@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.)
hq.recaptime.dev/wiki/Phorge
phorge
phabricator
1<?php
2
3final class PhabricatorPeopleDisableController
4 extends PhabricatorPeopleController {
5
6 public function shouldRequireAdmin() {
7 return false;
8 }
9
10 public function handleRequest(AphrontRequest $request) {
11 $viewer = $this->getViewer();
12 $id = $request->getURIData('id');
13 $via = $request->getURIData('via');
14
15 $user = id(new PhabricatorPeopleQuery())
16 ->setViewer($viewer)
17 ->withIDs(array($id))
18 ->executeOne();
19 if (!$user) {
20 return new Aphront404Response();
21 }
22
23 // NOTE: We reach this controller via the administrative "Disable Account"
24 // on profiles and also via the "X" action on the approval queue. We do
25 // things slightly differently depending on the context the actor is in.
26
27 // In particular, disabling via "Disapprove" requires you be an
28 // administrator (and bypasses the "Can Disable Users" permission).
29 // Disabling via "Disable" requires the permission only.
30
31 $is_disapprove = ($via == 'disapprove');
32 if ($is_disapprove) {
33 $done_uri = $this->getApplicationURI('query/approval/');
34
35 if (!$viewer->getIsAdmin()) {
36 return $this->newDialog()
37 ->setTitle(pht('No Permission'))
38 ->appendParagraph(pht('Only administrators can disapprove users.'))
39 ->addCancelButton($done_uri);
40 }
41
42 if ($user->getIsApproved()) {
43 return $this->newDialog()
44 ->setTitle(pht('Already Approved'))
45 ->appendParagraph(pht('This user has already been approved.'))
46 ->addCancelButton($done_uri);
47 }
48
49 // On the "Disapprove" flow, bypass the "Can Disable Users" permission.
50 $actor = PhabricatorUser::getOmnipotentUser();
51 $should_disable = true;
52 } else {
53 $this->requireApplicationCapability(
54 PeopleDisableUsersCapability::CAPABILITY);
55
56 $actor = $viewer;
57 $done_uri = $this->getApplicationURI("manage/{$id}/");
58 $should_disable = !$user->getIsDisabled();
59 }
60
61 if ($viewer->getPHID() == $user->getPHID()) {
62 return $this->newDialog()
63 ->setTitle(pht('Something Stays Your Hand'))
64 ->appendParagraph(
65 pht(
66 'Try as you might, you find you can not disable your own account.'))
67 ->addCancelButton($done_uri, pht('Curses!'));
68 }
69
70 if ($request->isFormPost()) {
71 $xactions = array();
72
73 $xactions[] = id(new PhabricatorUserTransaction())
74 ->setTransactionType(PhabricatorUserDisableTransaction::TRANSACTIONTYPE)
75 ->setNewValue($should_disable);
76
77 id(new PhabricatorUserTransactionEditor())
78 ->setActor($actor)
79 ->setActingAsPHID($viewer->getPHID())
80 ->setContentSourceFromRequest($request)
81 ->setContinueOnMissingFields(true)
82 ->setContinueOnNoEffect(true)
83 ->applyTransactions($user, $xactions);
84
85 return id(new AphrontRedirectResponse())->setURI($done_uri);
86 }
87
88 if ($should_disable) {
89 $title = pht('Disable User Account?');
90 $short_title = pht('Disable Account');
91
92 $body = pht(
93 'Disable %s? They will no longer be able to access this server or '.
94 'receive email.',
95 phutil_tag('strong', array(), $user->getUsername()));
96
97 $submit = pht('Disable Account');
98 } else {
99 $title = pht('Enable User Account?');
100 $short_title = pht('Enable User');
101
102 $body = pht(
103 'Enable %s? They will be able to access this server and receive '.
104 'email again.',
105 phutil_tag('strong', array(), $user->getUsername()));
106
107 $submit = pht('Enable Account');
108 }
109
110 return $this->newDialog()
111 ->setTitle($title)
112 ->setShortTitle($short_title)
113 ->appendParagraph($body)
114 ->addCancelButton($done_uri)
115 ->addSubmitButton($submit);
116 }
117
118}