Changeset View
Changeset View
Standalone View
Standalone View
src/applications/diffusion/herald/HeraldCommitAdapter.php
| Show First 20 Lines • Show All 169 Lines • ▼ Show 20 Lines | if ($this->auditNeededPackages === null) { | ||||
| $this->commit->getPHID(), | $this->commit->getPHID(), | ||||
| $status_arr); | $status_arr); | ||||
| $this->auditNeededPackages = $requests; | $this->auditNeededPackages = $requests; | ||||
| } | } | ||||
| return $this->auditNeededPackages; | return $this->auditNeededPackages; | ||||
| } | } | ||||
| public function loadDifferentialRevision() { | public function loadDifferentialRevision() { | ||||
| $viewer = $this->getViewer(); | |||||
| if ($this->affectedRevision === null) { | if ($this->affectedRevision === null) { | ||||
| $this->affectedRevision = false; | $viewer = $this->getViewer(); | ||||
| $commit = $this->getObject(); | |||||
| $data = $commit->getCommitData(); | |||||
| $revision_id = $data->getCommitDetail('differential.revisionID'); | // NOTE: The viewer here is omnipotent, which means that Herald discloses | ||||
| if ($revision_id) { | // some information users do not normally have access to when rules load | ||||
| // NOTE: The Herald rule owner might not actually have access to | // the revision related to a commit. See D20468. | ||||
| // the revision, and can control which revision a commit is | |||||
| // associated with by putting text in the commit message. However, | // A user who wants to learn about "Dxyz" can write a Herald rule which | ||||
| // the rules they can write against revisions don't actually expose | // uses all the "Related revision..." fields, then push a commit which | ||||
| // anything interesting, so it seems reasonable to load unconditionally | // contains "Differential Revision: Dxyz" in the message to make Herald | ||||
| // here. | // evaluate the commit with "Dxyz" as the related revision. | ||||
| // At time of writing, this commit will link to the revision and the | |||||
| // transcript for the commit will disclose some information about the | |||||
| // revision (like reviewers, subscribers, and build status) which the | |||||
| // commit author could not otherwise see. | |||||
| // For now, we just accept this. The disclosures are relatively | |||||
| // uninteresting and you have to jump through a lot of hoops (and leave | |||||
| // a lot of evidence) to get this information. | |||||
| $revision = id(new DifferentialRevisionQuery()) | $revision = DiffusionCommitRevisionQuery::loadRevisionForCommit( | ||||
| ->withIDs(array($revision_id)) | $viewer, | ||||
| ->setViewer($viewer) | $this->getObject()); | ||||
| ->needReviewers(true) | |||||
| ->executeOne(); | |||||
| if ($revision) { | if ($revision) { | ||||
| $this->affectedRevision = $revision; | $this->affectedRevision = $revision; | ||||
| } | } else { | ||||
| $this->affectedRevision = false; | |||||
| } | } | ||||
| } | } | ||||
amckinley: Move this comment to `loadRevisionForCommit`? | |||||
| return $this->affectedRevision; | return $this->affectedRevision; | ||||
| } | } | ||||
| public static function getEnormousByteLimit() { | public static function getEnormousByteLimit() { | ||||
| return 256 * 1024 * 1024; // 256MB. See T13142 and T13143. | return 256 * 1024 * 1024; // 256MB. See T13142 and T13143. | ||||
| } | } | ||||
| ▲ Show 20 Lines • Show All 160 Lines • Show Last 20 Lines | |||||
Move this comment to loadRevisionForCommit?