use strict;
use warnings;
+use Bugzilla::Bug;
+use Bugzilla::Constants;
use Bugzilla::Error;
+use Bugzilla::User;
use Bugzilla::Util qw(trim);
use Bugzilla::Extension::PhabBugz::Constants;
our @EXPORT = qw(
add_comment_to_revision
+ add_security_sync_comments
create_revision_attachment
create_private_revision_policy
create_project
get_members_by_bmo_id
get_project_phid
get_revisions_by_ids
+ get_security_sync_groups
intersect
is_attachment_phab_revision
make_revision_private
my $is_shadow_db = Bugzilla->is_shadow_db;
Bugzilla->switch_to_main_db if $is_shadow_db;
+ my $old_user = Bugzilla->user;
+ _set_phab_user();
+
my $dbh = Bugzilla->dbh;
$dbh->bz_start_transaction;
$dbh->bz_commit_transaction;
Bugzilla->switch_to_shadow_db if $is_shadow_db;
+ Bugzilla->set_user($old_user);
+
return $attachment;
}
sub create_private_revision_policy {
my ($bug, $groups) = @_;
- my $project_phids = [];
- foreach my $group (@$groups) {
- my $phid = get_project_phid('bmo-' . $group);
- push(@$project_phids, $phid) if $phid;
- }
-
- ThrowUserError('invalid_phabricator_sync_groups') unless @$project_phids;
-
my $data = {
objectType => 'DREV',
default => 'deny',
policy => [
+ {
+ action => 'allow',
+ rule => 'PhabricatorSubscriptionsSubscribersPolicyRule',
+ }
+ ]
+ };
+
+ if(scalar @$groups gt 0) {
+ my $project_phids = [];
+ foreach my $group (@$groups) {
+ my $phid = get_project_phid('bmo-' . $group);
+ push(@$project_phids, $phid) if $phid;
+ }
+
+ ThrowUserError('invalid_phabricator_sync_groups') unless @$project_phids;
+
+ push(@{ $data->{policy} },
{
action => 'allow',
rule => 'PhabricatorProjectsPolicyRule',
value => $project_phids,
- },
+ }
+ );
+ }
+ else {
+ push(@{ $data->{policy} },
{
action => 'allow',
- rule => 'PhabricatorSubscriptionsSubscribersPolicyRule',
+ value => 'admin',
}
- ]
- };
+ );
+ }
my $result = request('policy.create', $data);
return $result->{result}{phid};
return $result;
}
+sub get_security_sync_groups {
+ my $bug = shift;
+
+ my $phab_sync_groups = Bugzilla->params->{phabricator_sync_groups}
+ || ThrowUserError('invalid_phabricator_sync_groups');
+ my $sync_group_names = [ split('[,\s]+', $phab_sync_groups) ];
+
+ my $bug_groups = $bug->groups_in;
+ my $bug_group_names = [ map { $_->name } @$bug_groups ];
+
+ my @set_groups = intersect($bug_group_names, $sync_group_names);
+
+ return @set_groups;
+}
+
+sub _set_phab_user {
+ my $user = Bugzilla::User->new( { name => PHAB_AUTOMATION_USER } );
+ $user->{groups} = [ Bugzilla::Group->get_all ];
+ Bugzilla->set_user($user);
+}
+
+sub add_security_sync_comments {
+ my ($revisions, $bug) = @_;
+
+ my $phab_error_message = 'Revision is being made private due to unknown Bugzilla groups.';
+
+ foreach my $revision (@$revisions) {
+ add_comment_to_revision( $revision->{phid}, $phab_error_message );
+ }
+
+ my $num_revisions = scalar @$revisions;
+ my $bmo_error_message =
+ ( $num_revisions > 1
+ ? $num_revisions.' revisions were'
+ : 'One revision was' )
+ . ' made private due to unknown Bugzilla groups.';
+
+ my $old_user = Bugzilla->user;
+ _set_phab_user();
+
+ $bug->add_comment( $bmo_error_message, { isprivate => 0 } );
+
+ my $bug_changes = $bug->update();
+ $bug->send_changes($bug_changes);
+
+ Bugzilla->set_user($old_user);
+}
+
1;
use Bugzilla::Extension::PhabBugz::Constants;
use Bugzilla::Extension::PhabBugz::Util qw(
+ add_security_sync_comments
create_revision_attachment
create_private_revision_policy
edit_revision_policy
is_attachment_phab_revision
make_revision_public
request
+ get_security_sync_groups
);
use List::Util qw(first);
my $revision_title = $revision->{fields}{title} || 'Unknown Description';
my $bug_id = $revision->{fields}{'bugzilla.bug-id'};
- my $bug = Bugzilla::Bug->check($bug_id);
+ my $bug = Bugzilla::Bug->new($bug_id);
# If bug is public then remove privacy policy
my $result;
}
# else bug is private
else {
- my $phab_sync_groups = Bugzilla->params->{phabricator_sync_groups}
- || ThrowUserError('invalid_phabricator_sync_groups');
- my $sync_group_names = [ split('[,\s]+', $phab_sync_groups) ];
-
- my $bug_groups = $bug->groups_in;
- my $bug_group_names = [ map { $_->name } @$bug_groups ];
-
- my @set_groups = intersect($bug_group_names, $sync_group_names);
+ my @set_groups = get_security_sync_groups($bug);
# If bug privacy groups do not have any matching synchronized groups,
# then leave revision private and it will have be dealt with manually.
if (!@set_groups) {
- ThrowUserError('invalid_phabricator_sync_groups');
+ add_security_sync_comments(\@revisions, $bug);
}
my $policy_phid = create_private_revision_policy($bug, \@set_groups);
add_comment_to_revision create_private_revision_policy
edit_revision_policy get_attachment_revisions get_bug_role_phids
get_revisions_by_ids intersect is_attachment_phab_revision
- make_revision_public make_revision_private set_revision_subscribers);
+ make_revision_public make_revision_private set_revision_subscribers
+ get_security_sync_groups add_security_sync_comments);
use Bugzilla::Extension::Push::Constants;
use Bugzilla::Extension::Push::Util qw(is_public);
my $is_public = is_public($bug);
- my $phab_sync_groups = Bugzilla->params->{phabricator_sync_groups};
- ThrowUserError('invalid_phabricator_sync_groups') unless $phab_sync_groups;
-
- my $sync_group_names = [ split( '[,\s]+', $phab_sync_groups ) ];
-
- my $bug_groups = $bug->groups_in;
- my $bug_group_names = [ map { $_->name } @$bug_groups ];
-
- my @set_groups = intersect( $bug_group_names, $sync_group_names );
+ my @set_groups = get_security_sync_groups($bug);
my @revisions = get_attachment_revisions($bug);
- if ( !$is_public && !@set_groups ) {
- my $phab_error_message =
- 'Revision is being made private due to unknown Bugzilla groups.';
-
+ if (!$is_public && !@set_groups) {
foreach my $revision (@revisions) {
Bugzilla->audit(sprintf(
'Making revision %s for bug %s private due to unkown Bugzilla groups: %s',
$bug->id,
join(', ', @set_groups)
));
- add_comment_to_revision( $revision->{phid}, $phab_error_message );
make_revision_private( $revision->{phid} );
}
- my $num_revisions = 0 + @revisions;
- my $bmo_error_message =
- ( $num_revisions > 1
- ? 'Multiple revisions were'
- : 'One revision was' )
- . ' made private due to unknown Bugzilla groups.';
-
- my $user = Bugzilla::User->new( { name => PHAB_AUTOMATION_USER } );
- $user->{groups} = [ Bugzilla::Group->get_all ];
- $user->{bless_groups} = [ Bugzilla::Group->get_all ];
- Bugzilla->set_user($user);
-
- $bug->add_comment( $bmo_error_message, { isprivate => 0 } );
-
- my $bug_changes = $bug->update();
- $bug->send_changes($bug_changes);
+ add_security_sync_comments(\@revisions, $bug);
return PUSH_RESULT_OK;
}
projects / thirdparty / bugzilla.git / commitdiff
