1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2025-01-15 09:11:07 +01:00
phorge-phorge/resources/sql/autopatches/20151023.harborpolicy.2.php
epriestley 5ee4a1a306 Give Harbormaster Build Plans real policies
Summary:
Ref T9614. Currently, a lot of Build Plan behavior is covered by a global "can manage" policy.

One install in particular is experiencing difficulty with warring factions within engineering aborting one another's builds.

As a first step to remedy this, and also generally make Harbormaster more flexible and bring it in line with other applications in terms of policy power:

  - Give Build Plans normal view/edit policies.
  - Require "Can Edit" to run a plan manually.

Having "Can View" on plans may be a little weird in some cases (the status of a Buildable might be bad because of a build you can't see) but we can cross that bridge when we come to it.

Next change here will require "Can Edit" to abort a build. This will reasonably allow installs to reserve pause/abort for administrators/adults. (I might let anyone restart a plan, though?)

Test Plan:
  - Created a new build plan.
  - Verified defaults were inherited from application defaults (swapped them around, too).
  - Saved build plan.
  - Edited policies.
  - Verified autoplans get the right policies.
  - Verified old plans got migrated properly.
  - Tried to run a plan I couldn't edit (denied).
  - Ran a plan from CLI with `bin/harbormaster`.
  - Tried to create a plan with an unprivileged user.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9614

Differential Revision: https://secure.phabricator.com/D14321
2015-10-26 12:38:21 -07:00

21 lines
522 B
PHP

<?php
$table = new HarbormasterBuildPlan();
$conn_w = $table->establishConnection('w');
$view_policy = PhabricatorPolicies::getMostOpenPolicy();
queryfx(
$conn_w,
'UPDATE %T SET viewPolicy = %s WHERE viewPolicy = %s',
$table->getTableName(),
$view_policy,
'');
$edit_policy = id(new PhabricatorHarbormasterApplication())
->getPolicy(HarbormasterCreatePlansCapability::CAPABILITY);
queryfx(
$conn_w,
'UPDATE %T SET editPolicy = %s WHERE editPolicy = %s',
$table->getTableName(),
$edit_policy,
'');