restricted_paths: rename path presence API

gustavoavena · meta-codesync[bot] · commit 9dbbba85c7ee · 2026-05-06T08:45:46.000-07:00
Summary:
## This stack
This stack adds AclManifest shadow comparison logging for restricted_paths while keeping config-backed behavior authoritative in the first stack.

## This diff
Renames `has_restricted_paths` to `may_have_restricted_paths` before the shadow path logging diff changes its behavior, making the public method name match the fact that AclManifest-backed restrictions can be discovered dynamically.

___

overriding_review_checks_triggers_an_audit_and_retroactive_review
Oncall Short Name: source_control

Differential Revision: D104035670

fbshipit-source-id: a4de731cadad8621be5434a9543a004ae6bff2dc
diff --git a/eden/mononoke/jobs/cas_sync/src/re_cas_sync.rs b/eden/mononoke/jobs/cas_sync/src/re_cas_sync.rs
@@ -109,7 +109,7 @@ pub async fn try_sync<'a>(
     ctx: &'a CoreContext,
     bcs_id: ChangesetId,
 ) -> Result<UploadStats, Error> {
-    let restricted_path_roots = if repo.restricted_paths().has_restricted_paths() {
+    let restricted_path_roots = if repo.restricted_paths().may_have_restricted_paths() {
         let bonsai: mononoke_types::BonsaiChangeset =
             bcs_id.load(ctx, &repo.repo_blobstore()).await?;
         let changed_paths: Vec<NonRootMPath> = bonsai
diff --git a/eden/mononoke/mononoke_api/src/changeset.rs b/eden/mononoke/mononoke_api/src/changeset.rs
@@ -2136,11 +2136,11 @@ impl<R: MononokeRepo> ChangesetContext<R> {
         Ok(RestrictedPathsChangesInfo { restricted_changes })
     }
 
-    /// Check if the repository has any restricted paths configured.
-    pub fn has_restricted_paths(&self) -> bool {
+    /// Check if the repository may have restricted paths.
+    pub fn may_have_restricted_paths(&self) -> bool {
         self.repo_ctx()
             .repo()
             .restricted_paths_arc()
-            .has_restricted_paths()
+            .may_have_restricted_paths()
     }
 }
diff --git a/eden/mononoke/mononoke_api_hg/src/tree.rs b/eden/mononoke/mononoke_api_hg/src/tree.rs
@@ -351,7 +351,7 @@ impl<R: MononokeRepo> HgAugmentedTreeRestrictionContext<R> {
 
         let restricted_paths = self.repo_ctx.repo().restricted_paths_arc();
 
-        if !restricted_paths.has_restricted_paths() {
+        if !restricted_paths.may_have_restricted_paths() {
             return Ok(None);
         }
 
diff --git a/eden/mononoke/repo_attributes/restricted_paths/src/lib.rs b/eden/mononoke/repo_attributes/restricted_paths/src/lib.rs
@@ -128,11 +128,11 @@ impl RestrictedPaths {
         self.config_based.config()
     }
 
-    /// Returns whether any restricted paths are configured for this repository.
+    /// Returns whether this repository may have restricted paths.
     /// When `use_acl_manifest` is true, restrictions are discovered dynamically
-    /// from `.slacl` files in the repo, so we cannot short-circuit based on
-    /// the config-based `path_acls` alone.
-    pub fn has_restricted_paths(&self) -> bool {
+    /// from `.slacl` files in the repo, so callers cannot treat a false
+    /// config-only lookup as proof that no restricted paths exist.
+    pub fn may_have_restricted_paths(&self) -> bool {
         self.use_acl_manifest || self.config_based.has_restricted_paths()
     }
 
@@ -657,7 +657,7 @@ mod tests {
         let repo_restricted_paths =
             build_test_restricted_paths(fb, RestrictedPathsConfig::default()).await?;
 
-        assert!(!repo_restricted_paths.has_restricted_paths());
+        assert!(!repo_restricted_paths.may_have_restricted_paths());
 
         let ctx = CoreContext::test_mock(fb);
         let cs_id = ChangesetId::new(mononoke_types::hash::Blake2::from_byte_array([0u8; 32]));
@@ -700,7 +700,7 @@ mod tests {
 
         let repo_restricted_paths = build_test_restricted_paths(fb, config).await?;
 
-        assert!(repo_restricted_paths.has_restricted_paths());
+        assert!(repo_restricted_paths.may_have_restricted_paths());
         Ok(())
     }
 
@@ -794,7 +794,7 @@ mod tests {
         )
         .await?;
 
-        assert!(!_restricted_paths.has_restricted_paths());
+        assert!(!_restricted_paths.may_have_restricted_paths());
         Ok(())
     }
 
diff --git a/eden/mononoke/servers/scs/scs_methods/src/methods/commit_restricted_paths.rs b/eden/mononoke/servers/scs/scs_methods/src/methods/commit_restricted_paths.rs
@@ -25,7 +25,7 @@ pub(crate) async fn restricted_paths_access_impl(
     check_permissions: bool,
 ) -> Result<thrift::CommitRestrictedPathsAccessResponse, scs_errors::ServiceError> {
     // If no restricted paths configured, return empty response
-    if !cs_ctx.has_restricted_paths() {
+    if !cs_ctx.may_have_restricted_paths() {
         return Ok(thrift::CommitRestrictedPathsAccessResponse {
             are_restricted: thrift::PathCoverage::NONE,
             has_access: thrift::PathCoverage::ALL,

Original file line number	Diff line number	Diff line change
`@@ -2136,11 +2136,11 @@ impl<R: MononokeRepo> ChangesetContext<R> {`
`2136`	`2136`	`Ok(RestrictedPathsChangesInfo { restricted_changes })`
`2137`	`2137`	`}`
`2138`	`2138`
`2139`		`- /// Check if the repository has any restricted paths configured.`
`2140`		`- pub fn has_restricted_paths(&self) -> bool {`
	`2139`	`+ /// Check if the repository may have restricted paths.`
	`2140`	`+ pub fn may_have_restricted_paths(&self) -> bool {`
`2141`	`2141`	`self.repo_ctx()`
`2142`	`2142`	`.repo()`
`2143`	`2143`	`.restricted_paths_arc()`
`2144`		`- .has_restricted_paths()`
	`2144`	`+ .may_have_restricted_paths()`
`2145`	`2145`	`}`
`2146`	`2146`	`}`
Original file line number	Diff line number	Diff line change
`@@ -351,7 +351,7 @@ impl<R: MononokeRepo> HgAugmentedTreeRestrictionContext<R> {`
`351`	`351`
`352`	`352`	`let restricted_paths = self.repo_ctx.repo().restricted_paths_arc();`
`353`	`353`
`354`		`- if !restricted_paths.has_restricted_paths() {`
	`354`	`+ if !restricted_paths.may_have_restricted_paths() {`
`355`	`355`	`return Ok(None);`
`356`	`356`	`}`
`357`	`357`