diff options
author | dklawren <dklawren@users.noreply.github.com> | 2018-05-11 20:48:46 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-05-11 20:48:46 +0200 |
commit | fb8fb9b2c69e4d20c5a39a0595e65af8bdcc3161 (patch) | |
tree | 9d6348b2653387f3ec2c9e6e907e8247f4804a29 /extensions | |
parent | 2ef89c7fecfbc3e8f44320489e4033440782862b (diff) | |
download | bugzilla-fb8fb9b2c69e4d20c5a39a0595e65af8bdcc3161.tar.gz bugzilla-fb8fb9b2c69e4d20c5a39a0595e65af8bdcc3161.tar.xz |
Bug 1458664 - Feed daemon when adding or updating a new project in Phabricator, it should fix permissions
Diffstat (limited to 'extensions')
-rw-r--r-- | extensions/PhabBugz/lib/Feed.pm | 65 |
1 files changed, 44 insertions, 21 deletions
diff --git a/extensions/PhabBugz/lib/Feed.pm b/extensions/PhabBugz/lib/Feed.pm index a7bb75148..8f02d8c3f 100644 --- a/extensions/PhabBugz/lib/Feed.pm +++ b/extensions/PhabBugz/lib/Feed.pm @@ -18,6 +18,7 @@ use Try::Tiny; use Bugzilla::Constants; use Bugzilla::Error; +use Bugzilla::Field; use Bugzilla::Logging; use Bugzilla::Mailer; use Bugzilla::Search; @@ -221,49 +222,71 @@ sub group_query { INFO("Updating group memberships"); + # Pre setup before making changes + my $old_user = set_phab_user(); + # Loop through each group and perform the following: # # 1. Load flattened list of group members # 2. Check to see if Phab project exists for 'bmo-<group_name>' # 3. Create if does not exist with locked down policy. - # 4. Set project members to exact list + # 4. Set project members to exact list including phab-bot user # 5. Profit my $sync_groups = Bugzilla::Group->match( { isactive => 1, isbuggroup => 1 } ); - foreach my $group (@$sync_groups) { + # Load phab-bot Phabricator user to add as a member of each project group later + my $phab_ids = get_phab_bmo_ids( { ids => [ Bugzilla->user->id ] } ); + my $phab_user = Bugzilla::User->new( { id => $phab_ids->[0]->{id}, cache => 1 } ); + $phab_user->{phab_phid} = $phab_ids->[0]->{phid}; + # secure-revision project that will be used for bmo group projects + my $secure_revision = + Bugzilla::Extension::PhabBugz::Project->new_from_query( + { + name => 'secure-revision' + } + ); + + foreach my $group (@$sync_groups) { # Create group project if one does not yet exist my $phab_project_name = 'bmo-' . $group->name; - my $project = Bugzilla::Extension::PhabBugz::Project->new_from_query( + my $project = + Bugzilla::Extension::PhabBugz::Project->new_from_query( { - name => $phab_project_name + name => $phab_project_name } ); + if ( !$project ) { - INFO("Project $project not found. Creating."); - my $secure_revision = - Bugzilla::Extension::PhabBugz::Project->new_from_query( - { - name => 'secure-revision' - } - ); + INFO("Project $phab_project_name not found. Creating."); $project = Bugzilla::Extension::PhabBugz::Project->create( - { - name => $phab_project_name, - description => 'BMO Security Group for ' . $group->name, - view_policy => $secure_revision->phid, - edit_policy => $secure_revision->phid, - join_policy => $secure_revision->phid - } + { + name => $phab_project_name, + description => 'BMO Security Group for ' . $group->name, + view_policy => $secure_revision->phid, + edit_policy => $secure_revision->phid, + join_policy => $secure_revision->phid + } ); } + else { + # Make sure that the group project permissions are set properly + INFO("Updating permissions on $phab_project_name"); + $project->set_policy( 'view', $secure_revision->phid ); + $project->set_policy( 'edit', $secure_revision->phid ); + $project->set_policy( 'join', $secure_revision->phid ); + } + # Make sure phab-bot also a member of the new project group so that it can + # make policy changes to the private revisions INFO("Setting group members for " . $project->name); - my @group_members = get_group_members($group); - $project->set_members( \@group_members ); + my @group_members = $self->get_group_members( $group ); + $project->set_members( [ ($phab_user, @group_members) ] ); $project->update(); } + + Bugzilla->set_user($old_user); } sub process_revision_change { @@ -724,7 +747,7 @@ sub save_last_id { } sub get_group_members { - my ($group) = @_; + my ( $self, $group ) = @_; my $group_obj = ref $group ? $group : Bugzilla::Group->check( { name => $group, cache => 1 } ); |