From 191a5fc2fbdba570d4d3b69a944dcec3366973b5 Mon Sep 17 00:00:00 2001 From: David Walsh Date: Tue, 10 Oct 2017 09:43:45 -0500 Subject: Bug 1399593 - Add sync group comments during new revision creation as well as push connector --- extensions/PhabBugz/lib/Util.pm | 95 ++++++++++++++++++++++++++++++----- extensions/PhabBugz/lib/WebService.pm | 15 ++---- 2 files changed, 88 insertions(+), 22 deletions(-) (limited to 'extensions/PhabBugz') diff --git a/extensions/PhabBugz/lib/Util.pm b/extensions/PhabBugz/lib/Util.pm index 9e2cac149..8fa3b620b 100644 --- a/extensions/PhabBugz/lib/Util.pm +++ b/extensions/PhabBugz/lib/Util.pm @@ -11,7 +11,10 @@ use 5.10.1; use strict; use warnings; +use Bugzilla::Bug; +use Bugzilla::Constants; use Bugzilla::Error; +use Bugzilla::User; use Bugzilla::Util qw(trim); use Bugzilla::Extension::PhabBugz::Constants; @@ -23,6 +26,7 @@ use base qw(Exporter); our @EXPORT = qw( add_comment_to_revision + add_security_sync_comments create_revision_attachment create_private_revision_policy create_project @@ -32,6 +36,7 @@ our @EXPORT = qw( get_members_by_bmo_id get_project_phid get_revisions_by_ids + get_security_sync_groups intersect is_attachment_phab_revision make_revision_private @@ -78,6 +83,9 @@ sub create_revision_attachment { my $is_shadow_db = Bugzilla->is_shadow_db; Bugzilla->switch_to_main_db if $is_shadow_db; + my $old_user = Bugzilla->user; + _set_phab_user(); + my $dbh = Bugzilla->dbh; $dbh->bz_start_transaction; @@ -102,6 +110,8 @@ sub create_revision_attachment { $dbh->bz_commit_transaction; Bugzilla->switch_to_shadow_db if $is_shadow_db; + Bugzilla->set_user($old_user); + return $attachment; } @@ -126,29 +136,42 @@ sub get_bug_role_phids { sub create_private_revision_policy { my ($bug, $groups) = @_; - my $project_phids = []; - foreach my $group (@$groups) { - my $phid = get_project_phid('bmo-' . $group); - push(@$project_phids, $phid) if $phid; - } - - ThrowUserError('invalid_phabricator_sync_groups') unless @$project_phids; - my $data = { objectType => 'DREV', default => 'deny', policy => [ + { + action => 'allow', + rule => 'PhabricatorSubscriptionsSubscribersPolicyRule', + } + ] + }; + + if(scalar @$groups gt 0) { + my $project_phids = []; + foreach my $group (@$groups) { + my $phid = get_project_phid('bmo-' . $group); + push(@$project_phids, $phid) if $phid; + } + + ThrowUserError('invalid_phabricator_sync_groups') unless @$project_phids; + + push(@{ $data->{policy} }, { action => 'allow', rule => 'PhabricatorProjectsPolicyRule', value => $project_phids, - }, + } + ); + } + else { + push(@{ $data->{policy} }, { action => 'allow', - rule => 'PhabricatorSubscriptionsSubscribersPolicyRule', + value => 'admin', } - ] - }; + ); + } my $result = request('policy.create', $data); return $result->{result}{phid}; @@ -382,4 +405,52 @@ sub request { return $result; } +sub get_security_sync_groups { + my $bug = shift; + + my $phab_sync_groups = Bugzilla->params->{phabricator_sync_groups} + || ThrowUserError('invalid_phabricator_sync_groups'); + my $sync_group_names = [ split('[,\s]+', $phab_sync_groups) ]; + + my $bug_groups = $bug->groups_in; + my $bug_group_names = [ map { $_->name } @$bug_groups ]; + + my @set_groups = intersect($bug_group_names, $sync_group_names); + + return @set_groups; +} + +sub _set_phab_user { + my $user = Bugzilla::User->new( { name => PHAB_AUTOMATION_USER } ); + $user->{groups} = [ Bugzilla::Group->get_all ]; + Bugzilla->set_user($user); +} + +sub add_security_sync_comments { + my ($revisions, $bug) = @_; + + my $phab_error_message = 'Revision is being made private due to unknown Bugzilla groups.'; + + foreach my $revision (@$revisions) { + add_comment_to_revision( $revision->{phid}, $phab_error_message ); + } + + my $num_revisions = scalar @$revisions; + my $bmo_error_message = + ( $num_revisions > 1 + ? $num_revisions.' revisions were' + : 'One revision was' ) + . ' made private due to unknown Bugzilla groups.'; + + my $old_user = Bugzilla->user; + _set_phab_user(); + + $bug->add_comment( $bmo_error_message, { isprivate => 0 } ); + + my $bug_changes = $bug->update(); + $bug->send_changes($bug_changes); + + Bugzilla->set_user($old_user); +} + 1; diff --git a/extensions/PhabBugz/lib/WebService.pm b/extensions/PhabBugz/lib/WebService.pm index 4b14f1495..738077880 100644 --- a/extensions/PhabBugz/lib/WebService.pm +++ b/extensions/PhabBugz/lib/WebService.pm @@ -25,6 +25,7 @@ use Bugzilla::WebService::Constants; use Bugzilla::Extension::PhabBugz::Constants; use Bugzilla::Extension::PhabBugz::Util qw( + add_security_sync_comments create_revision_attachment create_private_revision_policy edit_revision_policy @@ -35,6 +36,7 @@ use Bugzilla::Extension::PhabBugz::Util qw( is_attachment_phab_revision make_revision_public request + get_security_sync_groups ); use List::Util qw(first); @@ -80,7 +82,7 @@ sub revision { my $revision_title = $revision->{fields}{title} || 'Unknown Description'; my $bug_id = $revision->{fields}{'bugzilla.bug-id'}; - my $bug = Bugzilla::Bug->check($bug_id); + my $bug = Bugzilla::Bug->new($bug_id); # If bug is public then remove privacy policy my $result; @@ -89,19 +91,12 @@ sub revision { } # else bug is private else { - my $phab_sync_groups = Bugzilla->params->{phabricator_sync_groups} - || ThrowUserError('invalid_phabricator_sync_groups'); - my $sync_group_names = [ split('[,\s]+', $phab_sync_groups) ]; - - my $bug_groups = $bug->groups_in; - my $bug_group_names = [ map { $_->name } @$bug_groups ]; - - my @set_groups = intersect($bug_group_names, $sync_group_names); + my @set_groups = get_security_sync_groups($bug); # If bug privacy groups do not have any matching synchronized groups, # then leave revision private and it will have be dealt with manually. if (!@set_groups) { - ThrowUserError('invalid_phabricator_sync_groups'); + add_security_sync_comments(\@revisions, $bug); } my $policy_phid = create_private_revision_policy($bug, \@set_groups); -- cgit v1.2.3-24-g4f1b