People - refine permissions on creating new users

@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge

phorge phabricator

fork

Summary: Fixes T7142. Make old permission mean "make (non-bot) users" and then nuance the UI for those administrators who can make bot accounts.

Test Plan: loaded up admin a with full powers and admin b with restricted powers. noted admin a could make a full user. noted admin b could not make a full user. noted admin b got an error even via clever uri hacking.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7142

Differential Revision: https://secure.phabricator.com/D11702

Bob Trahan 11 years ago 345966cb 57f1ab70

+28 -10

4 changed files

expand all

src

applications

people

application

PhabricatorPeopleApplication.php

capability

PeopleCreateUsersCapability.php

controller

PhabricatorPeopleListController.php

PhabricatorPeopleNewController.php

+12 -1

src/applications/people/application/PhabricatorPeopleApplication.php

··· 164 164 public function getQuickCreateItems(PhabricatorUser $viewer) { 165 165 $items = array(); 166 166 167 - if ($viewer->getIsAdmin()) { 167 + $can_create = PhabricatorPolicyFilter::hasCapability( 168 + $viewer, 169 + $this, 170 + PeopleCreateUsersCapability::CAPABILITY); 171 + 172 + if ($can_create) { 168 173 $item = id(new PHUIListItemView()) 169 174 ->setName(pht('User Account')) 170 175 ->setIcon('fa-users') 171 176 ->setHref($this->getBaseURI().'create/'); 177 + $items[] = $item; 178 + } else if ($viewer->getIsAdmin()) { 179 + $item = id(new PHUIListItemView()) 180 + ->setName(pht('Bot Account')) 181 + ->setIcon('fa-android') 182 + ->setHref($this->getBaseURI().'new/bot/'); 172 183 $items[] = $item; 173 184 } 174 185

+1 -1

src/applications/people/capability/PeopleCreateUsersCapability.php

··· 6 6 const CAPABILITY = 'people.create.users'; 7 7 8 8 public function getCapabilityName() { 9 - return pht('Can Create Users'); 9 + return pht('Can Create (non-bot) Users'); 10 10 } 11 11 12 12 public function describeCapabilityRejection() {

+13 -6

src/applications/people/controller/PhabricatorPeopleListController.php

··· 35 35 36 36 $can_create = $this->hasApplicationCapability( 37 37 PeopleCreateUsersCapability::CAPABILITY); 38 - $crumbs->addAction( 39 - id(new PHUIListItemView()) 40 - ->setName(pht('Create New User')) 41 - ->setHref($this->getApplicationURI('create/')) 42 - ->setDisabled(!$can_create) 43 - ->setIcon('fa-plus-square')); 38 + if ($can_create) { 39 + $crumbs->addAction( 40 + id(new PHUIListItemView()) 41 + ->setName(pht('Create New User')) 42 + ->setHref($this->getApplicationURI('create/')) 43 + ->setIcon('fa-plus-square')); 44 + } else if ($viewer->getIsAdmin()) { 45 + $crumbs->addAction( 46 + id(new PHUIListItemView()) 47 + ->setName(pht('Create New Bot')) 48 + ->setHref($this->getApplicationURI('new/bot/')) 49 + ->setIcon('fa-plus-square')); 50 + } 44 51 45 52 return $crumbs; 46 53 }

+2 -2

src/applications/people/controller/PhabricatorPeopleNewController.php

··· 4 4 extends PhabricatorPeopleController { 5 5 6 6 public function handleRequest(AphrontRequest $request) { 7 - $this->requireApplicationCapability( 8 - PeopleCreateUsersCapability::CAPABILITY); 9 7 $type = $request->getURIData('type'); 10 8 $admin = $request->getUser(); 11 9 12 10 switch ($type) { 13 11 case 'standard': 12 + $this->requireApplicationCapability( 13 + PeopleCreateUsersCapability::CAPABILITY); 14 14 $is_bot = false; 15 15 break; 16 16 case 'bot':

Configure Feed

Configure Feed