1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-30 18:52:42 +01:00
Commit graph

1369 commits

Author SHA1 Message Date
Bob Trahan
3c4070a168 OAuth Server -- add controllers to RUD client authorizations and CRUD clients
Summary:
beyond the title, this diff tweaks the test console to have a bit more
functionality.  also makes a small change to CSS for AphrontFormControlMarkup,
which IMO fixes a display issue on
https://secure.phabricator.com/settings/page/profile/ where the Profile URI is
all up in the air and whatnot

I think this is missing pagination.  I am getting tired of the size though and
will add later.  See T905.

Test Plan:
viewed, updated and deleted client authorizations.  viewed, created,
updated and deleted clients

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Maniphest Tasks: T849, T850, T848

Differential Revision: https://secure.phabricator.com/D1683
2012-02-24 14:56:18 -08:00
epriestley
282d6e5ffa Unify Maniphest + Differential comment styles
Summary:
I want to add comments to commits, and they should obviously share code with the
nearly-identical comments in Maniphest and Differential. Unify code/style as
much as possible.

This program made possible by a generous grant from D1513.

Test Plan:
  - Looked at a bunch of different Differential and Maniphest comments; they
appeared to render identically to how they looked before.
  - Tested some edge cases like anchors and "show details" on description edits
in Maniphest.

Reviewers: btrahan, jungejason

Reviewed By: btrahan

CC: aran, epriestley

Maniphest Tasks: T904

Differential Revision: https://secure.phabricator.com/D1686
2012-02-24 13:02:35 -08:00
jungejason
fb9d48f38b Refactor Owners pages and Improve the Nav Filter
Summary:
Getting ready to support searching for the related commits by
package owner (D1631):

- Add 'relative' option to the Nav Filter
- Refactor Owners page

Test Plan: - owners page still renders with the filter displayed correctly.

Reviewers: epriestley, nh

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1630
2012-02-17 08:56:19 -08:00
epriestley
cd651001b6 Add a contextual "scope" dropdown for searches
Summary: Add a "Search for ... in (document group)" thing that picks the current
scope based on the current application.

Test Plan: Conducted searches in several browsers.

Reviewers: btrahan, skrul

Reviewed By: btrahan

CC: aran, epriestley

Maniphest Tasks: T858

Differential Revision: https://secure.phabricator.com/D1610
2012-02-14 17:00:12 -08:00
epriestley
6a11d8d0d1 Reduce size of "Unbreak Now" and "Needs Triage" panels when no action is
required

Summary: Make these things like 1/4th the size if they aren't actionable.

Test Plan: Loaded home page with actionable, unactionable panels.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1613
2012-02-14 16:23:53 -08:00
epriestley
3f46d30e8f Replace home directory list with a dashboard
Summary:
Rough cut that still needs a lot of polish, but replace the directory list with
more of a dashboard type thing:

  - Show "Unbreak Now", triage-in-your-projects, and other stuff that you're
supposed to deal with, then feed.
  - Move tools a click a way behind nav -- this also lets us put more stuff
there and subtools, etc., later.
  - Remove tabs.
  - Merge the category/item editing views.
  - I also added a light blue wash to the side nav, not sure if I like that or
not.

Test Plan:
  - Viewed all elements in empty and nonempty states.
  - Viewed applications, edited items/categories.

Reviewers: btrahan, aran

Reviewed By: btrahan

CC: aran, epriestley, davidreuss

Maniphest Tasks: T21, T631

Differential Revision: https://secure.phabricator.com/D1574
2012-02-07 16:04:48 -08:00
vrana
2ff36b7cad Move tail to <body>
Summary:
Prevents invalid HTML.
Discussion at D1561#6.

Test Plan:
http://validator.w3.org/check?uri=https%3A%2F%2Fsecure.phabricator.com

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1563
2012-02-03 11:33:38 -08:00
vrana
6bd8542abb Avoid sending CSRF token in GET and external forms
Summary:
Sending CSRF token in GET forms is dangerous because if there are external links
on the target page then the token could leak through Referer header.
The token is not required for anything because GET forms are used only to
display data, not to perform operations.
Sending CSRF tokens to external URLs leaks the token immediately.

Please note that <form action> defaults to GET.

PhabricatorUserOAuthSettingsPanelController suffered from this problem for both
reasons.

Test Plan: Save my settings (POST form).

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1558
2012-02-03 10:58:51 -08:00
vrana
c0efecb561 Specify encoding in <meta>
Summary: Phabricator sends information about encoding in Content-Type header but
when I save the HTML page then this information is lost.

Test Plan: /

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1561
2012-02-03 10:16:12 -08:00
epriestley
5954ae84aa Improve Herald personal/global UI/UX
Summary:
  - Default "personal" vs "global" choice to "personal".
  - Don't show global rules under "My Rules".
  - After editing or creating a global rule, redirect back to global rule list.
  - Use radio buttons for "personal" vs "global" and add captions explaining the
difference.
  - For "global" rules, don't show the owner/author in the rule detail view --
they effectively have no owner (see also D1387).
  - For "global" rules, don't show the owner/author in the rule list view, as
above.
  - For admin views, show rule type (global vs personal).

Test Plan:
  - Created and edited new global and personal rules.
  - Viewed "my", "global" and "admin" views.

Reviewers: btrahan, jungejason, nh, xela

Reviewed By: btrahan

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1518
2012-01-31 12:09:29 -08:00
epriestley
cb0bb8165d Add a Join / Leave button to Projects
Summary: Make it easy to join or leave (well, slightly less easy) a project.
Publish join/leave to feed. Fix a couple of membership editor bugs.

Test Plan: Joined, left a project.

Reviewers: btrahan, jungejason

Reviewed By: btrahan

CC: aran, epriestley

Maniphest Tasks: T681

Differential Revision: https://secure.phabricator.com/D1485
2012-01-25 11:51:20 -08:00
epriestley
82c0795e54 Unify logic for username validation
Summary: Revisit of D1254. Don't require lowercase, just standardize the logic.
The current implementation has nonuniform logic -- PeopleEditController forbids
uppercase.

Test Plan: Ran unit tests, see also D1254.

Reviewers: btrahan, jungejason, aran

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D1415
2012-01-16 11:52:59 -08:00
epriestley
d8bbf55959 Improve behavior when user submits a no-op action in Differential
Summary:
See T730 and the slightly-less-pretty version of this in D1398.

When a user takes an action in Differential that has no effect (for instance,
accepting an already-accepted revision), prompt them:

  Action Has No Effect

  You can not accept this revision because it has already been accepted.

  Do you want to post the feedback anyway, as a normal comment?

                        [Cancel] [Post as Comment]

If they have no comment text, the dialog only says "Cancel".

I think this is probably the best way to balance all the concerns here -- it
might occasionally be a little annoying, but that should be rare, and it should
never be confusing (the current workflow is extremely confusing).

This also fixes the issue where you can add all sorts of CCs who are already
part of the revision, either explicitly or via mentions.

Test Plan:
Posted some has-effect and has-no-effect comments, made different
choices in the dialog, everything seems to work OK?

Reviewers: vrana, btrahan, jungejason

Reviewed By: vrana

CC: aran, vrana

Maniphest Tasks: T730

Differential Revision: https://secure.phabricator.com/D1403
2012-01-15 03:44:09 -08:00
epriestley
bfbe6ec594 Prevent login brute forcing with captchas
Summary: If a remote address has too many recent login failures, require they
fill out a captcha before they can attempt to login.

Test Plan: Tried to login a bunch of times, then submitted the CAPTHCA form with
various combinations of valid/invalid passwords and valid/invalid captchas.

Reviewers: btrahan, jungejason

Reviewed By: jungejason

CC: aran, epriestley, jungejason

Maniphest Tasks: T765

Differential Revision: https://secure.phabricator.com/D1379
2012-01-12 15:22:05 -08:00
epriestley
7f7710a24d Add @phutil-external-symbol declarations to Phabricator
Summary: See D1381.

Test Plan: Ran "arc liberate src/ --all" and got a clean rebuild.

Reviewers: btrahan, jungejason

Reviewed By: jungejason

CC: aran, jungejason

Maniphest Tasks: T762

Differential Revision: https://secure.phabricator.com/D1382
2012-01-12 15:20:18 -08:00
epriestley
d43dec1d12 Make it harder to miss errors and warnings while developing Phabricator
Summary:
If a page generates warnings or errors, you only get a little red dot in
DarkConsole which is hard to see. DarkConsole is also fairly big and there are
plenty of reasons not to leave it open all the time.

Instead, unconditionally show a big message to developers if there are errors or
warnings.

We could make this more sophisticated eventually, but the value is just that you
see it.

Test Plan: Browsed pages with and without warnings, got the right banner state.

Reviewers: nh, btrahan, jungejason

Reviewed By: btrahan

CC: aran, btrahan

Maniphest Tasks: T734

Differential Revision: https://secure.phabricator.com/D1307
2012-01-04 10:21:00 -08:00
epriestley
cacdfcc8ea Remove unused PhabricatorProfileView
Summary: After D1281, this has no callsites. I don't see us wanting to go back
to it.

Test Plan: Grepped for symbol name, no hits.

Reviewers: btrahan, jungejason

Reviewed By: jungejason

CC: aran, jungejason

Differential Revision: https://secure.phabricator.com/D1282
2011-12-24 08:54:31 -08:00
epriestley
43430e154d Rough cut of Project profile improvements
Summary:
  - Old page was useless and dumb.
  - New page looks a little less bad, functions a little less poorly.
  - Still lots of work to be done.

Test Plan:
  - Viewed a project.
  - Clicked all the links on the left nav.
  - Here is a screenshot:
https://secure.phabricator.com/file/view/PHID-FILE-4buzquotb3fo4dhlicrw/

Reviewers: btrahan, jungejason

Reviewed By: jungejason

CC: aran, jungejason

Maniphest Tasks: T681

Differential Revision: 1246
2011-12-20 17:19:55 -08:00
jungejason
c80d1480d5 Add Basic Auditing Functionalities
Summary:
add basic auditing functionalities. For the related commits for a
package, we detect the following conditions which might be suspicious to the
owners of the package:

* no revision specified
* revision not found
* author not match
* reviewedby not match
* owners not involved
* commit author not recognized

The owners of the package can change the status of the audit entries by
accepting it or specify concern.

The owner can turn on/off the auditing for a package.

Test Plan:
*  verified that non-owner cannot see the details of the audit and cannot modify
it
*  verified that all the audit reasons can be detected
*  tested dropdown filtering and package search
*  verified really normal change not detected
*  verified accept/concern a commit
*  tested enable/disable a package for auditing
*  verified one audit applies to all <commit, packages> to the packages the
auditor owns
*  verified that re-parsing a commit won't have effect if there exists a
 relationship for <commit, package> already

Reviewers: epriestley, nh

Reviewed By: epriestley

CC: aran, benmathews, btrahan, mpodobnik, prithvi, TomL, epriestley

Differential Revision: 1242
2011-12-20 13:36:53 -08:00
epriestley
81acf588e2 Take the first step on the long journey of fixing "Projects"
Summary:
  - Allow more than the 100 most recent projects to be viewed.
  - Provide some useful filters.
  - Default the view to your projects, not all projects.
  - Put query logic in a query object.
  - Put filter view logic in a view object. We can port more stuff to it later.

Test Plan: Looked at active/owned/all projects. Set page size to 5 and paged
through projects.

Reviewers: btrahan, jungejason, zeeg

Reviewed By: btrahan

CC: aran, btrahan

Differential Revision: 1227
2011-12-16 17:23:48 -08:00
Bob Trahan
588b959c03 phabricator_format_timestamp => phabricator_datetime
Summary: make the change, kill the function.   be sure to get a good $user or
$viewer variable

Test Plan:
for each controller or view, look at it in the ui.   change timezone, refresh ui
and note change.   i did not test the OAuthSettingsPanelController; not sure how
to get to that badboy and i got a bit lazy

Maniphest Tasks: T222

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, btrahan, epriestley

Maniphest Tasks: T222

Differential Revision: 1166
2011-12-04 08:51:34 -08:00
epriestley
bd520076f9 Add optional keystroke support for AphrontPagerView
Summary: This is sort of silly but maybe useful? The real problem is that there
are like 500k conduit call logs and the real solution to that is better
filtering options, but this seems sort of okay.

Test Plan: Used "[" and "]" to switch between pages on the conduit call log.

Reviewers: btrahan, jungejason, nh, aran

Reviewed By: nh

CC: aran, nh, epriestley

Differential Revision: 1145
2011-12-01 10:16:12 -08:00
adonohue
7d2a18d883 Examples using JX.View
Summary: Provide a dirt-simple working example of client-side templating and
reactive programming.

Test Plan: Load the examples

Reviewers: epriestley, mroch, tomo

Reviewed By: epriestley

CC: ide, schrockn, aran, rzadorozny, epriestley

Differential Revision: 908
2011-11-06 15:17:00 -08:00
Marek Sapota
789dc6cb5e Allow anonymus access to Differential.
Summary:
Add possibility for not logged in users to browse and see Differential
revisions.

Test Plan:
Set 'differential.anonymous-access' config option to true, log out, you should
be able to browse Differential without logging back in.

Reviewers: epriestley, jungejason

Reviewed By: epriestley

CC: aran, epriestley, mareksapota

Differential Revision: 1044
2011-10-25 10:23:08 -07:00
epriestley
2fc3acc969 Improve time localization code
Summary:
  - We throw on a missing date right now, in the DateTime constructor. This can
happen in reasonable cases and this is display code, so handle it more
gracefully (see T520).
  - This stuff is a little slow and we sometimes render many hundreds of dates
per page. I've been seeing it in profiles on and off. Memoize timezones to
improve performance.
  - Some minor code duplication that would have become less-minor with the
constructor change, consolidate the logic.
  - Add some unit tests and a little documentation.

Test Plan:
  - Ran unit tests.
  - Profiled 1,000 calls to phabricator_datetime(), cost dropped from ~49ms to
~19ms with addition of memoization. This is still slower than I'd like but I
don't think there's an easy way to squeeze it down further.

Reviewers: ajtrichards, jungejason, nh, tuomaspelkonen, aran

Reviewed By: ajtrichards

CC: aran, ajtrichards, epriestley

Differential Revision: 966
2011-09-27 09:25:16 -07:00
epriestley
d0b6602e29 Add an option to switch tokenizers to use "ondemand" instead of "preloaded"
datasources

Summary:
The open source Phabricator has like 3,500 user accounts now and it takes a
while to pull/render them. Add an option to switch to ondemand for large
installs.

I'll follow up with a patch at some point to address a couple of name things:

  - Denormalize last names into a keyed column (although this evidences some
bias toward the western world).
  - Force all usernames to lowercase (sorry Girish, Makinde).

Also this patch is so clean it's crazy.

Didn't bother with other object types for now, I'm planning to dedicate a few
days to Projects at some point and I'll flesh out some auxiliary features like
this when I do that.

Test Plan: Switched to ondemand, verified data was queried dynamically. Switched
back, verified data was preloaded.

Reviewers: jungejason, nh, tuomaspelkonen, aran

Reviewed By: nh

CC: aran, epriestley, nh

Differential Revision: 923
2011-09-21 14:22:01 -07:00
epriestley
cd7ba81d83 Use "Best" URI when linking to files from Maniphest file previews
Summary: Previously, this code accidentally did not use the best URI. Instead,
use the best URI. It's the best, obviously.

Test Plan: Uploaded a binary file and then clicked the preview.

Reviewers: hunterbridges, jungejason, nh, tuomaspelkonen, aran

Reviewed By: tuomaspelkonen

CC: aran, tuomaspelkonen

Differential Revision: 905
2011-09-06 15:35:30 -07:00
epriestley
3aa17c7443 Prevent CSRF uploads via /file/dropupload/
Summary:
We don't currently validate CSRF tokens on this workflow. This allows an
attacker to upload arbitrary files on the user's behalf. Although I believe the
tight list of servable mime-types means that's more or less the end of the
attack, this is still a vulnerability.

In the long term, the right solution is probably to pass CSRF tokens on all Ajax
requests in an HTTP header (or just a GET param) or something like that.
However, this endpoint is unique and this is the quickest and most direct way to
close the hole.

Test Plan:
  - Drop-uploaded files to Files, Maniphest, Phriction and Differential.
  - Modified CSRF vaidator to use __csrf__.'x' and verified uploads and form
submissions don't work.

Reviewers: andrewjcg, aran, jungejason, tuomaspelkonen, erling
Commenters: andrewjcg, pedram
CC: aran, epriestley, andrewjcg, pedram
Differential Revision: 758
2011-08-16 13:19:10 -07:00
epriestley
774211af76 Tweak style on "Create Another Task" button
Summary:
Not totally sure I'm in love with this but I think it's somewhat non-terrible,
despite the lack of lens flare.

Also made "Cancel" take you back to the task if you got to "Create" from "Create
Another Task".

Test Plan:
  - Style:
https://secure.phabricator.com/file/view/PHID-FILE-ad37d3c1f3b2c7a7a7d1/
  - Hit "Cancel" from "Create Another", got sent back to task.
  - Hit "Cancel" from normal create, got sent back to list.
  - Tried to save an invalid task after making changes to CC/Projects, changes
were preserved.

Reviewed By: codeblock
Reviewers: hunterbridges, jungejason, tuomaspelkonen, aran, codeblock
CC: aran, epriestley, codeblock
Differential Revision: 736
2011-08-03 13:15:18 -07:00
epriestley
9d3f33a7a6 Rough implementation of drag-and-drop file uploads
Summary:
This gets all the major pieces working. Allows you to drag-and-drop files in
Differential and Phriction, and embed files in remarkup with {Fxxx} references.
See also task.

I'm explicitly not documenting this yet since it's still pretty rough.

Test Plan: Dragged and dropped stuff into Differential and Phriction.
Reviewed By: jungejason
Reviewers: jungejason, tuomaspelkonen, aran, tomo
Commenters: tomo
CC: aran, tomo, jungejason
Differential Revision: 674
2011-08-01 15:27:13 -07:00
epriestley
35d03d36c7 Improve display behavior of commit messages in Diffusion
Summary:
See T372. Always render commit messages on one display line, so the table
doesn't jump around as they AJAX in on browse views.

The goal here is to have the cell choose a size naturally and for its content to
render with "overflow: hidden" if the natural size isn't large enough to contain
the content. "white-space: pre" or "white-space: nowrap" would prevent wrapping
but potentially make the table exceed the display width when a better behavior
is to hide some of the commit message.

Also use utf8-aware shortening, now that we have a function for it.

Casting a wide net in case anyone has a better way to do the CSS here. It's kind
of nasty that we have to use so many DOM nodes.

Test Plan:
  - Resized window while viewing browse and history views in Safari, Chrome and
Firefox. Table exhibited described behavior.
  - Verified summaries render sensibly and are properly truncated to 100
characters.

Reviewed By: aran
Reviewers: aran, jungejason, tuomaspelkonen, tomo, mroch, cpojer
CC: aran, epriestley
Differential Revision: 750
2011-07-31 12:05:06 -07:00
epriestley
15ef2fced0 Fix conservative CSRF token cycling limit
Summary:
We currently cycle CSRF tokens every hour and check for the last two valid ones.
This means that a form could go stale in as little as an hour, and is certainly
stale after two.

When a stale form is submitted, you basically get a terrible heisen-state where
some of your data might persist if you're lucky but more likely it all just
vanishes. The .js file below outlines some more details.

This is a pretty terrible UX and we don't need to be as conservative about CSRF
validation as we're being. Remedy this problem by:

  - Accepting the last 6 CSRF tokens instead of the last 1 (i.e., pages are
valid for at least 6 hours, and for as long as 7).
  - Using JS to refresh the CSRF token every 55 minutes (i.e., pages connected
to the internet are valid indefinitely).
  - Showing the user an explicit message about what went wrong when CSRF
validation fails so the experience is less bewildering.

They should now only be able to submit with a bad CSRF token if:

  - They load a page, disconnect from the internet for 7 hours, reconnect, and
submit the form within 55 minutes; or
  - They are actually the victim of a CSRF attack.

We could eventually fix the first one by tracking reconnects, which might be
"free" once the notification server gets built. It will probably never be an
issue in practice.

Test Plan:
  - Reduced CSRF cycle frequency to 2 seconds, submitted a form after 15
seconds, got the CSRF exception.
  - Reduced csrf-refresh cycle frequency to 3 seconds, submitted a form after 15
seconds, got a clean form post.
  - Added debugging code the the csrf refresh to make sure it was doing sensible
things (pulling different tokens, finding all the inputs).

Reviewed By: aran
Reviewers: tuomaspelkonen, jungejason, aran
CC: aran, epriestley
Differential Revision: 660
2011-07-14 08:09:40 -07:00
epriestley
c33eecf438 Improve DarkConsole "Services" and "XHProf" plugins
Summary:

  - Services: Show summary panel of total service call costs and relative page weight.
  - Services: Add "Analyze Query Plans" button, which issues EXPLAIN for each query and flags problems.
  - XHPRof: iframe the profile.

Test Plan: Used the new query plan analysis to find missing keys causing table scans, see D627.

Reviewers: jungejason, tuomaspelkonen, aran

CC:

Differential Revision: 628
2011-07-11 12:51:58 -07:00
epriestley
74d57b0a42 Use phabricator_ time functions in more places
Summary:
Replace some more date() calls with locale-aware calls.

Also, at least on my system, the DateTimeZone / DateTime stuff didn't actually
work and always rendered in UTC. Fixed that.

Test Plan:
Viewed daemon console, differential revisions, files, and maniphest timestamps
in multiple timezones.

Reviewed By: toulouse
Reviewers: toulouse, fratrik, jungejason, aran, tuomaspelkonen
CC: aran, toulouse
Differential Revision: 530
2011-06-26 10:38:25 -07:00
epriestley
4acf457431 Merge remote branch 'cadamo/devel'
Conflicts:
	src/__celerity_resource_map__.php
2011-06-20 16:06:03 -07:00
Cristian Adamo
7851b6573f Project list and profile view modifications
Summary: Added some change on the project's list view, to show information about
active tasks, population, etc. Also modified the "profile view", and added a class "PhabricatorProfileView" to render the profile, both on projects and users.

Test Plan: play around the project directory :)

Reviewers: epriestley ericfrenkiel

CC:

Differential Revision: 477
2011-06-20 16:13:44 -03:00
Andrew Toulouse
9b522982fa Add timezone support
Summary:
Allows user-configurable timezones. Adds a preference panel, and migrates to the
new date rendering in easily-modified areas of the code. ***In progress***.

Test Plan:
Check database to make sure the field is being changed when the settings are
changed; check affected views to see how they render times.

Reviewed By: epriestley
Reviewers: epriestley
CC: aran, epriestley, toulouse
Differential Revision: 475
2011-06-18 13:07:43 -07:00
epriestley
b49c5e9762 "Merge Duplicates" in Maniphest
Summary:
Allow duplicate tasks to be selected and merged in Maniphest.

I didn't create a separate transaction type for this because that implies a
bunch of really complicated rules which I don't want to sort out right now
(e.g., do we need to do cycle detection for merges? If so, what do we do when we
detect a cycle?) since I think it's unnecessary to get right for the initial
implementation (my Tasks merge implementation was similar to this and worked
quite well) and if/when we eventually need the metadata to be available in a
computer-readable form that need should inform the implementation.

Plenty of room for improvement here, of course.

Test Plan:
Merged duplicate tasks, tried to perform invalid merge operations (e.g., merge a
task into itself).
Tested existing attach workflows (task -> revision, revision -> task).

Reviewed By: aran
Reviewers: tuomaspelkonen, jungejason, aran
CC: anjali, aran
Differential Revision: 459
2011-06-14 20:44:58 -07:00
epriestley
aa86cf0ed8 Countdown tweaks
Summary:
A few tweaks to hsb's Countdown implementation:

  - Allow the page to be rendered "chromeless", suitable for display on one of
the dozens of monitors everyone has laying around.
  - Show title of countdown in deletion dialog.
  - When creating a new countdown default to time(), not Dec 31, 1969.
  - Add extra "/" after editing to avoid needless redirect.
  - Tweak some page titles.
  - Show countdown author in list view.
  - Highlight tab in list view.
  - Tweak menu copy.
  - Link countdown title in list view, separate buttons into different columns
so they pick up padding.

Test Plan:
Created, edited and deleted a timer. Viewed a timer and toggled chrome mode.
Viewed timer list.

Reviewed By: hsb
Reviewers: hsb, aran, jungejason, tuomaspelkonen
CC: aran, hsb, epriestley
Differential Revision: 454
2011-06-13 18:53:43 -07:00
tuomaspelkonen
501c001520 Added a big warning if reviewer is about to accept a diff with lint or unit
errors.

Summary:
Make sure reviewers know what they are doing.

Test Plan:
Tested with different diffs that had lint and unit problems.

Reviewed By: epriestley
Reviewers: epriestley, jungejason
CC: grglr, aran, epriestley, tuomaspelkonen
Differential Revision: 432
2011-06-13 11:49:31 -07:00
epriestley
eab768f705 Allow projects to be quickly added from the Maniphest task creation interface
Summary:
Provide a quick workflow for adding a new project. This ended up being sort of
complicated because we don't currently put forms in dialogs. I separated the
actual <form /> tag out of the display/layout of AphrontFormView to enable this
(the dialog is itself a form).

Limitations: if you create a new project and then remove it, it won't appear in
the tokenizer until you reload the page. We need to add the ability for the
datasource to drop its cache to enable this, which is super complicated.

Test Plan:
Used "Create new project" to add a new project when creating a task.

Reviewed By: aran
Reviewers: jungejason, tuomaspelkonen, aran
CC: anjali, aran, epriestley
Differential Revision: 422
2011-06-13 10:17:08 -07:00
epriestley
1c5b31d397 Keep menubar from spazzing out in narrow screens
Summary:
If you resize your window to be very narrow, the menu bar spazzes out right now.
Prevent it from developing all sorts of weird internal linewrapping.

Test Plan:
Narrowed my browser window, header didn't spaz out.

Reviewed By: jungejason
Reviewers: aran, jungejason, tuomaspelkonen
CC: aran, jungejason
Differential Revision: 428
2011-06-11 16:01:04 -07:00
epriestley
17306b7a92 Provide basic keyboard navigation support for Differential.
Summary:
ReviewBoard has a fancier version of this feature that's more granular -- the
keyboard can focus on individual changes. I think that's good and intend to
implement something similar, but this gets us a step closer and gets rid of some
of the bookkeeping stuff like making shortcuts discoverable.

(I have another brnach with Maniphest merging which also uses fatcow icons,
which is why the README seems a little out of context.)

Test Plan:
Used "j" and "k" to jump between changesets. Pressed "?" and got a list of
available shortcuts.

Reviewed By: tuomaspelkonen
Reviewers: aran, jungejason, tuomaspelkonen
CC: moskov, aran, epriestley, tuomaspelkonen
Differential Revision: 412
2011-06-09 14:55:44 -07:00
epriestley
48ec1f6d98 Provide basic structure for keyboard shortcuts
Summary: Implements a simple infrastructure for keyboard shortcuts, see T184, and a "help" shortcut.

There's a lot of room for refinement here but I think it basically works. Each shortcut can also provide a "tooltip" handler which allows it to show help when the alt/option key is held down.

Test Plan: Pressed "?" and got help. Pressed "?" in various contexts where it should not activate (modifier keys, text input focused) and didn't get help.

Reviewers: aran, tuomaspelkonen, jungejason

CC: moskov

Differential Revision: 362
2011-06-07 11:23:19 -07:00
epriestley
bfe73f585f Crop screenshot thumbs in Maniphest
Summary:
If you name an attached file something like
"derpderpderpderpderdperdperpereprederpderplolololololo.png", the display
overflows. Crop and shorten it so that it looks decent. Show the full name as
the image title.

Test Plan:
Named a file "derpderpderpderpderdperdperpereprederpderplolololololo.png" and
got a sensible display out of it.

Reviewed By: tuomaspelkonen
Reviewers: tuomaspelkonen, jungejason, aran
CC: aran, tuomaspelkonen
Differential Revision: 389
2011-06-01 15:38:17 -07:00
epriestley
d96d515cc2 Add comment linking to Maniphest and Differential
Summary:
Allows you to link to comments with "D123#3" or "T123#3", then adds a pile of JS
to try to make it not terrible. :/

The thing I'm trying to avoid here is when someone says "look at this!
http://blog.com/#comment-239291" and you click and your browser jumps somewhere
random and you have no idea which comment they meant. Since I really hate this,
I've tried to avoid it by making sure the comment is always highlighted.

Test Plan:
Put T1#1 and D1#1 in remarkup and verified they linked properly.

Clicked anchors on individual comments.

Faked all comments hidden in Differential and verified they expanded on anchor
or anchor change.

Reviewed By: aran
Reviewers: aran, tomo, mroch, jungejason, tuomaspelkonen
CC: aran, epriestley
Differential Revision: 383
2011-05-31 11:11:19 -07:00
epriestley
c7ff835073 Replace "Phabricator" menu text with phabricator logo
Summary:
I ran a 99designs contest and this gear-eye thing was actually pretty okay. All
this stuff needs tweaks but at least it won't render with a big square on
windows anymore.

Test Plan:
Looked at menu, it seemed slightly more legitimate and designey than before?

Reviewed By: jungejason
Reviewers: tuomaspelkonen, jungejason, aran
CC: aran, epriestley, jungejason
Differential Revision: 363
2011-05-29 02:48:14 -07:00
epriestley
cc5a86f75a Reenable login forms for installs with multiple login mechanisms. 2011-05-27 16:34:10 -07:00
epriestley
ce8a406424 Improve file preview in Maniphest
Summary:
Show large thumbnails of attached files in Maniphest.

Test Plan:
Looked at large thumbnails in Maniphest.

Reviewed By: jungejason
Reviewers: tomo, aran, jungejason, tuomaspelkonen
CC: anjali, aran, epriestley, jungejason
Differential Revision: 335
2011-05-27 09:35:56 -07:00
epriestley
109a202b6c Improve drag-and-drop uploader
Summary:
Make it discoverable, show uploading progress, show file thumbnails, allow you
to remove files, make it a generic form component.

Test Plan:
Uploaded ducks

Reviewed By: tomo
Reviewers: aran, tomo, jungejason, tuomaspelkonen
CC: anjali, aran, epriestley, tomo
Differential Revision: 334
2011-05-27 09:34:29 -07:00
tuomaspelkonen
d21a056f1c Multiple comment submissions for a diff is prevented now.
Summary:
It was possible to submit a comment multiple times if the submit
button was pressed more than once quickly. Added javascript code
that disables the button when it is clicked.

Test Plan:
Tried to click the button multiple times very quickly, but the
button was disabled after the first click.

Reviewed By: epriestley
Reviewers: epriestley, jungejason
Commenters: aran
CC: aran, epriestley, tuomaspelkonen
Differential Revision: 337
2011-05-25 12:14:43 -07:00
epriestley
9f65a5efb8 Drag-and-drop upload for Maniphest
Summary:
This needs a bunch of UI polish (critically, it's totally undiscoverable) but it
basically works correctly. I'll clean it up in some followups.

Test Plan:
Uploaded some files via drag-and-drop, made comments, etc.

Reviewed By: aran
Reviewers: tomo, aran, jungejason, tuomaspelkonen
CC: anjali, aran
Differential Revision: 332
2011-05-22 14:47:04 -07:00
epriestley
3f11c8a602 Tweak Maniphest CSS, fix remarkup in description change views
Summary:
Various CSS tweaks and fixes:

  - Add remarkup styling to description change views, missed this before.
  - Fix CSS so that transactions with only one item (e.g., changed priority)
don't have weird floater underneath them.
  - Add more space between transaction items.
  - Make default background color lighter and less heavy.
  - Use beigey color for comment form in Maniphest.
  - Share more CSS between Maniphest and Differential (previews, feedback).
  - Move "Leap Into Action" call to Differential, replace Maniphest with
thematically-consistent "Weigh In" (obviously, Maniphest has a nautical theme).

Test Plan:
Browsed Maniphest and Differential in a couple browsers, styling all seems
correct.

Reviewed By: tomo
Reviewers: tomo, aran, jungejason, tuomaspelkonen
CC: anjali, aran, tomo
Differential Revision: 328
2011-05-22 13:26:55 -07:00
epriestley
f72c1acc63 Lockdown tool directory editing to administrators
Summary:
Someone has "defaced" secure.phabricator.com with a helpful suggestion that I
actually do this; fair enough. :P

Test Plan:
Logged in as myself, unable to edit directory information. Logged out, logged in
as admin, was able to edit directory information.

I need to fix some more CSS stuff since some of these tabs render out hideous in
the admin background, but I can followup with that.

Reviewed By: tuomaspelkonen
Reviewers: aran, jungejason, tuomaspelkonen
Commenters: aran
CC: aran, tuomaspelkonen, epriestley
Differential Revision: 296
2011-05-17 13:17:13 -07:00
epriestley
4b92b2cead Allow revisions to be edited from Maniphest
Summary:
You can currently attach tasks to revisions from Differential, but not revisions
to tasks from Maniphest. Allow editing from either side.

This logic is kind of tricky but the alternative was massive code duplication.

Test Plan:
Added and removed revisions from maniphest. Added and removed tasks from
differential.

This should have no impact on the Facebook install since none of this is used
there.

Reviewed By: aran
Reviewers: tomo, tuomaspelkonen, jungejason, aran
CC: aran, epriestley
Differential Revision: 288
2011-05-16 15:31:46 -07:00
epriestley
f9f8ef0e6e Admin and disabled flags for users
Summary:
Provide an "isAdmin" flag for users, to designate administrative users.

Restore the account editing interface and allow it to set role flags and reset
passwords.

Provide an "isDisabled" flag for users and shut down all system access for them.

Test Plan:
Created "admin" and "disabled" users. Did administrative things with the admin
user. Tried to do stuff with the disabled user and was rebuffed. Tried to access
administrative interfaces with a normal non-admin user and was denied.

Reviewed By: aran
Reviewers: tuomaspelkonen, jungejason, aran
CC: ccheever, aran
Differential Revision: 278
2011-05-12 11:17:50 -07:00
epriestley
e32fd1a871 Correctly focus elements in Workflow dialogs
Summary:
JX.Workflow does a JX.DOM.find() for the sigil __default__, but fails because we
render with phutil_render_tag() instead of javelin_render_tag() so sigils are
not converted correctly.

Test Plan:
Opened an inline comment in differential, got focus on the <textarea />

Reviewed By: tuomaspelkonen
Reviewers: tuomaspelkonen
CC: aran, tuomaspelkonen, epriestley
Differential Revision: 259
2011-05-10 11:28:07 -07:00
epriestley
2a39fd09eb Bring Javelin into Phabricator via git submodule, not copy-and-paste
Summary:
Javelin is currently embedded in Phabricator via copy-and-paste of prebuilt
packages. This is not so great.

Pull it in as a submodule instead and make all the Phabriator resources declare
proper dependency trees. Add Javelin linting.

Test Plan:
I tried to run through pretty much all the JS functionality on the site. This is
still a high-risk change, but I did a pretty thorough test

Differential: inline comments, revealing diffs, list tokenizers, comment
preview, editing/deleting comments, add review action.
Maniphest: list tokenizer, comment actions
Herald: rule editing, tokenizers, add/remove rows

Reviewed By: tomo
Reviewers: aran, tomo, mroch, jungejason, tuomaspelkonen
CC: aran, tomo, epriestley
Differential Revision: 223
2011-05-08 13:20:10 -07:00
epriestley
6229cdadd8 Improve web tools for viewing daemons
Summary:
- Provides an "all daemons" view to look at more than the first 15 daemons.
  - Provides a "combined log" view with a large page size, to quickly look at
the log across all the daemons, making it easier to find issues when you have a
bunch of the same daemon and only one is having issues.
  - When viewing the web console on the same host as a daemon, show whether it's
running or not.

Test Plan:
Clicked the various daemon log interfaces.

Reviewed By: aran
Reviewers: jungejason, tuomaspelkonen, aran
CC: aran
Differential Revision: 215
2011-05-03 06:38:12 -07:00
epriestley
927407c426 Be more explicit about PHID sourcing in PhabricatorObjectSelectorDialog 2011-04-14 18:36:33 -07:00
adonohue
6d20a57ce0 Instant subscribe/unsubscribe
Summary:
No workflow dialog when subscribing or unsubscribing from a Differential
Revision

Test Plan:
Repeatedly subscribe and unsubscribe to a revision. Enter refractory period due
to
speed of page gen.

Reviewed By: epriestley
Reviewers: epriestley
CC: epriestley
Differential Revision: 128
2011-04-12 18:25:46 -07:00
epriestley
675ce22bf4 Allow Maniphest and Differential object lists to be filtered by user. 2011-04-11 02:06:13 -07:00
tuomaspelkonen
d5ee8c792c Modified DarkConsole Error Log to show more detailed information.
Summary:
When function phlog() is called, stacktrace and detailed log information
is shown in DarkConsole.

Test Plan:
Called 'phlog' function from various places in Phabricator and checked that
the debug information was available in DarkConsole.

Reviewed By: epriestley
Reviewers: epriestley
CC: jungejason, epriestley
Differential Revision: 101
2011-04-06 14:30:54 -07:00
tuomaspelkonen
1c6487197f Object selector does live-updates without requiring user to hit 'search'
Summary:
Editing Maniphest tasks for a Differential Revision required user to hit
'search' every time he changed search parameters. Now select and text input
changes trigger search automatically.

Test Plan:
Tested that changing the select and entering text automatically gave the
correct results.

Reviewed By: epriestley
Reviewers: epriestley, jungejason
Commenters: jungejason
CC: epriestley, jungejason
Differential Revision: 102
2011-04-05 15:24:10 -07:00
epriestley
23f882a0ee Some owners write workflows. 2011-04-03 22:03:27 -07:00
epriestley
5038ab850c Some owners read workflows. 2011-04-03 19:20:47 -07:00
epriestley
4993bb9a9b AphrontListFilterView, for list filtering. 2011-04-03 15:50:06 -07:00
epriestley
8f5d01d451 Get rid of +x on a bunch of nonexecutable files because I failed to set
"create mask" on SMB. :/
2011-04-02 16:47:20 -07:00
epriestley
29ce4ed83f Paginate the user list view. 2011-04-02 09:58:42 -07:00
epriestley
f76c3bbc22 AphrontPagerView and UIExamples. 2011-03-31 17:06:33 -07:00
tuomaspelkonen
28fe9f4eca User preferences ported from tools
Summary:

Internal tools, e.g., differential and diffusion  have user defined
preferences for monospaced font and the option for showing either the
name of the tool or the glyph of the tool in the title.

These preferences were ported to phabricator. These preferences can be
modified in /preferences/ and they both affect diffusion and differential
at the moment.

Test Plan:

* Created an empty database
* Loaded /preferences/ and modified the monospaced font and clicked save
* Confirmed that the same page was loaded with the message that preferences
  have been saved and that the example text used the user defined font

* in /preferences/ changed the option to show tool names as plain text and
  clicked save
* Confirmed that the same page was loaded with '[Preferences]' in the title
  instead of a glyph

* These same tests were also executed for differential and diffusion

Reviewers: epriestley
CC: jungejason

Differential Revision: 91
2011-03-31 13:44:20 -07:00
epriestley
deb12c9fe8 Some herald improvements. 2011-03-22 20:43:19 -07:00
epriestley
b060f0a80f Herald JS basics. 2011-03-22 17:08:08 -07:00
jungejason
6aa006b903 Make conduit-uri info easier to be copied into arcrc
Summary:
add the conduit URI and the username together with the arc
certificate to the setting page.

Test Plan:
run arc diff to make sure it still works after copying the
generated test into the .arcrc file.

Reviewed By: epriestley
Reviewers: epriestley
CC: epriestley
Differential Revision: 73
2011-03-15 21:52:48 -07:00
epriestley
485b5e5ded Make the Diffusion UI vaguely usable in some cases. 2011-03-12 16:17:34 -08:00
epriestley
eccc76dae6 Fix some issues caught by HipHop, and work around some issues
caused by HipHop.
2011-02-26 21:01:42 -08:00
epriestley
d0ea1f1c7b Restore profile links to OAuth resources.
Summary:

Test Plan:

Reviewers:

CC:
2011-02-22 11:06:37 -08:00
epriestley
063269a00a Store OAuth tokens and more OAuth account info.
Summary:

Test Plan:

Reviewers:

CC:
2011-02-22 10:27:27 -08:00
epriestley
c6c6a2cc4c Unify headsup action lists.
Summary:

Test Plan:

Reviewers:

CC:
2011-02-20 13:02:40 -08:00
epriestley
8fe3c80b6c Make header alignment/layout less horrible.
Summary: <table />s repruhsent

Test Plan:

Reviewers:

CC:
2011-02-20 10:00:29 -08:00
epriestley
eec3e8e3aa Move object-selector closable to being usable.
Summary:

Test Plan:

Reviewers:

CC:
2011-02-18 15:12:15 -08:00
epriestley
258e0cdded Very basic Object Selector interface.
Summary: Interface for selecting objects to attach to other objects
(e.g., Maniphest tasks to Differential diffs and vice versa).

Test Plan: still rough

Reviewers:

CC:
2011-02-16 23:00:13 -08:00
epriestley
0b1450c5f9 Add framebusting to Phabricator.
Summary:
Technically we didn't have it in the first place, but should. Also
add in X-Frame-Options for double-plus-good.

Test Plan:
Created a page with Phabricator in an <iframe />, got busted out
of it. Added in the X-Frame-Options, got an empty iframe.

Differential Revision: 38
Reviewed By: tomo
Reviewers: mroch, tomo
2011-02-16 22:58:44 -08:00
epriestley
147d2e2e3d Rought cut of search.
Summary: Botched this pretty badly in git so we'll see how much I broke. :/

Test Plan:

Reviewers:

CC:
2011-02-14 15:34:20 -08:00
epriestley
91fb157253 Use the task title as the page title for Maniphest task detail views.
Summary: Instead of "Create Task", show the task's ID and name in the page
title.

Test Plan: Looked at a task. Also double-cheked XSS junk and plugged a hole.

Reviewers: cpiro

CC:

Differential Revision: 27
2011-02-09 16:38:51 -08:00
epriestley
6ec5e682f4 Maniphest wireframes
Summary:

Test Plan:

Reviewers:

CC:
2011-02-08 20:39:56 -08:00
epriestley
605268f9aa Some acutal conduit authentication. 2011-02-05 22:36:21 -08:00
epriestley
50bfcd0a30 100-changeset cutoff. 2011-02-05 16:43:28 -08:00
epriestley
f0934e655f Fix some typos, restore outline styles. 2011-02-05 12:33:53 -08:00
epriestley
de2a9c634c Differential lazyweb diff create workflow. 2011-02-05 12:20:18 -08:00
epriestley
addfe3aa79 DarkConsole toggle, workflow behavior. 2011-02-05 11:45:13 -08:00
epriestley
18c0515440 Add reviewers workflow fixes. 2011-02-04 22:45:42 -08:00
epriestley
94dd5c6917 Slightly declown my stunning "design" skills. 2011-02-04 18:24:03 -08:00
epriestley
905870d793 Various fixes, particularly on the revision update workflow. 2011-02-04 17:53:14 -08:00
epriestley
759eec3a77 Very rough cut of DarkConsole + XHProf 2011-02-02 13:48:52 -08:00
epriestley
246cba2bf0 InlineComments 2011-02-01 21:09:28 -08:00
epriestley
9dac0ed9f1 Bring in JX.Workflow and the inline commenting behavior, plus sync Javelin. 2011-02-01 15:52:04 -08:00
epriestley
4736b320ff Differential comment previews. 2011-01-31 18:05:20 -08:00
epriestley
03fec6e911 PhabricatorEnv
'infratructure' -> 'infrastructure' (rofl)
Recaptcha
Email Login / Forgot Password
Password Reset
2011-01-31 11:55:26 -08:00
epriestley
29f7219a49 CSRF / Logout 2011-01-30 18:52:29 -08:00
epriestley
58d1506499 Clean up the revision list view a bit. 2011-01-30 18:24:57 -08:00
epriestley
c55b1ed9bb Basic Differential revision feedback view. 2011-01-30 10:37:58 -08:00
epriestley
406a14ebe5 Make 404 page somewhat prettier. 2011-01-30 09:15:01 -08:00
epriestley
de1fb8ac7d DifferentialRevisionEditor 2011-01-26 17:17:49 -08:00
epriestley
ccf7df6093 Authentication 2011-01-26 15:34:20 -08:00
epriestley
bc57b12ef0 MetaMTA 2011-01-26 08:00:52 -08:00
epriestley
14ed5482ab Typeaheads 2011-01-25 14:41:32 -08:00
epriestley
16ad2386d8 Javelin integration. 2011-01-25 12:41:55 -08:00
epriestley
e284d5b5dc Distribute Celerity includes. 2011-01-25 11:32:46 -08:00
epriestley
7bb0db1365 Celerity, a Haste-style static resource management system. 2011-01-25 10:18:44 -08:00
epriestley
fed4c583c5 Add Javelin. 2011-01-25 08:18:27 -08:00
epriestley
52126c5479 Add proper syntax highlighting with Phutil. 2011-01-24 17:39:14 -08:00
epriestley
2bea542920 Conduit: user.find 2011-01-24 12:05:49 -08:00
epriestley
2aaa95e640 Conduit server-side basics. 2011-01-24 10:52:35 -08:00
epriestley
0eac30d80d Phabricator file upload application. 2011-01-23 14:04:07 -08:00
epriestley
2c7e71cac5 Introduce PHID generation. 2011-01-22 22:07:59 -08:00
Evan Priestley
eecc003a62 More phabricator organizational stuff. 2011-01-22 18:00:19 -08:00
epriestley
85198b3d06 Distinguish between aphront and phabricator. 2011-01-22 17:45:28 -08:00
epriestley
76258ce0e1 Import some code, some of which may be relevant to the project. 2011-01-17 19:31:39 -08:00