Page MenuHomePhabricator
Paste P1234

whyyyyyyyyyyyyyyyy!
ActivePublic
Actions

Authored by chasemp on Aug 14 2014, 8:48 PM.
Tags
None
Referenced Files
F190697: whyyyyyyyyyyyyyyyy
Aug 14 2014, 11:37 PM
F190650: whyyyyyyyyyyyyyyyy
Aug 14 2014, 9:20 PM
F190642: whyyyyyyyyyyyyyyyy
Aug 14 2014, 9:01 PM
F190637: whyyyyyyyyyyyyyyyy
Aug 14 2014, 8:48 PM
Subscribers
None
<?php
class SecurityPolicyEnforcerAction extends HeraldCustomAction {
public function appliesToAdapter(HeraldAdapter $adapter) {
return $adapter instanceof HeraldManiphestTaskAdapter;
}
public function appliesToRuleType($rule_type) {
switch ($rule_type) {
case HeraldRuleTypeConfig::RULE_TYPE_GLOBAL:
return true;
case HeraldRuleTypeConfig::RULE_TYPE_PERSONAL:
case HeraldRuleTypeConfig::RULE_TYPE_OBJECT:
default:
return false;
}
}
public function getActionKey() {
return "SecurityPolicy";
}
public function getActionName() {
return "Ensure Security Task Policy Are Enforced";
}
public function getActionType() {
return HeraldAdapter::VALUE_NONE;
}
public function applyEffect(
HeraldAdapter $adapter,
$object,
HeraldEffect $effect) {
/**
//this is kicked off by a herald rule that says any time
//a new task is created we run through this global rule
//we only act on security field settings here
//ideally each security field setting is it's own extensions?
// and herald can tell them apart utnil then we just do crappy
//if / else
Pseudo:
$task = get_new_task()
$custom_policies = $task->custompolicies()
security_policy = $custom_policies['security']
if security_policy == 'operations-request' {
...change task edit to operations-request project...
...change task view to operations-request project...
...strip existing folder project (make note in descript?)...
...apply operations-request project...
elif security_policy == 'operations-access-request' {
...change task edit to operations-access-request' project...
...change task view to operations-access-request' project...
...strip existing folder project (make note in descript?)...
...apply operations-request project...
...CREATE SECOND TASK...make it a blocker for this task
//the idea is public access-requests have a shadow ticket that is
//created as a blocker taht is "hidden" that is used to debate the
//request not in public
...change task edit to operations-access-request-private' project...
...change task view to operations-access-request-private' project...
...apply operations-request project...
elif security_policy == 'security-bug' {
...change task edit to security-bug project...
...change task view to security-bug project...
...strip existing folder project (make note in descript?)...
...apply operations-request project...
else {
pass
}
**/
$task = $object;
$viewer = PhabricatorUser::getOmnipotentUser();
$field_list = PhabricatorCustomField::getObjectFields(
$task,
PhabricatorCustomField::ROLE_EDIT);
$field_list
->setViewer($viewer)
->readFieldsFromStorage($task);
phlog($field_list->getFields());
$field_value = null;
foreach ($field_list->getFields() as $field) {
$field_key = $field->getFieldKey();
phlog($field_key);
if ($field_key == 'std:maniphest:security_topic') {
$field_value = $field->getValueForStorage();
break;
}
}
// 'ops-access-request'
//phlog(array($field_value));
$enforce = True;
switch ($field_value) {
case 'ops-procurement':
$enforce = True;
//operations group
$view_policy = 'PHID-PROJ-hxzt3eodbfkeqcyqoswh';
$edit_policy = 'PHID-PROJ-hxzt3eodbfkeqcyqoswh';
$project_phids = array('PHID-PROJ-hxzt3eodbfkeqcyqoswh');
break;
case 'ops-access-request':
$enforce = True;
//operations group
$view_policy = 'PHID-PROJ-hxzt3eodbfkeqcyqoswh';
$edit_policy = 'PHID-PROJ-hxzt3eodbfkeqcyqoswh';
$project_phids = array('PHID-PROJ-hxzt3eodbfkeqcyqoswh');
$private_task = ManiphestTask::initializeNewTask($viewer);
$oid = $task->getID();
$private_task->setViewPolicy($view_policy)
->setEditPolicy($edit_policy)
->setTitle("ops access request: {$oid}")
->setAuthorPHID("PHID-USER-wa4idclisnm6aeakk7ur")
->attachProjectPHIDs(array('PHID-PROJ-hxzt3eodbfkeqcyqoswh'))
->save();
break;
case 'sensitive':
$enforce = True;
//operations group
$view_policy = 'PHID-PROJ-hxzt3eodbfkeqcyqoswh';
$edit_policy = 'PHID-PROJ-hxzt3eodbfkeqcyqoswh';
$project_phids = array();
break;
case 'security-bug':
//operations group
$view_policy = 'PHID-PROJ-hxzt3eodbfkeqcyqoswh';
$edit_policy = 'PHID-PROJ-hxzt3eodbfkeqcyqoswh';
$project_phids = array();
break;
default:
$enforce = False;
}
if ($enforce) {
$transactions = array();
//$field_value = null;
//$transactions[] = id(new ManiphestTransaction())
// ->setTransactionType(ManiphestTransaction::TYPE_TITLE)
// ->setNewValue($my_title);
if ($view_policy !== null) {
$transactions[] = id(new ManiphestTransaction())
->setTransactionType(PhabricatorTransactions::TYPE_VIEW_POLICY)
->setNewValue($view_policy);
}
if ($edit_policy !== null) {
$transactions[] = id(new ManiphestTransaction())
->setTransactionType(PhabricatorTransactions::TYPE_EDIT_POLICY)
->setNewValue($edit_policy);
}
if ($project_phids) {
$project_type = PhabricatorProjectObjectHasProjectEdgeType::EDGECONST;
$transactions[] = id(new ManiphestTransaction())
->setTransactionType(PhabricatorTransactions::TYPE_EDGE)
->setMetadataValue('edge:type', $project_type)
->setNewValue(
array(
'=' => array_fuse($project_phids),
));
}
foreach ($transactions as $transaction) {
$adapter->queueTransaction($transaction);
}
}
return new HeraldApplyTranscript(
$effect,
true,
pht('Set security policy'));
}
}

Event Timeline

chasemp edited the content of this paste. (Show Details)Aug 14 2014, 8:48 PM
chasemp changed the title of this paste from untitled to whyyyyyyyyyyyyyyyy!.
chasemp updated the paste's language from autodetect to autodetect.
chasemp edited the content of this paste. (Show Details)Aug 14 2014, 9:01 PM
chasemp edited the content of this paste. (Show Details)Aug 14 2014, 9:20 PM
chasemp edited the content of this paste. (Show Details)Aug 14 2014, 11:37 PM
Phabricator · Built by Phacility