Page MenuHomePhabricator
Create Task
Maniphest T11344

Differential commit message parser immediately rejects objects the user can't see, but Herald can put them there
Closed, ResolvedPublic
Actions

Assigned To
None
Authored By
michaeljs1990
Jul 18 2016, 10:29 PM
Tags
Referenced Files
F1728606: Screen Shot 2016-07-18 at 6.28.27 PM.png
Jul 18 2016, 10:29 PM
Subscribers
avivey
eadler
epriestley
michaeljs1990
Tokens
"Haypence" token, awarded by chad."Hungry Hippo" token, awarded by epriestley.

Description

Phabricator currently support a great workflow for stopping interns from landing diffs.

  1. Create a project only I can see.
  2. Observe intern creating a diff that I have been added to.
  3. Having seen the code and not agreeing with it although I can find no technical fault I apply my secret project. Which looks like this for the other user.

Screen Shot 2016-07-18 at 6.28.27 PM.png (778×1 px, 111 KB)

  1. Ask intern to fix a lint error and re diff.

When they run arc diff they will get this error.

 ARGV  '/usr/share/arcanist/bin/../scripts/arcanist.php' 'diff' '--trace'
 LOAD  Loaded "phutil" from "/usr/share/libphutil/src".
 LOAD  Loaded "arcanist" from "/usr/share/arcanist/src".
Config: Reading user configuration file "/home/schuettm/.arcrc"...
Config: Reading system configuration file "/etc/arcconfig"...
Working Copy: Reading .arcconfig from "/home/schuettm/webroot/hudson/.arcconfig".
Working Copy: Path "/home/schuettm/webroot/hudson" is part of `git` working copy "/home/schuettm/webroot/hudson".
Working Copy: Project root is at "/home/schuettm/webroot/hudson".
Config: Did not find local configuration at "/home/schuettm/webroot/hudson/.git/arc/config".
Loading phutil library from '/home/schuettm/webroot/integrator/client/source'...
Loading phutil library from '/home/schuettm/webroot/hudson/source/phab'...
>>> [0] <conduit> user.whoami() <bytes = 117>
>>> [1] <http> http://phabricator.dev/api/user.whoami
<<< [1] <http> 235,474 us
<<< [0] <conduit> 236,233 us
>>> [2] <exec> $ git diff --no-ext-diff --no-textconv --raw 'HEAD' --
>>> [3] <exec> $ git ls-files --others --exclude-standard
<<< [2] <exec> 4,827 us
<<< [3] <exec> 4,743 us
>>> [4] <exec> $ git diff-files --name-only
<<< [4] <exec> 2,259 us
>>> [5] <event> diff.didCollectChanges <listeners = 0>
<<< [5] <event> 87 us
>>> [6] <exec> $ git rev-parse --verify HEAD^
<<< [6] <exec> 15,505 us
>>> [7] <exec> $ git rev-parse --abbrev-ref --symbolic-full-name '@{upstream}'
<<< [7] <exec> 2,059 us
>>> [8] <exec> $ git cat-file -t 'origin/master'
<<< [8] <exec> 13,357 us
>>> [9] <exec> $ git merge-base 'origin/master' HEAD
<<< [9] <exec> 2,197 us
>>> [10] <exec> $ git rev-parse 'HEAD'
<<< [10] <exec> 1,963 us
>>> [11] <exec> $ git log --first-parent --format=medium 'c90b10d91e8dd3301be5e7af6a669fc5c53fc549'..'af6640a87e49fe488c1cc18d6332733841b1e3e0'
<<< [11] <exec> 2,293 us
>>> [12] <conduit> differential.query() <bytes = 236>
>>> [13] <http> http://phabricator.dev/api/differential.query
<<< [13] <http> 273,756 us
<<< [12] <conduit> 273,983 us
>>> [14] <conduit> differential.query() <bytes = 146>
>>> [15] <http> http://phabricator.dev/api/differential.query
<<< [15] <http> 288,834 us
<<< [14] <conduit> 289,060 us
>>> [16] <conduit> differential.getcommitmessage() <bytes = 169>
>>> [17] <http> http://phabricator.dev/api/differential.getcommitmessage
<<< [17] <http> 294,728 us
<<< [16] <conduit> 294,963 us
>>> [18] <conduit> differential.parsecommitmessage() <bytes = 341>
>>> [19] <http> http://phabricator.dev/api/differential.parsecommitmessage
<<< [19] <http> 247,195 us
<<< [18] <conduit> 247,403 us

[2016-07-18 22:26:56] EXCEPTION: (ArcanistDifferentialCommitMessageParserException) Error parsing field "Tags": The objects you have listed include objects which do not exist (PHID-PROJ-2h3zn6kuntthz6v6weoj). at [<arcanist>/src/differential/ArcanistDifferentialCommitMessage.php:54]
arcanist(), integrator-client(), phab(), phutil()
  #0 ArcanistDifferentialCommitMessage::pullDataFromConduit(ConduitClient) called at [<arcanist>/src/workflow/ArcanistDiffWorkflow.php:1795]
  #1 ArcanistDiffWorkflow::getCommitMessageFromRevision(string) called at [<arcanist>/src/workflow/ArcanistDiffWorkflow.php:1527]
  #2 ArcanistDiffWorkflow::buildCommitMessage() called at [<arcanist>/src/workflow/ArcanistDiffWorkflow.php:469]
  #3 ArcanistDiffWorkflow::run() called at [<arcanist>/scripts/arcanist.php:392]

I ran across this about a month ago with a user who had a project they didn't have access to added to a diff however it did not occur to me that this will stop secret projects from monitoring users.

Revisions and Commits

rP Phabricator
D17124rP3d52f07ee729 Make restricted objects in commit messages work more consistently with the web…

Related Objects

Event Timeline

michaeljs1990 created this task.Jul 18 2016, 10:29 PM
Herald added a subscriber: eadler. · View Herald TranscriptJul 18 2016, 10:29 PM
michaeljs1990 renamed this task from Block user from landing diffs to differential.parsecommitmessage error parsing restricted projects.Jul 18 2016, 10:32 PM
michaeljs1990 added a project: Restricted Project.
avivey added a subscriber: avivey.Jul 18 2016, 10:35 PM

Are you looking for alternative ways to block commits, or is this a bug report about "arc diff fails when revision has secret project tags?"

michaeljs1990 added a comment.Jul 18 2016, 10:36 PM

No this is just a general bug report since it's a fairly confusing error message for end users.

epriestley awarded a token.Jul 18 2016, 10:39 PM
epriestley added a subscriber: epriestley.Jul 18 2016, 10:44 PM

We can have this render "Tags: PHID-PROJ-abcdef" instead, which is an "improvement".

avivey added a comment.Jul 18 2016, 11:02 PM

Where did the phid get to the user anyway? If it's arc diff --update, it shouldn't try to parse the comment, and if it's arc diff --create, it shouldn't have any tags?

epriestley added a comment.Jul 18 2016, 11:04 PM

I think arc actually calls differential.getcommitmessage and then passes the result right back to differential.parsecommitmessage to split it into fields. That could/should work differently than it does.

yelirekim mentioned this in T11388: Running "arc diff" on this instance, with a restricted owners package fails (after "arc patch").Jul 28 2016, 4:27 AM
epriestley mentioned this in D16468: Redesign Config Application.Aug 29 2016, 11:03 PM
chad awarded a token.Aug 30 2016, 12:24 AM
epriestley moved this task from Backlog to vNext on the Arcanist board.Nov 14 2016, 5:48 PM
epriestley moved this task from Backlog to v3 (Infrastructure) on the Differential board.Dec 29 2016, 4:22 PM
epriestley added a revision: D17124: Make restricted objects in commit messages work more consistently with the web UI.Jan 1 2017, 5:05 PM
epriestley renamed this task from differential.parsecommitmessage error parsing restricted projects to Differential commit message parser immediately rejects objects the user can't see, but Herald can put them there.Jan 1 2017, 5:07 PM
epriestley triaged this task as Normal priority.
epriestley closed this task as Resolved by committing rP3d52f07ee729: Make restricted objects in commit messages work more consistently with the web….Jan 1 2017, 5:56 PM
epriestley added a commit: rP3d52f07ee729: Make restricted objects in commit messages work more consistently with the web….
Phabricator · Built by Phacility