diff options
author | cpettet <rush@wikimedia.org> | 2014-12-30 16:00:50 -0600 |
---|---|---|
committer | cpettet <rush@wikimedia.org> | 2014-12-30 16:00:50 -0600 |
commit | db3acec9dd6c2c0150ffb52a8b587bb5befd34a8 (patch) | |
tree | 6105bf1bde360275ee7adcd00e7078346ff7956a | |
parent | 39d05f179c749aa14cdf9c7fc5e0c95efb5a29da (diff) |
Adding bugzilla_update_security_policy_fixup
This script takes an old bz id and modifies
the ACL on the relevant Phab issue to allow
historical CC/Assignee/Author if they exist
in Phab now.
-rw-r--r-- | bugzilla_update_security_policy_fixup.py | 46 | ||||
-rwxr-xr-x | wmfphablib/phabdb.py | 18 |
2 files changed, 50 insertions, 14 deletions
diff --git a/bugzilla_update_security_policy_fixup.py b/bugzilla_update_security_policy_fixup.py index 2bb628f..b02de9e 100644 --- a/bugzilla_update_security_policy_fixup.py +++ b/bugzilla_update_security_policy_fixup.py @@ -36,12 +36,50 @@ def update(bid): phabm = phabmacros('', '', '') phabm.con = phab + current = pmig.sql_x("SELECT priority, \ + header, \ + comments, \ + created, \ + modified \ + FROM bugzilla_meta WHERE id = %s", + (bid,)) + def get_ref(id): + refexists = phabdb.reference_ticket('%s%s' % (bzlib.prepend, + id)) + if refexists: + pmig.close() + return refexists + + if current: + import_priority, jheader, com, created, modified = current[0] + else: + pmig.close() + elog('%s not present for migration' % (bid,)) + return False + + header = json.loads(jheader) + if 'cc' not in header or not header['cc']: + return True + aclusers = header['cc'] + aclusers.append(header['assigned_to']) + aclusers.append(header['creator']) + vlog(aclusers) + userphids = [] + for u in aclusers: + userphids.append(phabdb.get_user_email_info(u)) + newusers = filter(bool, userphids) + vlog(newusers) + changes = {} if phabdb.is_bz_security_issue(bid): - phabdb.add_task_policy_users(bid, users=[userphid]) - print "%s IS SECURITY ISSUE" % (bid,) + log("%s IS SECURITY ISSUE" % (bid,)) + tphid = get_ref(bid)[0] + print "Original ACL: %s" % (phabdb.get_task_view_policy(tphid)) + newpolicy = phabdb.add_task_policy_users(tphid, users=newusers) + changes[bid] = newpolicy + print "New ACL: %s" % (changes,) return True else: - print "%s is _NOT_ A VALID ISSUE" % (bid,) + log("%s is _NOT_ A VALID ISSUE" % (bid,)) return False pmig.close() @@ -50,7 +88,7 @@ def run_update(bid, tries=1): elog('final fail to update %s' % (str(bid),)) return False try: - return update(user) + return update(bid) except Exception as e: import traceback tries -= 1 diff --git a/wmfphablib/phabdb.py b/wmfphablib/phabdb.py index d498f11..5124ba0 100755 --- a/wmfphablib/phabdb.py +++ b/wmfphablib/phabdb.py @@ -80,8 +80,6 @@ def get_issues_by_priority(dbcon, priority, table): :param table: str :returns: list """ - print table - print priority _ = dbcon.sql_x("SELECT id \ from %s \ where priority=%s" % (table, priority), @@ -640,13 +638,13 @@ def add_task_policy_users(taskPHID, """ # Assume view policy is canonical - viewPolicy = get_task_view_policy(taskPHID) + editPolicy = get_task_edit_policyPHID(taskPHID) # these are special policy strings - if viewPolicy in ['public', 'users']: + if editPolicy in ['public', 'users']: return '' - elif viewPolicy.startswith('PHID-PLCY'): - jrules = get_policy(viewPolicy) + elif editPolicy.startswith('PHID-PLCY'): + jrules = get_policy(editPolicy) rules = json.loads(jrules) for p in rules: if p['rule'] == "PhabricatorPolicyRuleUsers": @@ -669,7 +667,7 @@ def add_task_policy_users(taskPHID, break else: allowedProjects = [] - elif viewPolicy.startswith('PHID-PROJ'): + elif editPolicy.startswith('PHID-PROJ'): allowedUSERS = users allowedProjects = [viewPolicy] @@ -685,7 +683,6 @@ def get_task_edit_policyPHID(taskPHID): :param taskPHID: str :returns: str """ - p = phdb(db='phabricator_maniphest', user=phuser_user, passwd=phuser_passwd) @@ -702,7 +699,6 @@ def get_task_view_policy(phid): :param taskPHID: str :returns: str """ - p = phdb(db='phabricator_maniphest', user=phuser_user, passwd=phuser_passwd) @@ -1020,11 +1016,13 @@ def get_user_email_info(emailaddress): p = phdb(db='phabricator_user', user=phuser_user, passwd=phuser_passwd) + query = "SELECT userPHID, address, isVerified \ from user_email where address=%s" _ = p.sql_x(query, emailaddress) p.close() - return _[0] or '' + if _ is not None and len(_[0]) > 0: + return _[0][0] def get_verified_users(modtime, limit=None): #Find the task in new Phabricator that matches our lookup |