Page MenuHomePhabricator
Files F190697

whyyyyyyyyyyyyyyyy
No One
Actions

Authored By
chasemp
Aug 14 2014, 11:37 PM
Size
6 KB
Referenced Files
None
Subscribers
None

whyyyyyyyyyyyyyyyy
View Options

<?php
class SecurityPolicyEnforcerAction extends HeraldCustomAction {
public function appliesToAdapter(HeraldAdapter $adapter) {
return $adapter instanceof HeraldManiphestTaskAdapter;
}
public function appliesToRuleType($rule_type) {
switch ($rule_type) {
case HeraldRuleTypeConfig::RULE_TYPE_GLOBAL:
return true;
case HeraldRuleTypeConfig::RULE_TYPE_PERSONAL:
case HeraldRuleTypeConfig::RULE_TYPE_OBJECT:
default:
return false;
}
}
public function getActionKey() {
return "SecurityPolicy";
}
public function getActionName() {
return "Ensure Security Task Policy Are Enforced";
}
public function getActionType() {
return HeraldAdapter::VALUE_NONE;
}
public function applyEffect(
HeraldAdapter $adapter,
$object,
HeraldEffect $effect) {
/**
//this is kicked off by a herald rule that says any time
//a new task is created we run through this global rule
//we only act on security field settings here
//ideally each security field setting is it's own extensions?
// and herald can tell them apart utnil then we just do crappy
//if / else
Pseudo:
$task = get_new_task()
$custom_policies = $task->custompolicies()
security_policy = $custom_policies['security']
if security_policy == 'operations-request' {
...change task edit to operations-request project...
...change task view to operations-request project...
...strip existing folder project (make note in descript?)...
...apply operations-request project...
elif security_policy == 'operations-access-request' {
...change task edit to operations-access-request' project...
...change task view to operations-access-request' project...
...strip existing folder project (make note in descript?)...
...apply operations-request project...
...CREATE SECOND TASK...make it a blocker for this task
//the idea is public access-requests have a shadow ticket that is
//created as a blocker taht is "hidden" that is used to debate the
//request not in public
...change task edit to operations-access-request-private' project...
...change task view to operations-access-request-private' project...
...apply operations-request project...
elif security_policy == 'security-bug' {
...change task edit to security-bug project...
...change task view to security-bug project...
...strip existing folder project (make note in descript?)...
...apply operations-request project...
else {
pass
}
**/
$task = $object;
$viewer = PhabricatorUser::getOmnipotentUser();
$field_list = PhabricatorCustomField::getObjectFields(
$task,
PhabricatorCustomField::ROLE_EDIT);
$field_list
->setViewer($viewer)
->readFieldsFromStorage($task);
phlog($field_list->getFields());
$field_value = null;
foreach ($field_list->getFields() as $field) {
$field_key = $field->getFieldKey();
phlog($field_key);
if ($field_key == 'std:maniphest:security_topic') {
$field_value = $field->getValueForStorage();
break;
}
}
// 'ops-access-request'
//phlog(array($field_value));
$enforce = True;
switch ($field_value) {
case 'ops-procurement':
$enforce = True;
//operations group
$view_policy = 'PHID-PROJ-hxzt3eodbfkeqcyqoswh';
$edit_policy = 'PHID-PROJ-hxzt3eodbfkeqcyqoswh';
$project_phids = array('PHID-PROJ-hxzt3eodbfkeqcyqoswh');
break;
case 'ops-access-request':
$enforce = True;
//operations group
$view_policy = 'PHID-PROJ-hxzt3eodbfkeqcyqoswh';
$edit_policy = 'PHID-PROJ-hxzt3eodbfkeqcyqoswh';
$project_phids = array('PHID-PROJ-hxzt3eodbfkeqcyqoswh');
$private_task = ManiphestTask::initializeNewTask($viewer);
$oid = $task->getID();
$private_task->setViewPolicy($view_policy)
->setEditPolicy($edit_policy)
->setTitle("ops access request: {$oid}")
->setAuthorPHID("PHID-USER-wa4idclisnm6aeakk7ur")
->attachProjectPHIDs(array('PHID-PROJ-hxzt3eodbfkeqcyqoswh'))
->save();
break;
case 'sensitive':
$enforce = True;
//operations group
$view_policy = 'PHID-PROJ-hxzt3eodbfkeqcyqoswh';
$edit_policy = 'PHID-PROJ-hxzt3eodbfkeqcyqoswh';
$project_phids = array();
break;
case 'security-bug':
//operations group
$view_policy = 'PHID-PROJ-hxzt3eodbfkeqcyqoswh';
$edit_policy = 'PHID-PROJ-hxzt3eodbfkeqcyqoswh';
$project_phids = array();
break;
default:
$enforce = False;
}
if ($enforce) {
$transactions = array();
//$field_value = null;
//$transactions[] = id(new ManiphestTransaction())
// ->setTransactionType(ManiphestTransaction::TYPE_TITLE)
// ->setNewValue($my_title);
if ($view_policy !== null) {
$transactions[] = id(new ManiphestTransaction())
->setTransactionType(PhabricatorTransactions::TYPE_VIEW_POLICY)
->setNewValue($view_policy);
}
if ($edit_policy !== null) {
$transactions[] = id(new ManiphestTransaction())
->setTransactionType(PhabricatorTransactions::TYPE_EDIT_POLICY)
->setNewValue($edit_policy);
}
if ($project_phids) {
$project_type = PhabricatorProjectObjectHasProjectEdgeType::EDGECONST;
$transactions[] = id(new ManiphestTransaction())
->setTransactionType(PhabricatorTransactions::TYPE_EDGE)
->setMetadataValue('edge:type', $project_type)
->setNewValue(
array(
'=' => array_fuse($project_phids),
));
}
foreach ($transactions as $transaction) {
$adapter->queueTransaction($transaction);
}
}
return new HeraldApplyTranscript(
$effect,
true,
pht('Set security policy'));
}
}

File Metadata

Mime Type
text/plain; charset=utf-8
Storage Engine
amazon-s3
Storage Format
Raw Data
Storage Handle
phabricator/tl/nk/vbpxocf3znwnywrn
Default Alt Text
whyyyyyyyyyyyyyyyy (6 KB)

Event Timeline

Phabricator · Built by Phacility