Page MenuHomePhabricator
Files F190650

whyyyyyyyyyyyyyyyy
No One
Actions

Authored By
chasemp
Aug 14 2014, 9:20 PM
Size
4 KB
Referenced Files
None
Subscribers
None

whyyyyyyyyyyyyyyyy
View Options

<?php
class SecurityPolicyEnforcerAction extends HeraldCustomAction {
public function appliesToAdapter(HeraldAdapter $adapter) {
return $adapter instanceof HeraldManiphestTaskAdapter;
}
public function appliesToRuleType($rule_type) {
switch ($rule_type) {
case HeraldRuleTypeConfig::RULE_TYPE_GLOBAL:
return true;
case HeraldRuleTypeConfig::RULE_TYPE_PERSONAL:
case HeraldRuleTypeConfig::RULE_TYPE_OBJECT:
default:
return false;
}
}
public function getActionKey() {
return "SecurityPolicy";
}
public function getActionName() {
return "Ensure Security Task Policy Are Enforced";
}
public function getActionType() {
return "SecurityPolicyEnforcerAction";
}
public function applyEffect(
HeraldAdapter $adapter,
$object,
HeraldEffect $effect) {
/**
//this is kicked off by a herald rule that says any time
//a new task is created we run through this global rule
//we only act on security field settings here
//ideally each security field setting is it's own extensions?
// and herald can tell them apart utnil then we just do crappy
//if / else
Pseudo:
$task = get_new_task()
$custom_policies = $task->custompolicies()
security_policy = $custom_policies['security']
if security_policy == 'operations-request' {
...change task edit to operations-request project...
...change task view to operations-request project...
...strip existing folder project (make note in descript?)...
...apply operations-request project...
elif security_policy == 'operations-access-request' {
...change task edit to operations-access-request' project...
...change task view to operations-access-request' project...
...strip existing folder project (make note in descript?)...
...apply operations-request project...
...CREATE SECOND TASK...make it a blocker for this task
//the idea is public access-requests have a shadow ticket that is
//created as a blocker taht is "hidden" that is used to debate the
//request not in public
...change task edit to operations-access-request-private' project...
...change task view to operations-access-request-private' project...
...apply operations-request project...
elif security_policy == 'security-bug' {
...change task edit to security-bug project...
...change task view to security-bug project...
...strip existing folder project (make note in descript?)...
...apply operations-request project...
else {
pass
}
**/
phlog(array($adapter));
$task = $adapter->getTask();
//XXX: this no worky!
//all to undefined method HeraldManiphestTaskAdapter::"
$user = $adapter->getViewer();
phlog(array($task));
$field_list = PhabricatorCustomField::getObjectFields(
$task,
PhabricatorCustomField::ROLE_EDIT);
$field_list
->setViewer($user)
->readFieldsFromStorage($task);
foreach ($field_list as $field) {
if ($field->getFieldKey() == 'something special') {
$security_value = $field->getValue();
break;
}
}
$transactions = array();
$view_policy = 'PHID-PROJ-hxzt3eodbfkeqcyqoswh';
if ($view_policy !== null) {
$transactions[] = id(new ManiphestTransaction())
->setTransactionType(PhabricatorTransactions::TYPE_VIEW_POLICY)
->setNewValue($view_policy);
}
$edit_policy = 'PHID-PROJ-hxzt3eodbfkeqcyqoswh';
if ($view_policy !== null) {
$transactions[] = id(new ManiphestTransaction())
->setTransactionType(PhabricatorTransactions::TYPE_EDIT_POLICY)
->setNewValue($edit_policy);
}
foreach($transactions as $transaction) {
$adapter->queueTransaction($transaction);
}
return new HeraldApplyTranscript(
$effect,
true,
pht('Set security policy'));
}
}

File Metadata

Mime Type
text/plain; charset=utf-8
Storage Engine
amazon-s3
Storage Format
Raw Data
Storage Handle
phabricator/4j/ng/qnliinlu7khijv3u
Default Alt Text
whyyyyyyyyyyyyyyyy (4 KB)

Event Timeline

Phabricator · Built by Phacility