1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-11 08:06:13 +01:00
Commit graph

17673 commits

Author SHA1 Message Date
epriestley
afdef332fb Allow "transaction.search" to be called on an object type
Summary:
Ref T13631. This supports a more robust version of "poll for updates by using dateModified window queries" that uses transactions as a logical clock.

This is particularly relevant for commits, since they don't have a "dateModified" at time of writing.

Test Plan:
  - Queried for transactions by type and object.
  - Issued various invalid transaction queries, got appropriate errors.

Maniphest Tasks: T13631

Differential Revision: https://secure.phabricator.com/D21601
2021-03-10 10:20:03 -08:00
epriestley
404b55ce57 Give audit statuses API constants that match their UI strings
Summary: Ref T13631. These strings were a little inconsistent; make them more consistent.

Test Plan: Called `diffusion.commit.search` with the appropriate attachment, saw slightly more consistent statuses.

Maniphest Tasks: T13631

Differential Revision: https://secure.phabricator.com/D21600
2021-03-10 10:20:03 -08:00
epriestley
ac2f5a1046 Modernize and clean up "PhabricatorAuditStatusConstants"
Summary:
Ref T13631. Move "PhabricatorAuditStatusConstants" to a more modern object ("PhabricatorAuditRequestStatus").

Expose the status value via Conduit.

Test Plan:
  - Ran `bin/audit delete`.
  - Viewed a commit with auditors in the web UI.
  - Grepped for affected symbols.
  - Called Conduit with the "auditors" attachment, saw auditor statuses.

Maniphest Tasks: T13631

Differential Revision: https://secure.phabricator.com/D21599
2021-03-10 09:21:55 -08:00
epriestley
2636d84d0c Remove very old Audit status constants and AuditRequest data
Summary:
Ref T13631. See that task for discussion.

  - "NONE": Probably never used?
  - "CC": Obsoleted by subscribers.
  - "AUDIT_NOT_REQUIRED": For Owners packages, obsoleted by edges.
  - "CLOSED": For "Close Audit", obsoleted by "Request Verification".

Test Plan:
  - Grepped for constants, browsed Diffusion.

Subscribers: PHID-OPKG-gm6ozazyms6q6i22gyam

Maniphest Tasks: T13631

Differential Revision: https://secure.phabricator.com/D21598
2021-03-10 09:21:54 -08:00
epriestley
55532b3f74 Add a very basic "auditors" attachment to "differential.commit.search"
Summary: Ref T13631. For now, this only shows the auditor PHID. The current status constants could use some cleanup before they're exposed.

Test Plan: Queried with "auditors" attachment, saw basic auditor information.

Maniphest Tasks: T13631

Differential Revision: https://secure.phabricator.com/D21597
2021-03-10 09:21:54 -08:00
epriestley
bfe7cdc5a2 Provide default image alt text in more contexts and support custom alt text
Summary:
Ref T13629.

  - Allow files to have custom alt text.
  - If a file doesn't have alt text, try to generate a plausible default alt text with the information we have.

Test Plan:
  - Viewed image files in DocumentEngine diffs, files, `{Fxxx}` embeds, and lightboxes.
  - Saw default alt text in all cases, or custom alt text if provided.
  - Set, modified, and removed file alt text. Viewed timeline and feed.
  - Pulled alt text with "conduit.search".

Maniphest Tasks: T13629

Differential Revision: https://secure.phabricator.com/D21596
2021-03-04 16:51:23 -08:00
epriestley
fceb9a3f9e Hide the "Author" field in Differential on the web create workflow
Summary:
Ref T13628. When creating a revision, hide the recently introduced "Author" field.

It seems exceedingly unlikely that anyone would ever want to adjust this field when creating a revision, and this workflow already has a lot of fields and complexity, so this likely adds more noise than signal on the balance.

Test Plan:
  - Created revisions via copy/paste on the web workflow, no longer saw "Author".
  - Used "Edit Revision" to adjust the author normally.

Maniphest Tasks: T13628

Differential Revision: https://secure.phabricator.com/D21595
2021-03-04 15:50:15 -08:00
epriestley
a9704428ff In Audit, use repository identities to prevent author-auditors
Summary:
See PHI2015. Diffusion attempts to prevent a commit's author from being made an auditor, but currently uses an out-of-date method for identifying the author.

Use the modern ("Repository Identity" aware) method instead.

Test Plan:
  - Authored a commit as user "X", mapped to my account.
  - Pushed/imported/discovered it.
  - Changed the identity mapping for "X" from my account to a different account.
  - Tried to add myself as an auditor.
    - Before: error, "author can't be an auditor".
    - After: succeeds.
  - Tried to add the newly mapped user as an auditor. This correctly fails with the "author can't be an auditor" error.

It's possible to put commits into a wonky state by remapping the author identity to a user who is already an auditor, but I think that isn't important and we can't do much about it, realistically.

Differential Revision: https://secure.phabricator.com/D21594
2021-03-04 09:33:49 -08:00
epriestley
9b6a030292 Use the same icon for "Resigned" in Differential and Diffusion
Summary:
See PHI2015. Currently, "resigned" reviewers/auditors get different icons in Differential and Diffusion.

The Diffusion icon is exceptionally poor and confusing: it does not communicate "resigned" and it is similar to other icons.

For clarity and consistency, use the Differential icon (a grey "X") in both applications.

Test Plan: {F8492303}

Differential Revision: https://secure.phabricator.com/D21593
2021-03-04 09:33:48 -08:00
epriestley
f3caf7e9fc Improve rendering behavior for "foist upon" with an empty tokenizer
Summary:
Ref T13628. If you "Foist Upon", then delete the value in the tokenizer, then scroll down to the preview, you currently get an ugly "Unknown Object (???)" rendering.

This is technically correct in some vague sense and the transaction won't apply, but provide a more aesthetic rendering instead.

Test Plan: {F8487050}

Maniphest Tasks: T13628

Differential Revision: https://secure.phabricator.com/D21592
2021-03-03 16:08:26 -08:00
epriestley
dec1413684 Provide a more general "Author" transaction for Differential
Summary:
Ref T13628. Currently, Differential has a "Commandeer" action, but no way to edit the author otherwise.

This is largely archaic: there is no reason to prevent editing the author, and this makes it difficult to undo mistakes if you commandeer by accident.

Instead, provide a normal "Author" field and a "Foist Upon" action, similar to the "Owner" and "Claim/Assign" fields in Maniphest.

Test Plan:
  - Applied author transactions as the old author ("foisted"), the new author ("commandeerd"), and an arbitrary third party ("changed author").
  - Tried to unassign author, etc.
  - Viewed stories in feed and transaction timeline.
  - Saw sensible automatic reviewer changes.
  - Used existing "Commandeer" action, which is unchanged.
  - Called "transaction.search" and saw reasonable transaction values.

Maniphest Tasks: T13628

Differential Revision: https://secure.phabricator.com/D21591
2021-03-03 15:49:22 -08:00
Matthew Bowker
c0ac5be8a8 Provide new tool "bin/user approve" to approve an account.
Summary: T13578

Test Plan:
This method uses the existing transaction.  As such, most of the testing focused on the integration between the workflow and transaction.  The only change made to the transaction was to allow an omnipotent user to make the change in addition to an admin.

Other than that, I removed the "approved" flag from the user, then ran the command-line utilty until the user was successfully approved.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T13578

Differential Revision: https://secure.phabricator.com/D21587
2021-03-03 04:35:50 +00:00
epriestley
33bce22ef2 Never return external connections to the GlobalLock connection pool
Summary:
Ref T13627. If a lock fails, the connection may be returned to the pool, even if the connection is an external connection. Under old versions of MySQL, connection reuse can release other locks on the same connection.

Don't return external connections to the pool.

This issue was introduced in D21369.

Test Plan: Added a failing test and made it pass.

Maniphest Tasks: T13627

Differential Revision: https://secure.phabricator.com/D21585
2021-03-02 13:44:17 -08:00
epriestley
2b473558c2 Refuse to acquire a second GlobalLock on a connection
Summary:
Ref T13627. MySQL versions older than 5.7 release held locks when a new lock is acquired.

Prevent acquisition of a second lock to prevent this.

Test Plan: Added a failing unit test, made it pass.

Maniphest Tasks: T13627

Differential Revision: https://secure.phabricator.com/D21586
2021-03-02 13:44:17 -08:00
epriestley
466013f11a Prevent external connections from being mutated on held locks
Summary: Ref T13627. This makes the API harder to misuse: setting an external connection on a held lock isn't a meaningful operation. Prevent it.

Test Plan: Added a failing test, made it pass.

Maniphest Tasks: T13627

Differential Revision: https://secure.phabricator.com/D21584
2021-03-02 13:44:16 -08:00
epriestley
15dbf6bdf0 When a GlobalLock with an external connection is released, don't return it to the pool
Summary:
Ref T13627. Currently, global locks always return connections (even external connections) to the connection pool when unlocked.

This code is obviously buggy: `isExternalConnection` is set to false immediately before it is tested. This bug has existed since this code was introduced, in D15792.

  - Instead of storing a flag, store the actual connection.
  - Don't clear it when unlocking.
  - Don't return external connections to the pool.

Test Plan:
  - Added a failing test, made it pass.

Maniphest Tasks: T13627

Differential Revision: https://secure.phabricator.com/D21583
2021-03-02 13:44:16 -08:00
epriestley
55f4a258d2 When updating revisions in responset to commits, use the omnipotent viewer to pull diffs
Summary:
Ref T13625. See that task for discussion.

Currently, the Viewer when performing revision updates in response to commits may be an arbitrary low-privilege user (an Application, a disabled User, a bot, a mailing list, etc).

Today, this leads to an exception when trying to make API calls.

Ideally, we probably would not perform the update in these cases. However, performing the update isn't a policy violation and is generally less surprising than not performing it, so continue performing it for now: just use the omnipotent user to interact with the API.

Test Plan:
  - Authored a commit as a bot user without permission to view the repository or revision.
  - Commented out a couple of caches, and used `bin/repository reparse --publish ...` to republish the commit.
    - Before: exception when trying to interact with the API.
    - After: clean publish.

Maniphest Tasks: T13625

Differential Revision: https://secure.phabricator.com/D21582
2021-03-01 11:11:34 -08:00
epriestley
0a3093ef9c Fix an issue where paginating notifications could fail a GROUP BY test
Summary:
Ref T13623. When paginating notifications, we may currently construct a query which:

  - loads from non-unique rows; and
  - returns multiple results.

In particular, `chronologicalKey` isn't unique across the whole table (only for a given viewer). We can get away with this because no user-facing view of notifications is truly "every notification for every viewer" today.

One fix would be to implicitly force the paging query to include `withUserPHIDs(viewerPHID)`, but puruse a slightly more general fix:

  - Load only unique stories.
  - Explictly limit the pagination subquery to one result.

Test Plan:
  - Set page size to 1, inserted duplicate notifications of all stories for another user, clicked "Next", got the GROUP BY error.
  - Applied the "only load unique stories" part of the change, got a "expected one row" error instead.
  - Applied the "limit 1" part of the change, got a second page of notifications.

Maniphest Tasks: T13623

Differential Revision: https://secure.phabricator.com/D21577
2021-02-26 15:11:25 -08:00
epriestley
10162ad43b Support an SSH error log
Summary: Ref T13624. Depends on D21578. In "sshd" subprocess contexts, use "PhutilErrorLog" to direct errors to both stderr and, if configured, a logfile on disk.

Test Plan:
  - Confiugured an error log.
  - Forced `ssh-auth` to fatal.
  - Saw errors on stderr and in log.

Maniphest Tasks: T13624

Differential Revision: https://secure.phabricator.com/D21579
2021-02-26 14:54:54 -08:00
epriestley
f970b350ea Correct behavior of "writable" Almanac service binding for repository services
Summary: Ref T13611. This property worked correctly when implemented in D19357. The behavior was broken by D20775, which tested node-level routing but did not specifically re-test the "writable" property. This was difficult to spot because ref query outcomes weren't observable in the UI, and the ref itself had the correct property value.

Test Plan:
See D21575. After this change, the UI shows the correct state, rather than showing a read-only service ref as writable:

{F8465865}

Maniphest Tasks: T13611

Differential Revision: https://secure.phabricator.com/D21576
2021-02-25 12:29:17 -08:00
epriestley
39077be746 Add an internal service ref panel to repository "Storage" information
Summary: Ref T13611. Currently, the "writable" property on service bindings has no effect because of a trivial bug. Provide more information in the UI to make this kind of problem observable.

Test Plan:
Viewed "Storage" section of management UI, saw a more-obvious problem with ref management (a non-writable ref is listed as writable).

{F8465851}

Maniphest Tasks: T13611

Differential Revision: https://secure.phabricator.com/D21575
2021-02-25 12:29:17 -08:00
epriestley
e9804bb7e5 Provide hovercards for generic edge stories, and include more message information in commit hovercards
Summary:
Ref T13620.

  - Make generic edge stories render links with hovercards. Other story types (like subscriptions) already do this so I'm fairly certain this is just old code from before hovercards.
  - Include a longer commit message snippet in hovercards.

Test Plan: {F8465645}

Maniphest Tasks: T13620

Differential Revision: https://secure.phabricator.com/D21574
2021-02-25 10:29:58 -08:00
epriestley
6bfa990254 When mapping phantom comments across changes, correct an off-by-one issue
Summary:
Ref T13617. When an inline comment is added inside a block of added lines, it currently ends up off-by-one when porting forward.

This is a disagreement between the mapping engine and the display engine about what "offset" means. Choose the simpler of the two interpretations.

Test Plan:
  - Created a revision with the diff in T13617.
  - Added an inline in the middle of the added block.
  - Updated the revision with the same diff.
    - Before: inline incorrectly moves up by one line.
    - After: inline maps correctly.

Maniphest Tasks: T13617

Differential Revision: https://secure.phabricator.com/D21572
2021-02-23 11:08:11 -08:00
epriestley
20a54a3006 Apply "pcre.*_limit" ini options in web environments
Summary: Ref T13100. Ref T13586. See D21566, which applied these changes to CLI environments. Also apply them to web environments.

Test Plan: Loaded Phabricator.

Maniphest Tasks: T13586, T13100

Differential Revision: https://secure.phabricator.com/D21567
2021-02-19 11:16:22 -08:00
epriestley
5bfd6bda77 Provide a more structured result log for Herald rules
Summary: Ref T13586. In the footsteps of D21563, make Herald rule results more formal and structured to support meaningful exception reporting.

Test Plan:
Ran various Herald rules and viewed transcripts, including rules with recursive dependencies and condition exceptions.

{F8447894}

Maniphest Tasks: T13586

Differential Revision: https://secure.phabricator.com/D21565
2021-02-19 11:16:22 -08:00
epriestley
b047653e53 Lift core of "HeraldConditionResult" to "HeraldTranscriptResult"
Summary: Ref T13586. Lift the behavioral core of "HeraldConditionResult" into a new abstract base "HeraldTranscriptResult", with the intent to introduce a "HeraldRuleResult".

Test Plan:
  - Ran Herald rules, reviewed transcripts.
  - This change should have no behavioral effect.

Maniphest Tasks: T13586

Differential Revision: https://secure.phabricator.com/D21564
2021-02-19 11:16:21 -08:00
epriestley
e77ae13d5c Provide a more structured result log for Herald conditions
Summary:
Ref T13586. Currently, Herald condition logs encode "pass" or "fail" robustly, "forbidden" through a sort of awkward side channel, and can not properly encode "invalid" or "exception" outcomes.

Structure the condition log so results are represented unambiguously and all possible outcomes (pass, fail, forbidden, invalid, exception) are clearly encoded.

Test Plan:
{F8446102}

{F8446103}

Maniphest Tasks: T13586

Differential Revision: https://secure.phabricator.com/D21563
2021-02-19 11:16:21 -08:00
epriestley
5408429466 Separate Herald transcripts into several different views
Summary: Ref T13586. The Herald transcript page has become more and more complicated over time, and recently added "Transactions" and "Profiler" sections. Split these across separate navigation tabs to limit the maximum complexity of any single view and make it easier to navigate to particular sections, like the profiler section.

Test Plan: Viewed various transcripts, saw nice digestible sections.

Maniphest Tasks: T13586

Differential Revision: https://secure.phabricator.com/D21493
2021-02-19 11:16:20 -08:00
epriestley
be0bb68f65 Remove Facebook OAuth dependency on "security_settings" property
Summary: Ref T13615. This property was removed from the Facebook API at some point, perhaps November 2020. Stop relying no it.

Test Plan: Created a local Facebook OAuth app, registered a new account locally.

Maniphest Tasks: T13615

Differential Revision: https://secure.phabricator.com/D21571
2021-02-19 10:27:42 -08:00
epriestley
b3976acc40 Improve performance of "phabricator:20210215.changeset.02.phid-populate.php"
Summary: Ref T13613. Improve the performance of this migration by using a temporary table and an "UPDATE x JOIN y ..." pattern.

Test Plan:
  - Ran on `secure`, got exit after a few seconds since the migration is idempotent and changesets already had PHIDs.
  - Ran on `secure` with the `continue;` commented out, got valid new PHIDs in 53s (from 153s).
  - Tried a larger page size (16K), didn't see any improvement.
  - From "--trace", client PHID generation seems to be the limiting factor.

Subscribers: PHID-OPKG-gm6ozazyms6q6i22gyam

Maniphest Tasks: T13613

Differential Revision: https://secure.phabricator.com/D21570
2021-02-19 07:53:14 -08:00
epriestley
7c44657ca5 Add more useful PHIDs to Harbormaster build variables
Summary: Ref T13609. Add the Object PHID (object being built), Container PHID (container of the object being built), Build PHID, and Buildable PHID to Harbormaster build variables.

Test Plan:
{F8448191}

{F8448192}

Subscribers: PHID-OPKG-gm6ozazyms6q6i22gyam

Maniphest Tasks: T13609

Differential Revision: https://secure.phabricator.com/D21569
2021-02-18 13:37:54 -08:00
epriestley
8cfd22c5fe Add a negative lookbehind to the Remarkup "bare URI" regular expression pattern
Summary: Ref T13608. Building on D21562, further anchor this pattern by adding a negative lookbehind.

Test Plan: Ran unit tests.

Maniphest Tasks: T13608

Differential Revision: https://secure.phabricator.com/D21568
2021-02-18 11:59:02 -08:00
epriestley
bd4d9d88f2 Limit remarkup URI protocol length to 32 characters to avoid expensive regex behavior
Summary:
Ref T13608. When searching for bare URIs in remarkup text, don't look for URIs with a protocol string longer than 32 characters.

This avoids a case where the regexp engine may be tricked into executing at `O(N^2)` or some similar complexity.

Test Plan:
  - Applied remarkup to "AAAA..." (512KB).
  - Before: 64 seconds to process.
  - After: <10ms to process.
  - Ran unit tests.

Maniphest Tasks: T13608

Differential Revision: https://secure.phabricator.com/D21562
2021-02-17 13:21:19 -08:00
epriestley
6703fec3e2 When documents are indexed, record the indexer version (versus the object version) and index epoch
Summary:
Ref T13587. D21495 has significant changes to the ngram indexer, which might possibly contain bugs.

Make it easier to reindex a subset of documents (based on the date when the index was built, and/or the software version which generated the index).

This is in addition to the existing versioning, which is focused on object versions.

Test Plan: Ran `bin/search index` with various old and new arguments. Spot-checked the `IndexVersion` table.

Subscribers: PHID-OPKG-gm6ozazyms6q6i22gyam

Maniphest Tasks: T13587

Differential Revision: https://secure.phabricator.com/D21560
2021-02-16 16:09:31 -08:00
epriestley
4f647fb6be When updating a Ferret search index document, reuse existing rows where possible
Summary:
Ref T13587. Currently, when a document is reindexed by Ferret, the old document is completely discarded and a new version is inserted to replace it.

This approach is simple to implement, but can lead to exhaustion of the ngram AUTO_INCREMENT id column in reasonable circumstances.

Conceptually, this approach "should" be fine and this exhaustion is an awkard implementation detail. However, since it's easy to be less wasteful when performing document updates and all the other approaches are awkward or leaky in other ways that are probably worse, use a more complex implementation to avoid executing unnecessary INSERT statements.

Test Plan:
  - Created and indexed a new document, searched for it.
  - Updated a document, indexed it with `bin/search index ... --force --trace`, saw only modifications updated in the index.
  - Searched for newly added terms (got hits) and removed terms (no longer got hits) to verify add/delete index behavior.

Maniphest Tasks: T13587

Differential Revision: https://secure.phabricator.com/D21495
2021-02-16 16:09:31 -08:00
epriestley
5d6dddc5eb Add more constraints to "harbormaster.target.search"
Summary: Ref T13607. Add some time-oriented constraints to this API method to support compiling build statistics.

Test Plan:
  - Called "harbormaster.target.search" with all new constraints.
  - Viewed documentation in API console.

Subscribers: PHID-OPKG-gm6ozazyms6q6i22gyam

Maniphest Tasks: T13607

Differential Revision: https://secure.phabricator.com/D21559
2021-02-16 12:22:31 -08:00
epriestley
9feb7343e6 Provide a "differential.changeset.search" Conduit API method
Summary: Ref T13605. Support selecting a diff's changesets (to get a list of affected file paths) via the API.

Test Plan: Called API with no arguments, diffPHIDs, PHIDs, IDs. Got sensible output.

Maniphest Tasks: T13605

Differential Revision: https://secure.phabricator.com/D21558
2021-02-15 11:11:13 -08:00
epriestley
ec5476a01f Add a PHID to Changesets
Summary:
Ref T13605. Changesets currently have no PHID, which limits their ability to use standard API infrastructure.

Give them a PHID, since there's no reason they don't have one other than their age.

Test Plan:
  - Ran migrations, saw PHIDs populated.
  - Created new changesets, saw PHIDs.

Subscribers: PHID-OPKG-gm6ozazyms6q6i22gyam

Maniphest Tasks: T13605

Differential Revision: https://secure.phabricator.com/D21557
2021-02-15 11:11:12 -08:00
epriestley
42c26821ef When a revision has only human reviewers but none can view it, show a warning banner
Summary: Ref T13602. Warn when a reivison has at least one human reviewer, no non-human reviewers, and no human reviewers can view it.

Test Plan: {F8430683}

Maniphest Tasks: T13602

Differential Revision: https://secure.phabricator.com/D21556
2021-02-13 13:37:38 -08:00
epriestley
2f33dedc8b When a reviewer can't see a revision, show it clearly in the reviewer list
Summary: Ref T13602. Similar to subscriber and mention treatments, make it clear when a user doesn't have view permission.

Test Plan: {F8430595}

Maniphest Tasks: T13602

Differential Revision: https://secure.phabricator.com/D21555
2021-02-13 13:37:37 -08:00
epriestley
90903282c7 Render user hovercards with context information about their ability to see the context object
Summary:
Ref T13602. When rendering a user hovercard, pass the object on which the reference appears. If the user can't see the object, make it clear on the hovecard.

Restyle the "nopermission" markup in mentions to make it more obvious what the style means: instead of grey text, use red with an explicit icon.

Test Plan: {F8430398}

Maniphest Tasks: T13602

Differential Revision: https://secure.phabricator.com/D21554
2021-02-13 13:37:37 -08:00
epriestley
2aac3156f7 Restructure Hovercards to support more context information
Summary:
Ref T13602. Currently, Hovercards are functions only of the object they represent (and the viewer, etc).

Recent changes to how users who can't see an object are rendered motivate making them a function of both the object they represent //and// the context in which they are being viewed. In particular, this enables a hovecard for a user to explain "This user can't see the thing you're lookign at right now.", so visual "exiled" markers can have a path forward toward discovery.

Test Plan:
  - This change isn't expected to affect any behavior.
  - Viewed hovercards, moused over/out, resized windows, viewed standalone cards, viewed debug cards, saw no behavioral changes.

Maniphest Tasks: T13602

Differential Revision: https://secure.phabricator.com/D21553
2021-02-13 13:37:36 -08:00
epriestley
58bbd6ee88 Propagate the "ContextObject" to Remarkup rendering in timelines
Summary:
Ref T13602. Currently, timeline comment rendering does not (by default) propagate the context object to the rendering layer.

This means that `@mentions` of users who can't see the object aren't rendered properly (currently: they show up as blue, but should show up as grey).

Pass the context down the stack and into the remarkup engine.

Test Plan: {F8382905}

Maniphest Tasks: T13602

Differential Revision: https://secure.phabricator.com/D21548
2021-02-13 13:37:36 -08:00
epriestley
a4cb2bb772 When a subscriber can't see an object, clearly show that they're missing the permission in the curtain UI
Summary:
Ref T13602. When a subscriber can't see an object, it's currently hard to figure it out.

Show this status clearly in the curtain UI.

Test Plan: {F8382865}

Maniphest Tasks: T13602

Differential Revision: https://secure.phabricator.com/D21547
2021-02-13 13:37:36 -08:00
epriestley
f0dc065290 Lift bulk tests for "many users against one object" capabilities into "PolicyFilterSet"
Summary:
Ref T13602. Currently, the policy framework can not execute "test if many users can see one object" particluarly efficiently. This test must be executed more broadly to implement the changes in T13602.

To avoid making this any worse than it already is, lift this block into a wrapper class that has a bulk queue + fetch API and could eventually be optimized.

Test Plan: Viewed a task with an `@mention` of a user without permission to see it in the summary, saw it rendered in a disabled style.

Maniphest Tasks: T13602

Differential Revision: https://secure.phabricator.com/D21546
2021-02-13 13:37:35 -08:00
epriestley
3e38579fee Update install and upgrade documentation for libphutil
Summary:
Ref T13395. Libphutil has merged into Arcanist and no longer needs to be installed or upgraded. Additionally:

  - The minimum PHP version is now PHP 5.5.
  - Although older versions of PHP should still install APC, modern versions come with Opcache and do not need APC. Setup issues guide administrators thorugh the correct install procedure now.

Test Plan: Read documentation.

Maniphest Tasks: T13395

Differential Revision: https://secure.phabricator.com/D21550
2021-02-08 10:20:00 -08:00
epriestley
67cf80b377 Test if "get_magic_quotes_gpc()" exists before calling it
Summary:
Ref T13588. This function was deprecated in PHP 7.4 (see D20942) and removed in PHP8.

Test that it exists before calling it so we don't fatal in PHP8.

See <https://discourse.phabricator-community.org/t/daemon-fails-on-php-8-0-2-in-utils-php-array-merge-call-w-fix/4568>.

Test Plan: Used "|| true" to test the message in PHP7. No actual testing in PHP8, but a user reports a similar patch works.

Maniphest Tasks: T13588

Differential Revision: https://secure.phabricator.com/D21549
2021-02-08 09:34:05 -08:00
epriestley
00cf93548b Add an "--ignore-locality" flag to "bin/repository pull"
Summary:
Ref T13600. When migrating observed repositories between cluster services, impact can be better controlled by fetching a copy of the repository on the target host before clusterizing it.

In particular, in the Phacility cluster, migrations are generally from one shared shard to one dedicated shard. It's helpful to perform these migrations synchronously without waiting for the cluster to sync in the background (helpful in the sense that there are fewer steps and fewer commands to run).

This supports an "--observe" mode to the internal "bin/services load-repository" workflow, which transfers repository data by refetching it from the remote rather than by getting it from the older host. This fetch occurs before cluster configuration is adjusted.

Test Plan: Ran locally as a sanity check, will apply in production.

Maniphest Tasks: T13600

Differential Revision: https://secure.phabricator.com/D21544
2021-02-04 11:33:14 -08:00
epriestley
a7bd58c4bb Remove "AlmanacPropertyInterface" from "AlmanacNamespace"
Summary:
See <https://discourse.phabricator-community.org/t/i-cant-create-almanac-space/4424/>.

Almanac namespaces have never really had property support, but they implemented the interface in the original implementation.

At the time, this had no effect. Later changes integrated properties into the edit flows and broke this no-op integration.

Remove the interface for now. They could be given property support later, but need a bit of support code.

This feature is very rarely used and primarily useful for Phacility instances.

Test Plan: Created new namespaces and edited namespaces, browsed namespace UI.

Differential Revision: https://secure.phabricator.com/D21543
2021-02-03 15:20:26 -08:00
epriestley
9502312b60 Remove "final" from "private" methods in Phabricator
Summary:
Ref T13588. This has never been meaningful, but a "final private" method is specifically forbidden in PHP8.

Remove meaningless "final" from these methods, per new lint checks.

Test Plan: Ran `arc lint --everything` to identify affected methods, then `... | xargs -n1 arc lint --apply-patches`.

Maniphest Tasks: T13588

Differential Revision: https://secure.phabricator.com/D21540
2021-02-03 14:13:29 -08:00