Maniphest batch editor can affect far too many tasks
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	epriestley
	Jun 22 2015, 12:34 PM

Description

There is a serious UX issue in the batch editor which can cause far too many tasks to be affected. To reproduce:

Try to edit a collection of tasks which are all not editable (you must not have permission to edit any of the tasks you select).
The edit will incorrectly apply to every task you do have permission to edit.

This is prevented by D13388 and the root issue is fixed by D13390.

I think the additional steps below remain worthwhile.

Previously

A user showed up in IRC with a batch edit misfire that is not reproducible or technically distinguishable from user error (edit: now reproducible and highly distinguishable), while running an old version of Phabricator with third-party plugins. Since this is hugely disruptive and I can't prove it isn't our fault (edit: 100% our fault) I don't want to brush it off, but it would be helpful to have better tools to log and recover from these misfires.

Particularly:

Log batch edits and give them PHIDs, so there's a record of who batch edited what and when. We need this for T5166 anyway.
Save the batch edit PHID on the transaction record: this can make recovery easier, at least, by letting us identify the changes with certainty.

And maybe try harder to prevent user error:

Require extra-confirm if editing more than ~100 things?

Hypothetically, we could make transactions reversible so you could undo edits, but I'm not eager to pursue this given the tremendous amount of work it entails.

Revisions and Commits

rPHU libphutil
	D13391	rPHU74c9cb3a266e Lift class map construction into a new class map query
rP Phabricator
	D13392	rP3215899925e2 Execute Maniphest batch edits in the background with a web UI progress bar
	D13390	rP487e12101aba Make ManiphestTaskQuery more modern and safe
	D13388	rP2dad469eca22 Add hard stops on empty batch edit sets
	D13388	rP0597aba33ec1 Add hard stops on empty batch edit sets

Related Objects
Search...

Status	Assigned	Task
Wontfix	epriestley	T1816 Support downloading a compressed working copy (tar/zip) of a repository at a specific commit or tag
Resolved	None	T7307 Daemons UI is confusing when you aren't an administrator
Open	None	T6004 When moving a wiki page with subpages prompt to also move subpages
Resolved	epriestley	T5166 Expand the BulkJob tool
Resolved	epriestley	T8637 Maniphest batch editor can affect far too many tasks

Event Timeline

epriestley created this task.Jun 22 2015, 12:34 PM

epriestley raised the priority of this task from to Normal.

epriestley updated the task description. (Show Details)

epriestley added a project: Maniphest.

epriestley added projects: Support Impact, High Support Impact.

epriestley added a parent task: T5166: Expand the BulkJob tool.

epriestley added a subscriber: epriestley.

• lloyd.oliver added a subscriber: • lloyd.oliver.Jun 22 2015, 12:39 PM

joshuaspence added a subscriber: joshuaspence.Jun 22 2015, 12:42 PM

This appears to work to undo a status change batch edit:

Drop this into phabricator/ as undo_batch_edit.php or similar.
Run phabricator/ $ php -f undo_batch_edit.php.

IMPORTANT: You need to configure the variables in the header for this to work.

<?php

// IMPORTANT: This script ONLY works for "status" batch edits, not for other
// types of batch edits.

// Put the PHID of the user who performed the bad edit here. You can get this
// by running `user.query` from the Conduit web API.
$actor_phid = 'PHID-USER-cvfydnwadpdj7vdon36z';


// Specify the start and end time of the bad edit here. We'll ignore changes
// outside this time range. By default, this is looking at changes in the last
// 24 hours.
$min_date = time() - (24 * 60 * 60);
$max_date = time();


// Specify the bad status that was set with the edit here. This is a key from
// the `maniphest.statuses` config, like "closed" or "invalid".
$bad_status = 'spite';


// Change this to "true" to actually apply changes. With this flag set to
// false, the script will run and show debugging output, but not do anything.
$apply_changes = false;


// --- End of Configuration ------------------------------------------------- //

require_once 'scripts/__init_script__.php';

$table = new ManiphestTask();
$conn_w = $table->establishConnection('w');
foreach (new LiskMigrationIterator($table) as $task) {
  $id = $task->getID();
  echo "Processing task T{$id}.\n";

  $status = $task->getStatus();
  if ($status != $bad_status) {
    echo "This task has status '{$status}', not the bad status; skipping.\n";
    continue;
  }

  $xactions = id(new ManiphestTransactionQuery())
    ->setViewer(PhabricatorUser::getOmnipotentUser())
    ->withObjectPHIDs(array($task->getPHID()))
    ->execute();
  msort($xactions, 'getID');

  // Find the bad edit so we know if and when this task was affected.

  $bad_edit = null;
  foreach ($xactions as $xaction) {
    if ($xaction->getTransactionType() != ManiphestTransaction::TYPE_STATUS) {
      continue;
    }

    if ($xaction->getAuthorPHID() != $actor_phid) {
      continue;
    }

    if ($xaction->getDateCreated() < $min_date) {
      continue;
    }

    if ($xaction->getDateCreated() > $max_date) {
      continue;
    }

    if ($xaction->getNewValue() != $bad_status) {
      continue;
    }

    if ($bad_edit) {
      if ($xaction->getID() > $bad_edit->getID()) {
        continue;
      }
    }

    $bad_edit = $xaction;
  }

  if (!$bad_edit) {
    echo "No matching edit to this task; skipping.\n";
    continue;
  }

  // Find the prior status change so we can figure out what status to revert
  // to.

  $last_good_status = ManiphestTaskStatus::getDefaultStatus();
  foreach ($xactions as $xaction) {
    if ($xaction->getID() == $bad_edit->getID()) {
      break;
    }

    if ($xaction->getTransactionType() != ManiphestTransaction::TYPE_STATUS) {
      continue;
    }

    $last_good_status = $xaction->getNewValue();
  }

  if (!$apply_changes) {
    echo "Would change status to '{$last_good_status}' if apply changes ".
         "flag was set.\n";
    continue;
  }

  echo "Updating task to status '{$last_good_status}'.\n";
  queryfx(
    $conn_w,
    'UPDATE %T SET status = %s WHERE id = %d',
    $table->getTableName(),
    $last_good_status,
    $task->getID());
}

epriestley added a revision: D13388: Add hard stops on empty batch edit sets.Jun 22 2015, 1:06 PM

aklapper added a subscriber: aklapper.Jun 22 2015, 1:13 PM

epriestley renamed this task from Create a log for Maniphest batch edits to Maniphest batch editor can affect far too many tasks.Jun 22 2015, 1:20 PM

epriestley updated the task description. (Show Details)

epriestley added a revision: D13390: Make ManiphestTaskQuery more modern and safe.

epriestley updated the task description. (Show Details)Jun 22 2015, 1:23 PM

cburroughs added a subscriber: cburroughs.Jun 22 2015, 2:26 PM

epriestley claimed this task.Jun 22 2015, 2:56 PM

After mulling this over for a bit while dealing with other stuff, I'm pretty convinced that the general purpose infrastructure in T5166 is the way forward here, so my plan is to move forward with that.

epriestley raised the priority of this task from Normal to High.Jun 22 2015, 3:21 PM

epriestley added a revision: D13391: Lift class map construction into a new class map query.Jun 22 2015, 4:44 PM

epriestley added a revision: D13392: Execute Maniphest batch edits in the background with a web UI progress bar.Jun 22 2015, 5:55 PM

epriestley added a commit: rP0597aba33ec1: Add hard stops on empty batch edit sets.Jun 22 2015, 6:48 PM

epriestley added a commit: rP2dad469eca22: Add hard stops on empty batch edit sets.

epriestley added a commit: rP487e12101aba: Make ManiphestTaskQuery more modern and safe.Jun 22 2015, 6:55 PM