recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Allow user creators to send Email Invitations (feature incomplete since 2013)

Summary:
Premising that the "People" application already has a policy named
"Can Create (non-bot) Users", which can be configured here:

http://phorge.localhost/applications/edit/PhabricatorPeopleApplication/

Before this change, only admins were able to use the page Email Invitations.

After this change, who has "Can Create (non-bot) Users" can invite too!

Surprisingly, we do not require any extra code to harden email privacy,
since the emails (PhabricatorAuthInvite) are already visible only to
who sent that invite, as stated in the 'hasAutomaticCapability' from 2015:

https://we.phorge.it/source/phorge/browse/master/src/applications/auth/storage/PhabricatorAuthInvite.php;62c69fdcff02ab0bdca92841cf39d9e6ef0b7364#L91-109

Note that, in 2013, the whole People app has been restricted to administrators only:

e3a9ddfc4f7be28850bc6f41917f9dc2f6aa06b5

Note that, in 2015, the UX was clearly saying that this part was also available
to non-administrators:

https://we.phorge.it/source/phorge/browse/master/src/applications/auth/storage/PhabricatorAuthInvite.php;ae59760222529ce5c83a250dfea1b9ec3ef413b1#L107-108

Now the feature is completed.

Closes T15672

Test Plan:
Have the "phd" daemon running, as usual.

Visit the pages "Email Invitations" as administrator.
Invite some emails. No regressions.

http://phorge.localhost/people/invite/

http://phorge.localhost/people/invite/send/

Visit the Email Invitations as the user "Alice", un-authorized user.
Alice still sees "You Shall Not Pass". No regressions.

http://phorge.localhost/people/invite/

http://phorge.localhost/people/invite/send/

Create a new project named "Policy Users Creators".
Configure the People application and edit the policy
"Can Create (non-bot) Users" to assign that group. Save:

http://phorge.localhost/applications/edit/PhabricatorPeopleApplication/

Alice now joins the group "Policy Users Creators".

Alice can now see these features!

http://phorge.localhost/people/invite/

http://phorge.localhost/people/invite/send/

Alice can also invite some emails. It works! WOOO!

Now. Check for privacy regressions.

Create the user Bob, just like Alice.

Try the same Email Invitations from Bob.

- Bob does not see the Alice's invitees
- Alice does not see the Bob's invitees
- Administrators can still see all invitees

Check that the method `PhabricatorPeopleInviteController::shouldRequireAdmin()` affects only 2 controllers:

```
$ grep -R 'extends PhabricatorPeopleInviteController' src/
src/applications/people/controller/PhabricatorPeopleInviteListController.php: extends PhabricatorPeopleInviteController {
src/applications/people/controller/PhabricatorPeopleInviteSendController.php: extends PhabricatorPeopleInviteController {
```

Reviewers: O1 Blessed Committers, aklapper

Reviewed By: O1 Blessed Committers, aklapper

Subscribers: pppery, aklapper, tobiaswiese, Matthew, Cigaryno

Maniphest Tasks: T15672

Differential Revision: https://we.phorge.it/D26612

Valerio Bozzolan 72bada2c 536c026c

+15
+6
src/applications/people/controller/PhabricatorPeopleController.php
··· 22 22 if ($viewer->getIsAdmin()) { 23 23 $nav->addLabel(pht('User Administration')); 24 24 $nav->addFilter('logs', pht('Activity Logs')); 25 + } 26 + 27 + $can_invite = $this->hasApplicationCapability( 28 + PeopleCreateUsersCapability::CAPABILITY); 29 + 30 + if ($can_invite) { 25 31 $nav->addFilter('invite', pht('Email Invitations')); 26 32 } 27 33
+6
src/applications/people/controller/PhabricatorPeopleInviteController.php
··· 3 3 abstract class PhabricatorPeopleInviteController 4 4 extends PhabricatorPeopleController { 5 5 6 + public function shouldRequireAdmin() { 7 + // The invite system supports non-admins very well. 8 + // Non-admins can only see their invitees. 9 + return false; 10 + } 11 + 6 12 protected function buildApplicationCrumbs() { 7 13 $crumbs = parent::buildApplicationCrumbs(); 8 14 $crumbs->addTextCrumb(
+3
src/applications/people/controller/PhabricatorPeopleInviteListController.php
··· 4 4 extends PhabricatorPeopleInviteController { 5 5 6 6 public function handleRequest(AphrontRequest $request) { 7 + $this->requireApplicationCapability( 8 + PeopleCreateUsersCapability::CAPABILITY); 9 + 7 10 $controller = id(new PhabricatorApplicationSearchController()) 8 11 ->setQueryKey($request->getURIData('queryKey')) 9 12 ->setSearchEngine(new PhabricatorAuthInviteSearchEngine())