phabricator/scripts/svnauth/rebuild_svnauth.php

#!/usr/local/bin/php
<?php

$root = dirname(dirname(dirname(__FILE__)));
require_once $root.'/scripts/__init_script__.php';

function getSVNRepositoryName($repository) {
  $uri = $repository->getRemoteURI();
  return preg_replace(
    '/https?\:\/\/.*?\/svnroot\/([^\/]+)\/?.*/', '$1', $uri);
}

// Get user's heys and put them to the configuration
function handleSingleUserPHID(
  $viewer, $userPHID, $repository, &$authfile, &$access) {
  $user = id(new PhabricatorPeopleQuery())
    ->setViewer($viewer)
    ->withPHIDs(array($userPHID))
    ->executeOne();
  if (!$user) {
    return;
  }

  $user_name = $user->getUserName();
  if (!array_key_exists($user_name, $authfile)) {
    $field_list = PhabricatorCustomField::getObjectFields(
      $user,
      PhabricatorCustomField::ROLE_APPLICATIONTRANSACTIONS);
    $field_list
      ->setViewer($user)
      ->readFieldsFromStorage($user);
    $fields = $field_list->getFields();
    $htaccess_field = idx($fields, 'std:user:htaccess_password_hash');
    if ($htaccess_field) {
      $password_hash = $htaccess_field->getValueForStorage();
      $authfile[$user_name] = array('hash' => $password_hash,
                                    'email' => $user->loadPrimaryEmailAddress(),
                                    'name' => $user->getRealName());
    }
  }

  $repository_name = getSVNRepositoryName($repository);

  $repository_rootpath = $repository_name . ':/';
  if (!array_key_exists($repository_rootpath, $access)) {
    $access[$repository_rootpath]['RW'] = array();
    $access[$repository_rootpath]['RO'] = array();
  }
  $access[$repository_rootpath]['RO'][] = $user_name;

  // Store write access settings to current subath
  $subpath = $repository->getDetail('svn-subpath');
  $subpath = rtrim($subpath, '/');
  $repository_pathname = "$repository_name:/$subpath";
  if (!array_key_exists($repository_pathname, $access)) {
    $access[$repository_pathname]['RW'] = array();
    $access[$repository_pathname]['RO'] = array();
  }
  $access[$repository_pathname]['RW'][] = $user_name;

  // Write access to the tags
  $tags_pathname = "$repository_name:/tags";
  if (!array_key_exists($tags_pathname, $access)) {
    $access[$tags_pathname]['RW'] = array();
    $access[$tags_pathname]['RO'] = array();
  }
  $access[$tags_pathname]['RW'][] = $user_name;
}

// Parse repository and put it's members to the config file
function handleSingleRepository(
  $viewer, $repository, &$authfile, &$access) {
  $policies = PhabricatorPolicyQuery::loadPolicies(
    $viewer,
    $repository);

  $pushable = $policies[DiffusionPushCapability::CAPABILITY];
  $type = phid_get_type($pushable->getPHID());

  // Make sure repository is always available for read-only access
  $repository_rootpath = getSVNRepositoryName($repository) . ':/';
  if (!array_key_exists($repository_rootpath, $access)) {
    $access[$repository_rootpath]['RW'] = array();
    $access[$repository_rootpath]['RO'] = array();
  }

  if ($type == PhabricatorProjectProjectPHIDType::TYPECONST) {
    $project = id(new PhabricatorProjectQuery())
      ->setViewer($viewer)
      ->needMembers(true)
      ->withPHIDs(array($pushable->getPHID()))
      ->executeOne();

    $memberPHIDs = $project->getMemberPHIDs();
    foreach ($memberPHIDs as $memberPHID) {
      handleSingleUserPHID(
        $viewer, $memberPHID, $repository, $authfile, $access);
    }
  } else if ($type == PhabricatorPeoplePHIDTypeUser::TYPECONST) {
    handleSingleUserPHID(
      $viewer, $pushable->getPHID(), $repository, $authfile, $access);
  } else if ($type == PhabricatorPolicyPHIDTypePolicy::TYPECONST) {
    /* pass */
  } else {
    /* pass */
  }
}

function rebuildConfiguration($what) {
  $viewer = id(new PhabricatorUser())
    ->loadOneWhere('username = %s', 'sergey');

  $repositories = id(new PhabricatorRepositoryQuery())
    ->setViewer($viewer)
    ->execute();

  $authfile = array();
  $access = array();

  require_once 'archived_repos.php';
  foreach ($ARCHIVED_REPOS as $repository) {
    $repository_pathname = "$repository:/";
    $access[$repository_pathname]['RW'] = array();
    $access[$repository_pathname]['RO'] = array();
  }

  foreach ($repositories as $repository_id => $repository) {
    $type = $repository->getVersionControlSystem();
    if ($type == PhabricatorRepositoryType::REPOSITORY_TYPE_SVN) {
      handleSingleRepository(
        $viewer, $repository, $authfile, $access);
    }
  }
  if ($what == 'AUTHFILE') {
    foreach ($authfile as $user => $data) {
      print("$user:${data['hash']}\n");
    }
  } else if ($what == 'ACCESS') {
    foreach ($access as $repository => $users) {
      print("[$repository]\n");
      $rw_users = array();
      foreach ($users['RW'] as $user) {
        print("$user = rw\n");
        $rw_users[$user] = true;
      }
      foreach ($users['RO'] as $user) {
        if (!array_key_exists($user, $rw_users)) {
          print("$user = r\n");
        }
      }
      print("anonsvn = r\n");
      print("* = r\n\n");
    }
  } else if ($what == 'NAMEMAP') {
    foreach ($authfile as $user => $data) {
      print("$user\t${data['email']}\t${data['name']}\n");
    }
  }
  return true;
}

if (count($argv) != 2 ||
    ($argv[1] != 'ACCESS' && $argv[1] != 'AUTHFILE' && $argv[1] != 'NAMEMAP')) {
  print("Usage: {$argv[0]} ACCESS|AUTHFILE|NAMEMAP\n");
  exit(1);
}

rebuildConfiguration($argv[1]);
?>