Changeset View
Changeset View
Standalone View
Standalone View
scripts/repository/commit_hook.php
#!/usr/bin/env php | #!/usr/bin/env php | ||||
<?php | <?php | ||||
$root = dirname(dirname(dirname(__FILE__))); | $root = dirname(dirname(dirname(__FILE__))); | ||||
require_once $root.'/scripts/__init_script__.php'; | require_once $root.'/scripts/__init_script__.php'; | ||||
$username = getenv('PHABRICATOR_USER'); | |||||
if (!$username) { | |||||
throw new Exception(pht('usage: define PHABRICATOR_USER in environment')); | |||||
} | |||||
$user = id(new PhabricatorPeopleQuery()) | |||||
->setViewer(PhabricatorUser::getOmnipotentUser()) | |||||
->withUsernames(array($username)) | |||||
->executeOne(); | |||||
if (!$user) { | |||||
throw new Exception(pht('No such user "%s"!', $username)); | |||||
} | |||||
if ($argc < 2) { | if ($argc < 2) { | ||||
throw new Exception(pht('usage: commit-hook <callsign>')); | throw new Exception(pht('usage: commit-hook <callsign>')); | ||||
} | } | ||||
$engine = new DiffusionCommitHookEngine(); | |||||
$repository = id(new PhabricatorRepositoryQuery()) | $repository = id(new PhabricatorRepositoryQuery()) | ||||
->setViewer($user) | ->setViewer(PhabricatorUser::getOmnipotentUser()) | ||||
->withCallsigns(array($argv[1])) | ->withCallsigns(array($argv[1])) | ||||
->requireCapabilities( | |||||
array( | |||||
// This capability check is redundant, but can't hurt. | |||||
PhabricatorPolicyCapability::CAN_VIEW, | |||||
DiffusionCapabilityPush::CAPABILITY, | |||||
)) | |||||
btrahan: so when does this check get done now? | |||||
Not Done Inline ActionsWe'll never get here if the user doesn't have PUSH -- they'll be rejected as early as possible, before they send any data (in the case of SVN, before they send more than a few frames of data). (I'll probably put this check back into the HookEngine just to be extra safe, though.) epriestley: We'll never get here if the user doesn't have PUSH -- they'll be rejected as early as possible… | |||||
->executeOne(); | ->executeOne(); | ||||
if (!$repository) { | if (!$repository) { | ||||
throw new Exception(pht('No such repository "%s"!', $callsign)); | throw new Exception(pht('No such repository "%s"!', $callsign)); | ||||
} | } | ||||
if (!$repository->isHosted()) { | if (!$repository->isHosted()) { | ||||
// This should be redundant too, but double check just in case. | // This should be redundant, but double check just in case. | ||||
throw new Exception(pht('Repository "%s" is not hosted!', $callsign)); | throw new Exception(pht('Repository "%s" is not hosted!', $callsign)); | ||||
} | } | ||||
$engine->setRepository($repository); | |||||
// Figure out which user is writing the commit. | |||||
if ($repository->isGit()) { | |||||
$username = getenv('PHABRICATOR_USER'); | |||||
if (!strlen($username)) { | |||||
throw new Exception(pht('usage: PHABRICATOR_USER should be defined!')); | |||||
} | |||||
} else if ($repository->isSVN()) { | |||||
// NOTE: In Subversion, the entire environment gets wiped so we can't read | |||||
// PHABRICATOR_USER. Instead, we've set "--tunnel-user" to specify the | |||||
// correct user; read this user out of the commit log. | |||||
if ($argc < 4) { | |||||
throw new Exception(pht('usage: commit-hook <callsign> <repo> <txn>')); | |||||
} | |||||
$svn_repo = $argv[2]; | |||||
$svn_txn = $argv[3]; | |||||
list($username) = execx('svnlook author -t %s %s', $svn_txn, $svn_repo); | |||||
$username = rtrim($username, "\n"); | |||||
$engine->setSubversionTransactionInfo($svn_txn, $svn_repo); | |||||
} else { | |||||
throw new Exceptiont(pht('Unknown repository type.')); | |||||
} | |||||
$user = id(new PhabricatorPeopleQuery()) | |||||
->setViewer(PhabricatorUser::getOmnipotentUser()) | |||||
->withUsernames(array($username)) | |||||
->executeOne(); | |||||
if (!$user) { | |||||
throw new Exception(pht('No such user "%s"!', $username)); | |||||
} | |||||
$engine->setViewer($user); | |||||
// Read stdin for the hook engine. | |||||
$stdin = @file_get_contents('php://stdin'); | $stdin = @file_get_contents('php://stdin'); | ||||
if ($stdin === false) { | if ($stdin === false) { | ||||
throw new Exception(pht('Failed to read stdin!')); | throw new Exception(pht('Failed to read stdin!')); | ||||
} | } | ||||
$engine = id(new DiffusionCommitHookEngine()) | $engine->setStdin($stdin); | ||||
->setViewer($user) | |||||
->setRepository($repository) | |||||
->setStdin($stdin); | |||||
$err = $engine->execute(); | $err = $engine->execute(); | ||||
exit($err); | exit($err); |
so when does this check get done now?