Make most repository reads policy-aware
Summary: Ref T603. This swaps almost all queries against the repository table over to be policy aware. Test Plan: - Made an audit comment on a commit. - Ran `save_lint.php`. - Looked up a commit with `diffusion.getcommits`. - Looked up lint messages with `diffusion.getlintmessages`. - Clicked an external/submodule in Diffusion. - Viewed main lint and repository lint in Diffusion. - Completed and validated Owners paths in Owners. - Executed dry runs via Herald. - Queried for package owners with `owners.query`. - Viewed Owners package. - Edited Owners package. - Viewed Owners package list. - Executed `repository.query`. - Viewed "Repository" tool repository list. - Edited Arcanist project. - Hit "Delete" on repository (this just tells you to use the CLI). - Created a repository. - Edited a repository. - Ran `bin/repository list`. - Ran `bin/search index rGTESTff45d13dffcfb3ea85b03aac8cc36251cacdf01c` - Pushed and parsed a commit. - Skipped all the Drydock stuff, as it it's hard to test and isn't normally reachable. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T603 Differential Revision: https://secure.phabricator.com/D7132
This commit is contained in:
epriestley
@@ -12,7 +12,9 @@ final class DiffusionExternalController extends DiffusionController {
|
||||
$uri = $request->getStr('uri');
|
||||
$id = $request->getStr('id');
|
||||
|
||||
$repositories = id(new PhabricatorRepository())->loadAll();
|
||||
$repositories = id(new PhabricatorRepositoryQuery())
|
||||
->setViewer($request->getUser())
|
||||
->execute();
|
||||
|
||||
if ($uri) {
|
||||
$uri_path = id(new PhutilURI($uri))->getPath();
|
||||
|
||||
@@ -221,9 +221,10 @@ final class DiffusionLintController extends DiffusionController {
|
||||
}
|
||||
|
||||
if ($paths) {
|
||||
$repositories = id(new PhabricatorRepository())->loadAllWhere(
|
||||
'phid IN (%Ls)',
|
||||
array_unique(mpull($paths, 'getRepositoryPHID')));
|
||||
$repositories = id(new PhabricatorRepositoryQuery())
|
||||
->setViewer($this->getRequest()->getUser())
|
||||
->withPHIDs(mpull($paths, 'getRepositoryPHID'))
|
||||
->execute();
|
||||
$repositories = mpull($repositories, 'getID', 'getPHID');
|
||||
|
||||
$branches = id(new PhabricatorRepositoryBranch())->loadAllWhere(
|
||||
@@ -233,7 +234,11 @@ final class DiffusionLintController extends DiffusionController {
|
||||
}
|
||||
|
||||
foreach ($paths as $path) {
|
||||
$branch = idx($branches, $repositories[$path->getRepositoryPHID()]);
|
||||
$branch = idx(
|
||||
$branches,
|
||||
idx(
|
||||
$repositories,
|
||||
$path->getRepositoryPHID()));
|
||||
if ($branch) {
|
||||
$condition = qsprintf(
|
||||
$conn,
|
||||
|
||||
@@ -10,9 +10,10 @@ final class DiffusionPathCompleteController extends DiffusionController {
|
||||
$request = $this->getRequest();
|
||||
|
||||
$repository_phid = $request->getStr('repositoryPHID');
|
||||
$repository = id(new PhabricatorRepository())->loadOneWhere(
|
||||
'phid = %s',
|
||||
$repository_phid);
|
||||
$repository = id(new PhabricatorRepositoryQuery())
|
||||
->setViewer($request->getUser())
|
||||
->withPHIDs(array($repository_phid))
|
||||
->executeOne();
|
||||
if (!$repository) {
|
||||
return new Aphront400Response();
|
||||
}
|
||||
|
||||
@@ -10,9 +10,10 @@ final class DiffusionPathValidateController extends DiffusionController {
|
||||
$request = $this->getRequest();
|
||||
|
||||
$repository_phid = $request->getStr('repositoryPHID');
|
||||
$repository = id(new PhabricatorRepository())->loadOneWhere(
|
||||
'phid = %s',
|
||||
$repository_phid);
|
||||
$repository = id(new PhabricatorRepositoryQuery())
|
||||
->setViewer($request->getUser())
|
||||
->withPHIDs(array($repository_phid))
|
||||
->executeOne();
|
||||
if (!$repository) {
|
||||
return new Aphront400Response();
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user