:38:32 -08:00
Chad Little
5f3753e231 Clean up spacing, sizing on mobile app menus
Summary: Lots of minor spacing/alignment tweaks on mobile menus

Test Plan: set browser to 320 width, inspect for issues and alignments

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D10937
2014-12-05 15:06:06 -08:00
Bob Trahan
ac1c955986 Transactions - fix bug in differential where older inlines weren't appearing
Summary: Fixes T6699. We need to "loadInlineComments" consistently, though for an unexpected reason - this mutates the $changesets to include all $changesets that have an associated inline comment, which is necessary to make them render properly.

Test Plan: Took a diff with inline comments and updated it, noting the inline comments disappeared. applied this patch and the inlines reappeared.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T6699

Differential Revision: https://secure.phabricator.com/D10935
2014-12-05 11:15:46 -08:00
Chad Little
39351f0a5a Remove unused sprite image
Summary: minor, unused

Test Plan: grep

Reviewers: epriestley, btrahan

Reviewed By: btrahan

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D10936
2014-12-05 11:13:48 -08:00
Chad Little
0c37f8db4b Make settings a wrench, not a cog
Summary: Change icon for Settings app to more match previous. Also align plus icon a little better.

Test Plan: Lots of staring.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D10934
2014-12-04 17:36:15 -08:00
Bob Trahan
a1a8083b93 Transactions - fix pagination bug
Summary: Fixes T6694. Ref T4712. Turns out the logic here was slightly incorrect; we don't want to use the id of the last thing we hid but rather the first thing we show. I had garbage test data ("asdsadsadsa", etc) I guess so I didn't notice this.

Test Plan: made a new task where user a and user b alternated 3 comments each, cooperatively numbering them from 1 - 20. as both users, showed older transactions. pre-patch the issue described in T6694 occurred and post patch I saw the entire counting sequence.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T4712, T6694

Differential Revision: https://secure.phabricator.com/D10933
2014-12-04 17:21:36 -08:00
Bob Trahan
2856c60932 Transactions - kill the old "show all" code pathways
Summary: we still need to be pager-sensitive, but otherwise this "show all" stuff is dead, dead dead...! Ref T4712. I think we can close the book on T4712 with one more diff to clean up the array_reverse / reverse paging stuff? That diff is probably a bit tricky as it involes auditing every TransactionQuery callsite...

Test Plan: viewed a task with a lot of transactions. clicked "show older" and it worked!

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T4712

Differential Revision: https://secure.phabricator.com/D10926
2014-12-04 14:55:18 -08:00
Bob Trahan
6ab3f06b6e Transactions - adding willRenderTimeline to handle tricky cases
Summary: Fixes T6693.

Test Plan:
Made a bunch of comments on a diff with differential, being sure to leave inlines here and there. This reproduced the issue in T6693. With this patch this issue no longer reproduces!

Successfully "showed older changes" in Maniphest too.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T6693

Differential Revision: https://secure.phabricator.com/D10931
2014-12-04 13:58:52 -08:00
Chad Little
20035fe9a8 Update Phabricator header to use FontAwesome
Summary: Updates header to use font-icons instead of images.

Test Plan: Test desktop and mobile layouts, Chrome, FF, Safari, IE.

Reviewers: btrahan, epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Differential Revision: https://secure.phabricator.com/D10930
2014-12-04 13:01:23 -08:00