1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-28 09:42:41 +01:00
Commit graph

18 commits

Author SHA1 Message Date
epriestley
2a5c987c71 Lock policy queries to their applications
Summary:
While we mostly have reasonable effective object accessibility when you lock a user out of an application, it's primarily enforced at the controller level. Users can still, e.g., load the handles of objects they can't actually see. Instead, lock the queries to the applications so that you can, e.g., never load a revision if you don't have access to Differential.

This has several parts:

  - For PolicyAware queries, provide an application class name method.
  - If the query specifies a class name and the user doesn't have permission to use it, fail the entire query unconditionally.
  - For handles, simplify query construction and count all the PHIDs as "restricted" so we get a UI full of "restricted" instead of "unknown" handles.

Test Plan:
  - Added a unit test to verify I got all the class names right.
  - Browsed around, logged in/out as a normal user with public policies on and off.
  - Browsed around, logged in/out as a restricted user with public policies on and off. With restrictions, saw all traces of restricted apps removed or restricted.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D7367
2013-10-21 17:20:27 -07:00
epriestley
874a9b7fe3 When creating or updating a revision, infer the repository from the diff
Summary:
Ref T603. When a diff is attached to a revision, try to guess the repository if possible. In cases where we succeed, this automatically gives us intuitive policy behavior (i.e., you can see a revision if you can see the repository the change is against).

I pulled this into a funky little "Lookup" class for two reasons:

  - It's used in two places;
  - I anticipate that we might need to add some sort of `explainWhy()` method if users find the heuristics confusing.

Test Plan: Created and updated revisions, saw them pick up the correct repository association. Ran Herald dry run against associable and nonassociable revisions, saw correct values populate.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D7147
2013-09-26 15:28:42 -07:00
epriestley
b928e7f8f5 Fix an issue with Diffusion where paging by commit date would fail
Summary: When loading the cursor repository, we need to load the most recent
commit too if we're paging by commit date. This fixes a fatal for installs
with more than 100 repositories.

Auditors: btrahan
2013-09-23 18:25:06 -07:00
epriestley
e7a7e43104 Fix a bug where policy queries with cursor-based pagers and non-ID orders can go into infinite loops
Summary:
Ref T603. See inlines for an explanation. The case where I hit this was loading the "Pending Differential Revisions" panel in Diffusion when logged out, after making a repository public.

What happens is that we load 10 revisions (say, D1 .. D10) but the user can't see any of them. We then try to load the next 10, but since the pagination is ordered by date modified, we need to base the next query on the modified date of the last thing we loaded (D10). However, since we use the viewer's policies to load that cursor object, it fails to load, and then we just issue the same query over and over again, loading D1 .. D10 until we run out of execution time.

Test Plan: Interface now loads correctly.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D7059
2013-09-21 16:23:44 -07:00
epriestley
b8cb6ddaa5 Add some keys and policy fields to repositories
Summary:
  - Add some TODO'd keys.
  - Add policy fields.

Test Plan: Viewed repositories; created a new repository and verified it got the right default policy settings.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D7056
2013-09-21 16:23:01 -07:00
epriestley
8651e5feba Allow repositories to be filtered by type
Summary: Allows the user to query for repos by VCS type.

Test Plan: See screenshot.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D7038
2013-09-19 11:56:48 -07:00
epriestley
256fcf3721 Make it easier to construct multi-column paging clauses from Query classes
Summary:
We currently have two giant messes for paging across multiple columns (usually because one column is not unique), and I'm about to add a third for Maniphest.

Provide a more structured way to build these `A > a OR (A = a AND B > b)` clauses.

Test Plan: Set page size to `2` for Differential and Diffusion and paged forward and backward with a bunch of different orders set. Pages worked as expected.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2625

Differential Revision: https://secure.phabricator.com/D6971
2013-09-13 11:49:41 -07:00
epriestley
0da6321b2c Provide ordering options in Diffusion application search
Summary: Fixes T2298. Allows repositories to be ordered by name, callsign, commit, or date created. Slightly messy because of cursor paging.

Test Plan: Sorted commits.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2298

Differential Revision: https://secure.phabricator.com/D6919
2013-09-10 15:29:37 -07:00
epriestley
9872d57f87 Allow Diffusion repostories to be filtered by active/inactive status
Summary: Adds a status filter and makes the default query "active" repositories.

Test Plan: Used new filter to execute queries.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D6918
2013-09-10 15:26:23 -07:00
epriestley
904add9f44 Use ApplicationSearch in Diffusion
Summary:
Ref T2625. Switches Diffusion to ApplicationSearch. Notes:

  - Rendering is a bit rough, I'll clean that up next.
  - Ordering is a bit arbitrary, also coming shortly.

Test Plan: Used `/diffusion/` to execute various searches.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2625

Differential Revision: https://secure.phabricator.com/D6917
2013-09-10 15:26:08 -07:00
epriestley
93c6704059 Move "most recent commit" and "commit count" into DiffusionRepositoryQuery
Summary: Ref T2625. `DiffusionHomeController` currently runs these queries inline. Move them into `DiffusionRepositoryQuery`. Prepareds for ApplicationSearch.

Test Plan: Loaded `/diffusion/`, saw the same content as before.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2625

Differential Revision: https://secure.phabricator.com/D6914
2013-09-10 15:22:41 -07:00
epriestley
333e377488 Modernize Releeph project create controller
Summary:
Ref T3092.

  - Check for a duplicate key error;
  - do less single loading and use Query classes;
  - use responsive UI elements;
  - add crumbs.

Test Plan: Created a new project, and hit error cases.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3092

Differential Revision: https://secure.phabricator.com/D6629
2013-07-30 12:38:11 -07:00
epriestley
5cc3bbf721 Use application PHIDs for application transactions
Summary: Ref T2715. Ref T3578. Load application transactions through application PHID infrastructure.

Test Plan: Viewed feed, saw successful loads of application transaction objects and rendered feed stories.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2715, T3578

Differential Revision: https://secure.phabricator.com/D6617
2013-07-29 12:04:15 -07:00
Bob Trahan
ec61c15cb2 move repository arcanist projects over to new phid stuff
Summary: also submit casual entry for longest class name award with new query class. Ref T2715

Test Plan: phid.query and saw the right arcanist project

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2715

Differential Revision: https://secure.phabricator.com/D6586
2013-07-26 14:33:31 -07:00
epriestley
2fd018ad92 Begin transacitonalizing repository edits and provide a more sensible edit interface
Summary:
Ref T2231, T603. Plan of attack here is pretty much:

  - Built out a new (currently not linked in the UI) edit interface in Diffusion which is transaction-based and has a sensible layout.
  - Build out a new create interface based on PagedForm which dumps into the new edit interface.
  - Throw the old stuff away.
  - Everyone lives happily ever after.

Test Plan:
{F44163}
{F44164}

Reviewers: chad, btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2231

Differential Revision: https://secure.phabricator.com/D6029
2013-05-24 12:37:42 -07:00
vrana
b3a63a62a2 Introduce PhabricatorEmptyQueryException
Summary: It's dumb to execute a query which we know will return an empty result.

Test Plan: Looked at comment preview with "11", didn't see "1 = 0" in DarkConsole.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D5177
2013-03-06 19:22:00 -08:00
vrana
800be357e8 Order repositories in Diffusion from oldest
Summary: Same to ordering in Repository List.

Test Plan: /diffusion/

Reviewers: epriestley, nh

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4251
2012-12-20 15:49:37 -08:00
epriestley
db89e23761 Make Repositories partially policy-aware
Summary: Small step toward repository hosting. No user-visible changes.

Test Plan: Looked at repositories in Diffusion.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D4227
2012-12-19 11:07:06 -08:00