Bug 1367604 - BMO extension to apply security policies to Phabricator revisions as needed

* - Updated based on dylans review
- Fixed custom policy to instead allow projects and subscribers and then
  add BMO roles to the subscriber list
- Some other bug fixes

* fix lifetime of phabricator_url_re()

Instead of passing the value (which depends on runtime configuration)
pass in a reference.
Also edit extensions/BMO/Extension.pm to allow %autodetect_attach_urls
regex option to be a callback instead of just a plain regexp ref.

* - Fixed regex in BMO extension to detect phabricator attachments
- Use request_cache for useragent handle in Util.pm

1 files changed, 12 insertions, 114 deletions

diff --git a/extensions/PhabBugz/bin/update_project_members.pl b/extensions/PhabBugz/bin/update_project_members.pl
index 0aa51e17d..6cea1b431 100755
--- a/extensions/PhabBugz/bin/update_project_members.pl
+++ b/extensions/PhabBugz/bin/update_project_members.pl
@@ -20,12 +20,16 @@ use Bugzilla::Constants;
 use Bugzilla::Error;
 use Bugzilla::Group;
 
-use LWP::UserAgent;
-use JSON qw(encode_json decode_json);
+use Bugzilla::Extension::PhabBugz::Util qw(
+    create_project
+    get_members_by_bmo_id
+    get_project_phid
+    set_project_members
+);
 
 Bugzilla->usage_mode(USAGE_MODE_CMDLINE);
 
-my ($phab_uri, $phab_api_key, $phab_sync_groups, $ua);
+my ($phab_uri, $phab_api_key, $phab_sync_groups);
 
 if (!Bugzilla->params->{phabricator_enabled}) {
     exit;
@@ -59,23 +63,21 @@ foreach my $group (@$sync_groups) {
 
     # Create group project if one does not yet exist
     my $phab_project_name = 'bmo-' . $group->name;
-    my $project_id = get_phab_project($phab_project_name);
-    if (!$project_id) {
-        $project_id = create_phab_project($phab_project_name, 'BMO Security Group for ' . $group->name);
+    my $project_phid = get_project_phid($phab_project_name);
+    if (!$project_phid) {
+        $project_phid = create_project($phab_project_name, 'BMO Security Group for ' . $group->name);
     }
 
     # Get the internal user ids for the bugzilla group members
     my $phab_user_ids = [];
     if (@users) {
-        $phab_user_ids = get_phab_members_by_bmo_id(\@users);
+        $phab_user_ids = get_members_by_bmo_id(\@users);
     }
 
     # Set the project members to the exact list
-    set_phab_project_members($project_id, $phab_user_ids);
+    set_project_members($project_phid, $phab_user_ids);
 }
 
-# Bugzilla
-
 sub get_group_members {
     my ($group) = @_;
     my $group_obj = ref $group ? $group : Bugzilla::Group->check({ name => $group });
@@ -88,107 +90,3 @@ sub get_group_members {
     }
     return values %users;
 }
-
-# Projects
-
-sub get_phab_project {
-    my ($project) = @_;
-
-    my $data = {
-        queryKey => 'active',
-        constraints => {
-            name => $project
-        }
-    };
-
-    my $result = request('project.search', $data);
-    if (!$result->{result}{data}) {
-        return undef;
-    }
-    return $result->{result}{data}[0]{phid};
-}
-
-sub create_phab_project {
-    my ($project, $description, $members) = @_;
-
-    my $data = {
-        transactions => [
-            { type => 'name',  value => $project },
-            { type => 'description', value => $description },
-            { type => 'edit',  value => 'admin'},
-            { type => 'join',  value => 'admin' },
-            { type => 'icon',  value => 'group' },
-            { type => 'color', value => 'red' }
-        ]
-    };
-
-    my $result = request('project.edit', $data);
-    return $result->{result}{object}{phid};
-}
-
-sub set_phab_project_members {
-    my ($project_id, $phab_user_ids) = @_;
-
-    my $data = {
-        objectIdentifier => $project_id,
-        transactions => [
-            { type => 'members.set',  value => $phab_user_ids }
-        ]
-    };
-
-    my $result = request('project.edit', $data);
-    return $result->{result}{object}{phid};
-}
-
-# Members
-
-sub get_phab_members_by_bmo_id {
-    my ($users) = @_;
-
-    my $data = {
-        accountids => [ map { $_->id } @$users ]
-    };
-
-    my $result = request('bmoexternalaccount.search', $data);
-    if (!$result->{result}) {
-        return [];
-    }
-
-    my @phab_ids;
-    foreach my $user (@{ $result->{result} }) {
-        push(@phab_ids, $user->{phid});
-    }
-    return \@phab_ids;
-}
-
-# Utility
-
-sub request {
-    my ($method, $data) = @_;
-
-    if (!$ua) {
-        $ua = LWP::UserAgent->new(timeout => 10);
-        if (Bugzilla->params->{proxy_url}) {
-            $ua->proxy('https', Bugzilla->params->{proxy_url});
-        }
-        $ua->default_header('Content-Type' => 'application/x-www-form-urlencoded');
-    }
-
-    my $full_uri = $phab_uri . '/api/' . $method;
-
-    $data->{__conduit__} = { token => $phab_api_key };
-
-    my $response = $ua->post($full_uri, { params => encode_json($data) });
-
-    $response->is_error
-        && ThrowCodeError('phabricator_api_error',
-                          { reason => $response->message });
-
-    my $result = decode_json($response->content);
-    if ($result->{error_code}) {
-        ThrowCodeError('phabricator_api_error',
-                       { code   => $result->{error_code},
-                         reason => $result->{error_info} });
-    }
-    return $result;
-}