<?phpnamespaceDrush\Commands;useConsolidation\AnnotatedCommand\CommandData;useConsolidation\AnnotatedCommand\Hooks\HookManager;useDrush\AttributesasCLI;useDrush\Commands\core\RsyncCommands;useDrush\Commands\core\UpdateDBCommands;useDrush\Commands\sql\SqlSyncCommands;/** * Load this commandfile using the --include option - e.g. `drush --include=/path/to/drush/examples` * * See [Drush Test Traits](https://github.com/drush-ops/drush/blob/13.x/docs/contribute/unish.md#about-the-test-suites) for info on testing Drush commands. */classPolicyCommandsextendsDrushCommands{/** * Prevent catastrophic braino. Note that this file has to be local to the * machine that initiates the sql:sync command. * * @throws \Exception */#[CLI\Hook(type:HookManager::ARGUMENT_VALIDATOR,target:SqlSyncCommands::SYNC)]publicfunctionsqlSyncValidate(CommandData$commandData){if($commandData->input()->getArgument('target')=='@prod'){thrownew\Exception(dt('Per !file, you may never overwrite the production database.',['!file'=>__FILE__]));}}/** * Limit rsync operations to production site. */#[CLI\Hook(type:HookManager::ARGUMENT_VALIDATOR,target:RsyncCommands::RSYNC)]publicfunctionrsyncValidate(CommandData$commandData){if(preg_match("/^@prod/",$commandData->input()->getArgument('target'))){thrownew\Exception(dt('Per !file, you may never rsync to the production site.',['!file'=>__FILE__]));}}/** * Unauthorized may not execute updates. */#[CLI\Hook(type:HookManager::ARGUMENT_VALIDATOR,target:UpdateDBCommands::UPDATEDB)]publicfunctionvalidateUpdateDb(CommandData$commandData){if(!$commandData->input()->getOption('secret')=='mysecret'){thrownew\Exception(dt('UpdateDb command requires a secret token per site policy.'));}}#[CLI\Hook(type:HookManager::OPTION_HOOK,target:UpdateDBCommands::UPDATEDB)]#[CLI\Option(name:'secret',description:'A required token else user may not run updatedb command.')]publicfunctionoptionsetUpdateDb($options=['secret'=>self::REQ]){}}