recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Add a granular capability for user directory browsing

Summary:
Fixes T4358. User request from IRC, but I think this is generally reasonable.

Although we can not prevent users from determining that other user accounts exist in the general case, it does seem reasonable to restrict browsing the user directory to a subset of users.

In our case, I'll probably do this on `secure.phabricator.com`, since it seems a little odd to let Google index the user directory, for example.

Test Plan: Set the policy to "no one" and tried to browse users.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T4358

Differential Revision: https://secure.phabricator.com/D8112

epriestley 5fd1e88a 99ab11e9

+40
+2
src/__phutil_library_map__.php
··· 1050 1050 'PasteEmbedView' => 'applications/paste/view/PasteEmbedView.php', 1051 1051 'PasteMockMailReceiver' => 'applications/paste/mail/PasteMockMailReceiver.php', 1052 1052 'PasteReplyHandler' => 'applications/paste/mail/PasteReplyHandler.php', 1053 + 'PeopleCapabilityBrowseUserDirectory' => 'applications/people/capability/PeopleCapabilityBrowseUserDirectory.php', 1053 1054 'Phabricator404Controller' => 'applications/base/controller/Phabricator404Controller.php', 1054 1055 'PhabricatorAWSConfigOptions' => 'applications/config/option/PhabricatorAWSConfigOptions.php', 1055 1056 'PhabricatorAccessControlTestCase' => 'applications/base/controller/__tests__/PhabricatorAccessControlTestCase.php', ··· 3654 3655 'PasteEmbedView' => 'AphrontView', 3655 3656 'PasteMockMailReceiver' => 'PhabricatorObjectMailReceiver', 3656 3657 'PasteReplyHandler' => 'PhabricatorMailReplyHandler', 3658 + 'PeopleCapabilityBrowseUserDirectory' => 'PhabricatorPolicyCapability', 3657 3659 'Phabricator404Controller' => 'PhabricatorController', 3658 3660 'PhabricatorAWSConfigOptions' => 'PhabricatorApplicationConfigOptions', 3659 3661 'PhabricatorAccessControlTestCase' => 'PhabricatorTestCase',
+8
src/applications/people/application/PhabricatorApplicationPeople.php
··· 62 62 ); 63 63 } 64 64 65 + 66 + protected function getCustomCapabilities() { 67 + return array( 68 + PeopleCapabilityBrowseUserDirectory::CAPABILITY => array( 69 + ), 70 + ); 71 + } 72 + 65 73 public function loadStatus(PhabricatorUser $user) { 66 74 if (!$user->getIsAdmin()) { 67 75 return array();
+25
src/applications/people/capability/PeopleCapabilityBrowseUserDirectory.php
··· 1 + <?php 2 + 3 + final class PeopleCapabilityBrowseUserDirectory 4 + extends PhabricatorPolicyCapability { 5 + 6 + const CAPABILITY = 'people.browse'; 7 + 8 + public function getCapabilityKey() { 9 + return self::CAPABILITY; 10 + } 11 + 12 + public function getCapabilityName() { 13 + return pht('Can Browse User Directory'); 14 + } 15 + 16 + public function shouldAllowPublicPolicySetting() { 17 + return true; 18 + } 19 + 20 + public function describeCapabilityRejection() { 21 + return pht( 22 + 'You do not have permission to browse the user directory.'); 23 + } 24 + 25 + }
+5
src/applications/people/controller/PhabricatorPeopleListController.php
··· 19 19 20 20 public function processRequest() { 21 21 $request = $this->getRequest(); 22 + $viewer = $request->getUser(); 23 + 24 + $this->requireApplicationCapability( 25 + PeopleCapabilityBrowseUserDirectory::CAPABILITY); 26 + 22 27 $controller = id(new PhabricatorApplicationSearchController($request)) 23 28 ->setQueryKey($this->key) 24 29 ->setSearchEngine(new PhabricatorPeopleSearchEngine())