mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-25 08:12:40 +01:00
5ee4a1a306
Summary: Ref T9614. Currently, a lot of Build Plan behavior is covered by a global "can manage" policy. One install in particular is experiencing difficulty with warring factions within engineering aborting one another's builds. As a first step to remedy this, and also generally make Harbormaster more flexible and bring it in line with other applications in terms of policy power: - Give Build Plans normal view/edit policies. - Require "Can Edit" to run a plan manually. Having "Can View" on plans may be a little weird in some cases (the status of a Buildable might be bad because of a build you can't see) but we can cross that bridge when we come to it. Next change here will require "Can Edit" to abort a build. This will reasonably allow installs to reserve pause/abort for administrators/adults. (I might let anyone restart a plan, though?) Test Plan: - Created a new build plan. - Verified defaults were inherited from application defaults (swapped them around, too). - Saved build plan. - Edited policies. - Verified autoplans get the right policies. - Verified old plans got migrated properly. - Tried to run a plan I couldn't edit (denied). - Ran a plan from CLI with `bin/harbormaster`. - Tried to create a plan with an unprivileged user. Reviewers: chad Reviewed By: chad Maniphest Tasks: T9614 Differential Revision: https://secure.phabricator.com/D14321
21 lines
522 B
PHP
21 lines
522 B
PHP
<?php
|
|
|
|
$table = new HarbormasterBuildPlan();
|
|
$conn_w = $table->establishConnection('w');
|
|
|
|
$view_policy = PhabricatorPolicies::getMostOpenPolicy();
|
|
queryfx(
|
|
$conn_w,
|
|
'UPDATE %T SET viewPolicy = %s WHERE viewPolicy = %s',
|
|
$table->getTableName(),
|
|
$view_policy,
|
|
'');
|
|
|
|
$edit_policy = id(new PhabricatorHarbormasterApplication())
|
|
->getPolicy(HarbormasterCreatePlansCapability::CAPABILITY);
|
|
queryfx(
|
|
$conn_w,
|
|
'UPDATE %T SET editPolicy = %s WHERE editPolicy = %s',
|
|
$table->getTableName(),
|
|
$edit_policy,
|
|
'');
|