recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Fix an issue with incorrect authorization handling in Working Copy build steps

Summary:
Fixes T9669. Two issues:

- We were using `repositoryPHIDs` instead of `blueprintPHIDs` for the list of allowed blueprints. Use the correct value.
- We weren't enforcing `allowedBlueprintPHIDs` fully correctly. We //did// require an authorization, so the net effect was correct in nearly all cases, but we could have selected from too large a pool in the case where the application itself was doing the authorization (e.g., from the command line).

Test Plan: Ran a build through Drydock/Harbormaster locally.

Reviewers: chad, tycho.tatitscheff

Reviewed By: chad, tycho.tatitscheff

Subscribers: tycho.tatitscheff

Maniphest Tasks: T9669

Differential Revision: https://secure.phabricator.com/D14368

authored by

epriestley and committed by
epriestley f48a8337 096117aa

+10 -6
+6 -5
src/applications/drydock/worker/DrydockLeaseUpdateWorker.php
··· 309 309 return array(); 310 310 } 311 311 312 - $query = id(new DrydockBlueprintQuery()) 313 - ->setViewer($viewer) 314 - ->withBlueprintClasses(array_keys($impls)) 315 - ->withDisabled(false); 316 - 317 312 $blueprint_phids = $lease->getAllowedBlueprintPHIDs(); 318 313 if (!$blueprint_phids) { 319 314 $lease->logEvent(DrydockLeaseNoBlueprintsLogType::LOGCONST); 320 315 return array(); 321 316 } 317 + 318 + $query = id(new DrydockBlueprintQuery()) 319 + ->setViewer($viewer) 320 + ->withPHIDs($blueprint_phids) 321 + ->withBlueprintClasses(array_keys($impls)) 322 + ->withDisabled(false); 322 323 323 324 // The Drydock application itself is allowed to authorize anything. This 324 325 // is primarily used for leases generated by CLI administrative tools.
+4 -1
src/applications/harbormaster/step/HarbormasterLeaseWorkingCopyBuildStepImplementation.php
··· 41 41 $working_copy_type = id(new DrydockWorkingCopyBlueprintImplementation()) 42 42 ->getType(); 43 43 44 - $allowed_phids = $build_target->getFieldValue('repositoryPHIDs'); 44 + $allowed_phids = $build_target->getFieldValue('blueprintPHIDs'); 45 + if (!is_array($allowed_phids)) { 46 + $allowed_phids = array(); 47 + } 45 48 $authorizing_phid = $build_target->getBuildStep()->getPHID(); 46 49 47 50 $lease = DrydockLease::initializeNewLease()