diff options
-rw-r--r-- | extensions/PhabBugz/lib/Util.pm | 95 | ||||
-rw-r--r-- | extensions/PhabBugz/lib/WebService.pm | 15 | ||||
-rw-r--r-- | extensions/Push/lib/Connector/Phabricator.pm | 36 |
3 files changed, 93 insertions, 53 deletions
diff --git a/extensions/PhabBugz/lib/Util.pm b/extensions/PhabBugz/lib/Util.pm index 9e2cac149..8fa3b620b 100644 --- a/extensions/PhabBugz/lib/Util.pm +++ b/extensions/PhabBugz/lib/Util.pm @@ -11,7 +11,10 @@ use 5.10.1; use strict; use warnings; +use Bugzilla::Bug; +use Bugzilla::Constants; use Bugzilla::Error; +use Bugzilla::User; use Bugzilla::Util qw(trim); use Bugzilla::Extension::PhabBugz::Constants; @@ -23,6 +26,7 @@ use base qw(Exporter); our @EXPORT = qw( add_comment_to_revision + add_security_sync_comments create_revision_attachment create_private_revision_policy create_project @@ -32,6 +36,7 @@ our @EXPORT = qw( get_members_by_bmo_id get_project_phid get_revisions_by_ids + get_security_sync_groups intersect is_attachment_phab_revision make_revision_private @@ -78,6 +83,9 @@ sub create_revision_attachment { my $is_shadow_db = Bugzilla->is_shadow_db; Bugzilla->switch_to_main_db if $is_shadow_db; + my $old_user = Bugzilla->user; + _set_phab_user(); + my $dbh = Bugzilla->dbh; $dbh->bz_start_transaction; @@ -102,6 +110,8 @@ sub create_revision_attachment { $dbh->bz_commit_transaction; Bugzilla->switch_to_shadow_db if $is_shadow_db; + Bugzilla->set_user($old_user); + return $attachment; } @@ -126,29 +136,42 @@ sub get_bug_role_phids { sub create_private_revision_policy { my ($bug, $groups) = @_; - my $project_phids = []; - foreach my $group (@$groups) { - my $phid = get_project_phid('bmo-' . $group); - push(@$project_phids, $phid) if $phid; - } - - ThrowUserError('invalid_phabricator_sync_groups') unless @$project_phids; - my $data = { objectType => 'DREV', default => 'deny', policy => [ { action => 'allow', + rule => 'PhabricatorSubscriptionsSubscribersPolicyRule', + } + ] + }; + + if(scalar @$groups gt 0) { + my $project_phids = []; + foreach my $group (@$groups) { + my $phid = get_project_phid('bmo-' . $group); + push(@$project_phids, $phid) if $phid; + } + + ThrowUserError('invalid_phabricator_sync_groups') unless @$project_phids; + + push(@{ $data->{policy} }, + { + action => 'allow', rule => 'PhabricatorProjectsPolicyRule', value => $project_phids, - }, + } + ); + } + else { + push(@{ $data->{policy} }, { action => 'allow', - rule => 'PhabricatorSubscriptionsSubscribersPolicyRule', + value => 'admin', } - ] - }; + ); + } my $result = request('policy.create', $data); return $result->{result}{phid}; @@ -382,4 +405,52 @@ sub request { return $result; } +sub get_security_sync_groups { + my $bug = shift; + + my $phab_sync_groups = Bugzilla->params->{phabricator_sync_groups} + || ThrowUserError('invalid_phabricator_sync_groups'); + my $sync_group_names = [ split('[,\s]+', $phab_sync_groups) ]; + + my $bug_groups = $bug->groups_in; + my $bug_group_names = [ map { $_->name } @$bug_groups ]; + + my @set_groups = intersect($bug_group_names, $sync_group_names); + + return @set_groups; +} + +sub _set_phab_user { + my $user = Bugzilla::User->new( { name => PHAB_AUTOMATION_USER } ); + $user->{groups} = [ Bugzilla::Group->get_all ]; + Bugzilla->set_user($user); +} + +sub add_security_sync_comments { + my ($revisions, $bug) = @_; + + my $phab_error_message = 'Revision is being made private due to unknown Bugzilla groups.'; + + foreach my $revision (@$revisions) { + add_comment_to_revision( $revision->{phid}, $phab_error_message ); + } + + my $num_revisions = scalar @$revisions; + my $bmo_error_message = + ( $num_revisions > 1 + ? $num_revisions.' revisions were' + : 'One revision was' ) + . ' made private due to unknown Bugzilla groups.'; + + my $old_user = Bugzilla->user; + _set_phab_user(); + + $bug->add_comment( $bmo_error_message, { isprivate => 0 } ); + + my $bug_changes = $bug->update(); + $bug->send_changes($bug_changes); + + Bugzilla->set_user($old_user); +} + 1; diff --git a/extensions/PhabBugz/lib/WebService.pm b/extensions/PhabBugz/lib/WebService.pm index 4b14f1495..738077880 100644 --- a/extensions/PhabBugz/lib/WebService.pm +++ b/extensions/PhabBugz/lib/WebService.pm @@ -25,6 +25,7 @@ use Bugzilla::WebService::Constants; use Bugzilla::Extension::PhabBugz::Constants; use Bugzilla::Extension::PhabBugz::Util qw( + add_security_sync_comments create_revision_attachment create_private_revision_policy edit_revision_policy @@ -35,6 +36,7 @@ use Bugzilla::Extension::PhabBugz::Util qw( is_attachment_phab_revision make_revision_public request + get_security_sync_groups ); use List::Util qw(first); @@ -80,7 +82,7 @@ sub revision { my $revision_title = $revision->{fields}{title} || 'Unknown Description'; my $bug_id = $revision->{fields}{'bugzilla.bug-id'}; - my $bug = Bugzilla::Bug->check($bug_id); + my $bug = Bugzilla::Bug->new($bug_id); # If bug is public then remove privacy policy my $result; @@ -89,19 +91,12 @@ sub revision { } # else bug is private else { - my $phab_sync_groups = Bugzilla->params->{phabricator_sync_groups} - || ThrowUserError('invalid_phabricator_sync_groups'); - my $sync_group_names = [ split('[,\s]+', $phab_sync_groups) ]; - - my $bug_groups = $bug->groups_in; - my $bug_group_names = [ map { $_->name } @$bug_groups ]; - - my @set_groups = intersect($bug_group_names, $sync_group_names); + my @set_groups = get_security_sync_groups($bug); # If bug privacy groups do not have any matching synchronized groups, # then leave revision private and it will have be dealt with manually. if (!@set_groups) { - ThrowUserError('invalid_phabricator_sync_groups'); + add_security_sync_comments(\@revisions, $bug); } my $policy_phid = create_private_revision_policy($bug, \@set_groups); diff --git a/extensions/Push/lib/Connector/Phabricator.pm b/extensions/Push/lib/Connector/Phabricator.pm index b9917d7c1..4f0a57793 100644 --- a/extensions/Push/lib/Connector/Phabricator.pm +++ b/extensions/Push/lib/Connector/Phabricator.pm @@ -23,7 +23,8 @@ use Bugzilla::Extension::PhabBugz::Util qw( add_comment_to_revision create_private_revision_policy edit_revision_policy get_attachment_revisions get_bug_role_phids get_revisions_by_ids intersect is_attachment_phab_revision - make_revision_public make_revision_private set_revision_subscribers); + make_revision_public make_revision_private set_revision_subscribers + get_security_sync_groups add_security_sync_comments); use Bugzilla::Extension::Push::Constants; use Bugzilla::Extension::Push::Util qw(is_public); @@ -65,22 +66,11 @@ sub send { my $is_public = is_public($bug); - my $phab_sync_groups = Bugzilla->params->{phabricator_sync_groups}; - ThrowUserError('invalid_phabricator_sync_groups') unless $phab_sync_groups; - - my $sync_group_names = [ split( '[,\s]+', $phab_sync_groups ) ]; - - my $bug_groups = $bug->groups_in; - my $bug_group_names = [ map { $_->name } @$bug_groups ]; - - my @set_groups = intersect( $bug_group_names, $sync_group_names ); + my @set_groups = get_security_sync_groups($bug); my @revisions = get_attachment_revisions($bug); - if ( !$is_public && !@set_groups ) { - my $phab_error_message = - 'Revision is being made private due to unknown Bugzilla groups.'; - + if (!$is_public && !@set_groups) { foreach my $revision (@revisions) { Bugzilla->audit(sprintf( 'Making revision %s for bug %s private due to unkown Bugzilla groups: %s', @@ -88,26 +78,10 @@ sub send { $bug->id, join(', ', @set_groups) )); - add_comment_to_revision( $revision->{phid}, $phab_error_message ); make_revision_private( $revision->{phid} ); } - my $num_revisions = 0 + @revisions; - my $bmo_error_message = - ( $num_revisions > 1 - ? 'Multiple revisions were' - : 'One revision was' ) - . ' made private due to unknown Bugzilla groups.'; - - my $user = Bugzilla::User->new( { name => PHAB_AUTOMATION_USER } ); - $user->{groups} = [ Bugzilla::Group->get_all ]; - $user->{bless_groups} = [ Bugzilla::Group->get_all ]; - Bugzilla->set_user($user); - - $bug->add_comment( $bmo_error_message, { isprivate => 0 } ); - - my $bug_changes = $bug->update(); - $bug->send_changes($bug_changes); + add_security_sync_comments(\@revisions, $bug); return PUSH_RESULT_OK; } |