Page MenuHomePhabricator

A way to set task creator and creation time using the api
Closed, DuplicatePublic


I'm investigating a move to phabricator for my company and am prototyping a migration script but I've found that conduit doesn't allow for as much control as is needed in a migration. Specifically I'm running into an issue in setting the task creator and the task creation time. This is quite problematic for creating a seamless migration experience. I did find T8835: Replacement for actAsUser in Conduit API but the proposed solutions each have their own issues.

From T8835#126193

  • Use a bot user, and record the proxy author in a custom field, in the description, or in a comment.

This creates an inconsistent experience between tasks that were migrated and tasks created in phabricator.

  • Use OAuth, after T7303 or similar (currently, OAuth works but only supports user.whoami, since we haven't fully sorted out the permissions model; there's also no JS client written yet).

Not done yet, and if I understand it correctly would require all users to authenticate the permissions with phabricator or for a migrate script to fake it.

  • Write a custom endpoint that generates an API token for an arbitrary user. Like actAsUser, this represents a huge reduction in the strength of the security model.

This is doable but is messy and leaves every migration to write their own implementation.

And for task creation time it appears wikimedia resorted to directly writing the real time to the database after creating the task.
Github link

def set_task_ctime(taskPHID, ctime):
    """set manual epoch ctime for task
    :param taskPHID: str
    :param mtime: int of modtime
    p = phdb(db='phabricator_maniphest',
    p.sql_x("UPDATE maniphest_task \
             SET dateCreated=%s \
             WHERE phid=%s", (ctime, taskPHID))
    titlexphid = get_task_title_transaction(taskPHID)
    set_transaction_time(titlexphid, ctime)


While I understand the need for security when it comes to migrating there's a legitimate need for a powerful way to manipulate the system. Is a more permissive api going to be used for things other then a migration? Most certainly, but a default way to do things like this could be implemented with security/logging builtin and that is better then if every one is left to figure it out themselves.

Event Timeline

chad added a subscriber: chad.Nov 15 2016, 4:31 AM

Please use Conpherence or Ponder if you have questions about Phabricator development and best practices.

The short answer is, maybe sure if we were funded with large sums of money and developer bandwidth, we'd have proper importers. We don't, we're not paid, and properly supporting an import pipeline is some ways away (years). Building your own script or off the script of yesteryear are how we currently expect people to build importers.

We're also not likely to add patches into Phabricator without strong reason and forward thinking. If the core problem is you'd like an easier means of importing information into Phabricator, that's the one we'd solve.