recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Auth - add "manage providers" capability

Summary: Ref T6947.

Test Plan: toggled setting in application settings and changes stuck. set policy to admin user a only and could not add a provider as a admin user b.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T6947

Differential Revision: https://secure.phabricator.com/D11356

Bob Trahan 46913f65 98ec225c

+51 -30
+2
src/__phutil_library_map__.php
··· 179 179 'AuditActionMenuEventListener' => 'applications/audit/events/AuditActionMenuEventListener.php', 180 180 'AuditConduitAPIMethod' => 'applications/audit/conduit/AuditConduitAPIMethod.php', 181 181 'AuditQueryConduitAPIMethod' => 'applications/audit/conduit/AuditQueryConduitAPIMethod.php', 182 + 'AuthManageProvidersCapability' => 'applications/auth/capability/AuthManageProvidersCapability.php', 182 183 'CalendarColors' => 'applications/calendar/constants/CalendarColors.php', 183 184 'CalendarConstants' => 'applications/calendar/constants/CalendarConstants.php', 184 185 'CalendarTimeUtil' => 'applications/calendar/util/CalendarTimeUtil.php', ··· 3256 3257 'AuditActionMenuEventListener' => 'PhabricatorEventListener', 3257 3258 'AuditConduitAPIMethod' => 'ConduitAPIMethod', 3258 3259 'AuditQueryConduitAPIMethod' => 'AuditConduitAPIMethod', 3260 + 'AuthManageProvidersCapability' => 'PhabricatorPolicyCapability', 3259 3261 'CalendarColors' => 'CalendarConstants', 3260 3262 'CalendarTimeUtilTestCase' => 'PhabricatorTestCase', 3261 3263 'CelerityManagementMapWorkflow' => 'CelerityManagementWorkflow',
+7
src/applications/auth/application/PhabricatorAuthApplication.php
··· 144 144 ); 145 145 } 146 146 147 + protected function getCustomCapabilities() { 148 + return array( 149 + AuthManageProvidersCapability::CAPABILITY => array( 150 + 'default' => PhabricatorPolicies::POLICY_ADMIN, 151 + ), 152 + ); 153 + } 147 154 }
+17
src/applications/auth/capability/AuthManageProvidersCapability.php
··· 1 + <?php 2 + 3 + final class AuthManageProvidersCapability 4 + extends PhabricatorPolicyCapability { 5 + 6 + const CAPABILITY = 'auth.manage.providers'; 7 + 8 + public function getCapabilityName() { 9 + return pht('Can Manage Auth Providers'); 10 + } 11 + 12 + public function describeCapabilityRejection() { 13 + return pht( 14 + 'You do not have permission to manage authentication providers.'); 15 + } 16 + 17 + }
+7 -12
src/applications/auth/controller/config/PhabricatorAuthDisableController.php
··· 3 3 final class PhabricatorAuthDisableController 4 4 extends PhabricatorAuthProviderConfigController { 5 5 6 - private $configID; 7 - private $action; 8 - 9 - public function willProcessRequest(array $data) { 10 - $this->configID = idx($data, 'id'); 11 - $this->action = idx($data, 'action'); 12 - } 13 - 14 - public function processRequest() { 15 - $request = $this->getRequest(); 6 + public function handleRequest(AphrontRequest $request) { 7 + $this->requireApplicationCapability( 8 + AuthManageProvidersCapability::CAPABILITY); 16 9 $viewer = $request->getUser(); 10 + $config_id = $request->getURIData('id'); 11 + $action = $request->getURIData('action'); 17 12 18 13 $config = id(new PhabricatorAuthProviderConfigQuery()) 19 14 ->setViewer($viewer) ··· 22 17 PhabricatorPolicyCapability::CAN_VIEW, 23 18 PhabricatorPolicyCapability::CAN_EDIT, 24 19 )) 25 - ->withIDs(array($this->configID)) 20 + ->withIDs(array($config_id)) 26 21 ->executeOne(); 27 22 if (!$config) { 28 23 return new Aphront404Response(); 29 24 } 30 25 31 - $is_enable = ($this->action === 'enable'); 26 + $is_enable = ($action === 'enable'); 32 27 33 28 if ($request->isDialogFormPost()) { 34 29 $xactions = array();
+8 -13
src/applications/auth/controller/config/PhabricatorAuthEditController.php
··· 3 3 final class PhabricatorAuthEditController 4 4 extends PhabricatorAuthProviderConfigController { 5 5 6 - private $providerClass; 7 - private $configID; 8 - 9 - public function willProcessRequest(array $data) { 10 - $this->providerClass = idx($data, 'className'); 11 - $this->configID = idx($data, 'id'); 12 - } 13 - 14 - public function processRequest() { 15 - $request = $this->getRequest(); 6 + public function handleRequest(AphrontRequest $request) { 7 + $this->requireApplicationCapability( 8 + AuthManageProvidersCapability::CAPABILITY); 16 9 $viewer = $request->getUser(); 10 + $provider_class = $request->getURIData('className'); 11 + $config_id = $request->getURIData('configID'); 17 12 18 - if ($this->configID) { 13 + if ($config_id) { 19 14 $config = id(new PhabricatorAuthProviderConfigQuery()) 20 15 ->setViewer($viewer) 21 16 ->requireCapabilities( ··· 23 18 PhabricatorPolicyCapability::CAN_VIEW, 24 19 PhabricatorPolicyCapability::CAN_EDIT, 25 20 )) 26 - ->withIDs(array($this->configID)) 21 + ->withIDs(array($config_id)) 27 22 ->executeOne(); 28 23 if (!$config) { 29 24 return new Aphront404Response(); ··· 38 33 } else { 39 34 $providers = PhabricatorAuthProvider::getAllBaseProviders(); 40 35 foreach ($providers as $candidate_provider) { 41 - if (get_class($candidate_provider) === $this->providerClass) { 36 + if (get_class($candidate_provider) === $provider_class) { 42 37 $provider = $candidate_provider; 43 38 break; 44 39 }
+4
src/applications/auth/controller/config/PhabricatorAuthListController.php
··· 49 49 $item->addAttribute(pht('Allows Registration')); 50 50 } 51 51 52 + $can_manage = $this->hasApplicationCapability( 53 + AuthManageProvidersCapability::CAPABILITY); 52 54 if ($config->getIsEnabled()) { 53 55 $item->setBarColor('green'); 54 56 $item->addAction( 55 57 id(new PHUIListItemView()) 56 58 ->setIcon('fa-times') 57 59 ->setHref($disable_uri) 60 + ->setDisabled(!$can_manage) 58 61 ->addSigil('workflow')); 59 62 } else { 60 63 $item->setBarColor('grey'); ··· 63 66 id(new PHUIListItemView()) 64 67 ->setIcon('fa-plus') 65 68 ->setHref($enable_uri) 69 + ->setDisabled(!$can_manage) 66 70 ->addSigil('workflow')); 67 71 } 68 72
+3 -1
src/applications/auth/controller/config/PhabricatorAuthNewController.php
··· 3 3 final class PhabricatorAuthNewController 4 4 extends PhabricatorAuthProviderConfigController { 5 5 6 - public function processRequest() { 6 + public function handleRequest(AphrontRequest $request) { 7 + $this->requireApplicationCapability( 8 + AuthManageProvidersCapability::CAPABILITY); 7 9 $request = $this->getRequest(); 8 10 $viewer = $request->getUser(); 9 11
+3 -4
src/applications/auth/controller/config/PhabricatorAuthProviderConfigController.php
··· 3 3 abstract class PhabricatorAuthProviderConfigController 4 4 extends PhabricatorAuthController { 5 5 6 - public function shouldRequireAdmin() { 7 - return true; 8 - } 9 - 10 6 protected function buildSideNavView($for_app = false) { 11 7 $nav = new AphrontSideNavFilterView(); 12 8 $nav->setBaseURI(new PhutilURI($this->getApplicationURI())); ··· 27 23 protected function buildApplicationCrumbs() { 28 24 $crumbs = parent::buildApplicationCrumbs(); 29 25 26 + $can_create = $this->hasApplicationCapability( 27 + AuthManageProvidersCapability::CAPABILITY); 30 28 $crumbs->addAction( 31 29 id(new PHUIListItemView()) 32 30 ->setName(pht('Add Authentication Provider')) 33 31 ->setHref($this->getApplicationURI('/config/new/')) 32 + ->setDisabled(!$can_create) 34 33 ->setIcon('fa-plus-square')); 35 34 36 35 return $crumbs;