Adding bugzilla_update_security_policy_fixup

This script takes an old bz id and modifies the ACL on the relevant Phab issue to allow historical CC/Assignee/Author if they exist in Phab now.
author: cpettet <rush@wikimedia.org> 2014-12-30 16:00:50 -0600
committer: cpettet <rush@wikimedia.org> 2014-12-30 16:00:50 -0600
commit: db3acec9dd6c2c0150ffb52a8b587bb5befd34a8 (patch)
tree: 6105bf1bde360275ee7adcd00e7078346ff7956a
parent: 39d05f179c749aa14cdf9c7fc5e0c95efb5a29da (diff)
2 files changed, 50 insertions, 14 deletions
diff --git a/bugzilla_update_security_policy_fixup.py b/bugzilla_update_security_policy_fixup.py
index 2bb628f..b02de9e 100644
--- a/bugzilla_update_security_policy_fixup.py
+++ b/bugzilla_update_security_policy_fixup.py
@@ -36,12 +36,50 @@ def update(bid):
     phabm = phabmacros('', '', '')
     phabm.con = phab
 
+    current = pmig.sql_x("SELECT priority, \
+                          header, \
+                          comments, \
+                          created, \
+                          modified \
+                          FROM bugzilla_meta WHERE id = %s",
+                          (bid,))
+    def get_ref(id):
+        refexists = phabdb.reference_ticket('%s%s' % (bzlib.prepend,
+                                                      id))
+        if refexists:
+            pmig.close()
+            return refexists
+
+    if current:
+        import_priority, jheader, com, created, modified = current[0]
+    else:
+        pmig.close()
+        elog('%s not present for migration' % (bid,))
+        return False
+
+    header = json.loads(jheader)
+    if 'cc' not in header or not header['cc']:
+        return True
+    aclusers = header['cc']
+    aclusers.append(header['assigned_to'])
+    aclusers.append(header['creator'])
+    vlog(aclusers)
+    userphids = []
+    for u in aclusers:
+        userphids.append(phabdb.get_user_email_info(u))
+    newusers = filter(bool, userphids)
+    vlog(newusers)
+    changes = {}
     if phabdb.is_bz_security_issue(bid):
-        phabdb.add_task_policy_users(bid, users=[userphid])
-        print "%s IS SECURITY ISSUE" % (bid,)
+        log("%s IS SECURITY ISSUE" % (bid,))
+        tphid = get_ref(bid)[0]
+        print "Original ACL: %s" % (phabdb.get_task_view_policy(tphid))
+        newpolicy = phabdb.add_task_policy_users(tphid, users=newusers)
+        changes[bid] = newpolicy
+        print "New ACL: %s" % (changes,)
         return True
     else:
-        print "%s is _NOT_ A VALID ISSUE" % (bid,)
+        log("%s is _NOT_ A VALID ISSUE" % (bid,))
         return False
     pmig.close()
 
@@ -50,7 +88,7 @@ def run_update(bid, tries=1):
         elog('final fail to update %s' % (str(bid),))
         return False
     try:
-        return update(user)
+        return update(bid)
     except Exception as e:
         import traceback
         tries -= 1
diff --git a/wmfphablib/phabdb.py b/wmfphablib/phabdb.py
index d498f11..5124ba0 100755
--- a/wmfphablib/phabdb.py
+++ b/wmfphablib/phabdb.py
@@ -80,8 +80,6 @@ def get_issues_by_priority(dbcon, priority, table):
     :param table: str
     :returns: list
     """
-    print table
-    print priority
     _ = dbcon.sql_x("SELECT id \
                     from %s \
                     where priority=%s" % (table, priority),
@@ -640,13 +638,13 @@ def add_task_policy_users(taskPHID,
     """
 
     # Assume view policy is canonical
-    viewPolicy = get_task_view_policy(taskPHID)
+    editPolicy = get_task_edit_policyPHID(taskPHID)
 
     # these are special policy strings
-    if viewPolicy in ['public', 'users']:
+    if editPolicy in ['public', 'users']:
         return ''
-    elif viewPolicy.startswith('PHID-PLCY'):
-        jrules = get_policy(viewPolicy)
+    elif editPolicy.startswith('PHID-PLCY'):
+        jrules = get_policy(editPolicy)
         rules = json.loads(jrules)
         for p in rules:
             if p['rule'] == "PhabricatorPolicyRuleUsers":
@@ -669,7 +667,7 @@ def add_task_policy_users(taskPHID,
                 break
         else:
             allowedProjects = []
-    elif viewPolicy.startswith('PHID-PROJ'):
+    elif editPolicy.startswith('PHID-PROJ'):
         allowedUSERS = users
         allowedProjects = [viewPolicy]
 
@@ -685,7 +683,6 @@ def get_task_edit_policyPHID(taskPHID):
     :param taskPHID: str
     :returns: str
     """
-
     p = phdb(db='phabricator_maniphest',
              user=phuser_user,
              passwd=phuser_passwd)
@@ -702,7 +699,6 @@ def get_task_view_policy(phid):
     :param taskPHID: str
     :returns: str
     """
-
     p = phdb(db='phabricator_maniphest',
              user=phuser_user,
              passwd=phuser_passwd)
@@ -1020,11 +1016,13 @@ def get_user_email_info(emailaddress):
     p = phdb(db='phabricator_user',
              user=phuser_user,
              passwd=phuser_passwd)
+
     query = "SELECT userPHID, address, isVerified \
            from user_email where address=%s"
     _ = p.sql_x(query, emailaddress)
     p.close()
-    return _[0] or ''
+    if _ is not None and len(_[0]) > 0:
+        return _[0][0]
 
 def get_verified_users(modtime, limit=None):
     #Find the task in new Phabricator that matches our lookup
author	cpettet <rush@wikimedia.org>	2014-12-30 16:00:50 -0600
committer	cpettet <rush@wikimedia.org>	2014-12-30 16:00:50 -0600
commit	db3acec9dd6c2c0150ffb52a8b587bb5befd34a8 (patch)
tree	6105bf1bde360275ee7adcd00e7078346ff7956a
parent	39d05f179c749aa14cdf9c7fc5e0c95efb5a29da (diff)