recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Make most Differential reads policy-aware

Summary: Ref T603. Makes the majority of reads policy aware (and pretty much all the important ones).

Test Plan:
- Created a comment with `differential.createcomment`.
- Created a new revision with `arc diff` in order to exercise `differential.creatediff`.
- Created an inline comment with `differential.createinline`.
- Added a comment to a revision.
- Edited an inline comment.
- Edited a revision.
- Wrote "Depends on ..." in a summary, saved, verified link was created.
- Browsed a file in Diffusion.
- Got past the code I changed in the Releeph request thing.
- Edited a Releeph request.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D7136

epriestley 9b3d7b0d 80378eb5

+66 -21
+4 -2
src/applications/differential/conduit/ConduitAPI_differential_createcomment_Method.php
··· 31 31 } 32 32 33 33 protected function execute(ConduitAPIRequest $request) { 34 - $revision = id(new DifferentialRevision())->load( 35 - $request->getValue('revision_id')); 34 + $revision = id(new DifferentialRevisionQuery()) 35 + ->setViewer($request->getUser()) 36 + ->withIDs(array($request->getValue('revision_id'))) 37 + ->executeOne(); 36 38 if (!$revision) { 37 39 throw new ConduitException('ERR_BAD_REVISION'); 38 40 }
+4 -1
src/applications/differential/conduit/ConduitAPI_differential_creatediff_Method.php
··· 59 59 60 60 $parent_id = $request->getValue('parentRevisionID'); 61 61 if ($parent_id) { 62 - $parent_rev = id(new DifferentialRevision())->load($parent_id); 62 + $parent_rev = id(new DifferentialRevisionQuery()) 63 + ->setViewer($request->getUser()) 64 + ->withIDs(array($parent_id)) 65 + ->executeOne(); 63 66 if ($parent_rev) { 64 67 if ($parent_rev->getStatus() != 65 68 ArcanistDifferentialRevisionStatus::CLOSED) {
+4 -1
src/applications/differential/conduit/ConduitAPI_differential_createinline_Method.php
··· 43 43 if ($rid) { 44 44 // Given both a revision and a diff, check that they match. 45 45 // Given only a revision, find the active diff. 46 - $revision = id(new DifferentialRevision())->load($rid); 46 + $revision = id(new DifferentialRevisionQuery()) 47 + ->setViewer($request->getUser()) 48 + ->withIDs(array($rid)) 49 + ->executeOne(); 47 50 if (!$revision) { 48 51 throw new ConduitException('ERR-BAD-REVISION'); 49 52 }
+6 -1
src/applications/differential/controller/DifferentialCommentSaveController.php
··· 8 8 return new Aphront400Response(); 9 9 } 10 10 11 + $viewer = $request->getUser(); 12 + 11 13 $revision_id = $request->getInt('revision_id'); 12 - $revision = id(new DifferentialRevision())->load($revision_id); 14 + $revision = id(new DifferentialRevisionQuery()) 15 + ->setViewer($viewer) 16 + ->withIDs(array($revision_id)) 17 + ->executeOne(); 13 18 if (!$revision) { 14 19 return new Aphront400Response(); 15 20 }
+7 -1
src/applications/differential/controller/DifferentialInlineCommentEditController.php
··· 15 15 $revision_id = $this->revisionID; 16 16 $changeset_id = $this->getChangesetID(); 17 17 18 - if (!id(new DifferentialRevision())->load($revision_id)) { 18 + $viewer = $this->getRequest()->getUser(); 19 + $revision = id(new DifferentialRevisionQuery()) 20 + ->setViewer($viewer) 21 + ->withIDs(array($revision_id)) 22 + ->executeOne(); 23 + 24 + if (!$revision) { 19 25 throw new Exception("Invalid revision ID!"); 20 26 } 21 27
+5
src/applications/differential/controller/DifferentialRevisionEditController.php
··· 22 22 ->withIDs(array($this->id)) 23 23 ->needRelationships(true) 24 24 ->needReviewerStatus(true) 25 + ->requireCapabilities( 26 + array( 27 + PhabricatorPolicyCapability::CAN_VIEW, 28 + PhabricatorPolicyCapability::CAN_EDIT, 29 + )) 25 30 ->executeOne(); 26 31 if (!$revision) { 27 32 return new Aphront404Response();
+4 -2
src/applications/differential/field/specification/DifferentialFreeformFieldSpecification.php
··· 162 162 163 163 $dependents = $this->findDependentRevisions($message); 164 164 if ($dependents) { 165 - $dependents = id(new DifferentialRevision()) 166 - ->loadAllWhere('id IN (%Ld)', $dependents); 165 + $dependents = id(new DifferentialRevisionQuery()) 166 + ->setViewer($editor->getActor()) 167 + ->withIDs($dependents) 168 + ->execute(); 167 169 $this->saveFieldEdges( 168 170 $editor->getRevision(), 169 171 PhabricatorEdgeConfig::TYPE_DREV_DEPENDS_ON_DREV,
+4
src/applications/diffusion/conduit/ConduitAPI_diffusion_getcommits_Method.php
··· 233 233 private function addDifferentialInformation(array $commits) { 234 234 $commit_phids = ipull($commits, 'commitPHID'); 235 235 236 + // TODO: (T603) This should be policy checked, either by moving to 237 + // DifferentialRevisionQuery or by doing a followup query to make sure 238 + // the matched objects are visible. 239 + 236 240 $rev_conn_r = id(new DifferentialRevision())->establishConnection('r'); 237 241 $revs = queryfx_all( 238 242 $rev_conn_r,
+7 -6
src/applications/diffusion/controller/DiffusionBrowseFileController.php
··· 550 550 $commits = mpull($commits, null, 'getCommitIdentifier'); 551 551 } 552 552 553 + $request = $this->getRequest(); 554 + $user = $request->getUser(); 555 + 553 556 $revision_ids = id(new DifferentialRevision()) 554 557 ->loadIDsByCommitPHIDs(mpull($commits, 'getPHID')); 555 558 $revisions = array(); 556 559 if ($revision_ids) { 557 - $revisions = id(new DifferentialRevision())->loadAllWhere( 558 - 'id IN (%Ld)', 559 - $revision_ids); 560 + $revisions = id(new DifferentialRevisionQuery()) 561 + ->setViewer($user) 562 + ->withIDs($revision_ids) 563 + ->execute(); 560 564 } 561 - 562 - $request = $this->getRequest(); 563 - $user = $request->getUser(); 564 565 565 566 Javelin::initBehavior('phabricator-oncopy', array()); 566 567
+1
src/applications/herald/adapter/HeraldCommitAdapter.php
··· 211 211 $data = $this->commitData; 212 212 $revision_id = $data->getCommitDetail('differential.revisionID'); 213 213 if ($revision_id) { 214 + // TODO: (T603) Herald policy stuff. 214 215 $revision = id(new DifferentialRevision())->load($revision_id); 215 216 if ($revision) { 216 217 $revision->loadRelationships();
+1
src/applications/releeph/commitfinder/ReleephCommitFinder.php
··· 23 23 $matches = array(); 24 24 if (preg_match('/^D([1-9]\d*)$/', $partial_string, $matches)) { 25 25 $diff_id = $matches[1]; 26 + // TOOD: (T603) This is all slated for annihilation. 26 27 $diff_rev = id(new DifferentialRevision())->load($diff_id); 27 28 if (!$diff_rev) { 28 29 throw new ReleephCommitFinderException(
+11 -6
src/applications/releeph/controller/request/ReleephRequestDifferentialCreateController.php
··· 3 3 final class ReleephRequestDifferentialCreateController 4 4 extends ReleephProjectController { 5 5 6 + private $revisionID; 6 7 private $revision; 7 8 8 9 public function willProcessRequest(array $data) { 9 - $diff_rev_id = $data['diffRevID']; 10 - $diff_rev = id(new DifferentialRevision())->load($diff_rev_id); 11 - if (!$diff_rev) { 12 - throw new Exception(sprintf('D%d not found!', $diff_rev_id)); 13 - } 14 - $this->revision = $diff_rev; 10 + $this->revisionID = $data['diffRevID']; 15 11 } 16 12 17 13 public function processRequest() { 18 14 $request = $this->getRequest(); 19 15 $user = $request->getUser(); 16 + 17 + $diff_rev = id(new DifferentialRevisionQuery()) 18 + ->setViewer($user) 19 + ->withIDs(array($this->revisionID)) 20 + ->executeOne(); 21 + if (!$diff_rev) { 22 + return new Aphront404Response(); 23 + } 24 + $this->revision = $diff_rev; 20 25 21 26 $arc_project = id(new PhabricatorRepositoryArcanistProject()) 22 27 ->loadOneWhere('phid = %s', $this->revision->getArcanistProjectPHID());
+4 -1
src/applications/releeph/controller/request/ReleephRequestEditController.php
··· 228 228 $origin = null; 229 229 $diff_rev_id = $request->getStr('D'); 230 230 if ($diff_rev_id) { 231 - $diff_rev = id(new DifferentialRevision())->load($diff_rev_id); 231 + $diff_rev = id(new DifferentialRevisionQuery()) 232 + ->setViewer($user) 233 + ->withIDs(array($diff_rev_id)) 234 + ->executeOne(); 232 235 $origin = '/D'.$diff_rev->getID(); 233 236 $title = sprintf( 234 237 'D%d: %s',
+1
src/applications/releeph/storage/ReleephRequest.php
··· 248 248 } 249 249 } 250 250 251 + // TODO: (T603) Get rid of all this one-off ad-hoc loading. 251 252 public function loadDifferentialRevision() { 252 253 $diff_phid = $this->loadRequestCommitDiffPHID(); 253 254 if (!$diff_phid) {
+2
src/applications/repository/worker/PhabricatorRepositoryCommitOwnersWorker.php
··· 92 92 $commit_reviewedby_phid = null; 93 93 94 94 if ($revision_id) { 95 + // TODO: (T603) This is probably safe to use an omnipotent user on, 96 + // but check things more closely. 95 97 $revision = id(new DifferentialRevision())->load($revision_id); 96 98 if ($revision) { 97 99 $revision_author_phid = $revision->getAuthorPHID();
+1
src/applications/search/controller/PhabricatorSearchSelectController.php
··· 93 93 94 94 switch ($this->type) { 95 95 case DifferentialPHIDTypeRevision::TYPECONST: 96 + // TODO: (T603) See below. This whole thing needs cleanup. 96 97 $objects = id(new DifferentialRevision())->loadAllWhere( 97 98 'id IN (%Ld)', 98 99 $object_ids);