@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.)
hq.recaptime.dev/wiki/Phorge
phorge
phabricator
Made most of People inaccessible for passer-bys
Summary:
Depends on D5360; Refs T2770
See https://secure.phabricator.com/chatlog/channel/6/?at=54481 for discussion.
This will be a sad day, when I will repeatedly continue to hit a glass wall trying to get into `/people/` to browse the user list J4F at http://secure.phabricator.com/.
Test Plan:
verified that I could not access People as some passer-by.
Verified I could still access user profiles (at least I think I got the right controller for that).
Reviewers: epriestley, chad, btrahan
Reviewed By: epriestley
CC: aran, Korvin
Maniphest Tasks: T2770
Differential Revision: https://secure.phabricator.com/D5386
authored by
Anh Nhan Nguyen
and committed by
epriestley
e3a9ddfc
d2188053
+50
-64
+22
-22
src/__celerity_resource_map__.php
+22
-22
src/__celerity_resource_map__.php
···
2218
2218
),
2219
2219
'javelin-event' =>
2220
2220
array(
2221
-
'uri' => '/res/69d99d9f/rsrc/js/javelin/core/Event.js',
2221
+
'uri' => '/res/73201bd3/rsrc/js/javelin/core/Event.js',
2222
2222
'type' => 'js',
2223
2223
'requires' =>
2224
2224
array(
···
3860
3860
'uri' => '/res/pkg/f96657b8/diffusion.pkg.js',
3861
3861
'type' => 'js',
3862
3862
),
3863
-
'cd1d650a' =>
3863
+
'fe22443b' =>
3864
3864
array(
3865
3865
'name' => 'javelin.pkg.js',
3866
3866
'symbols' =>
···
3885
3885
17 => 'javelin-typeahead-ondemand-source',
3886
3886
18 => 'javelin-tokenizer',
3887
3887
),
3888
-
'uri' => '/res/pkg/cd1d650a/javelin.pkg.js',
3888
+
'uri' => '/res/pkg/fe22443b/javelin.pkg.js',
3889
3889
'type' => 'js',
3890
3890
),
3891
3891
'c41b4907' =>
···
3945
3945
'global-drag-and-drop-css' => '139bc58e',
3946
3946
'inline-comment-summary-css' => '8aaacd1b',
3947
3947
'javelin-aphlict' => '95ceba95',
3948
-
'javelin-behavior' => 'cd1d650a',
3948
+
'javelin-behavior' => 'fe22443b',
3949
3949
'javelin-behavior-aphlict-dropdown' => '95ceba95',
3950
3950
'javelin-behavior-aphlict-listen' => '95ceba95',
3951
3951
'javelin-behavior-aphront-basic-tokenizer' => '95ceba95',
···
3996
3996
'javelin-behavior-repository-crossreference' => '322728f3',
3997
3997
'javelin-behavior-toggle-class' => '95ceba95',
3998
3998
'javelin-behavior-workflow' => '95ceba95',
3999
-
'javelin-dom' => 'cd1d650a',
4000
-
'javelin-event' => 'cd1d650a',
4001
-
'javelin-install' => 'cd1d650a',
4002
-
'javelin-json' => 'cd1d650a',
4003
-
'javelin-mask' => 'cd1d650a',
4004
-
'javelin-request' => 'cd1d650a',
4005
-
'javelin-resource' => 'cd1d650a',
4006
-
'javelin-stratcom' => 'cd1d650a',
4007
-
'javelin-tokenizer' => 'cd1d650a',
4008
-
'javelin-typeahead' => 'cd1d650a',
4009
-
'javelin-typeahead-normalizer' => 'cd1d650a',
4010
-
'javelin-typeahead-ondemand-source' => 'cd1d650a',
4011
-
'javelin-typeahead-preloaded-source' => 'cd1d650a',
4012
-
'javelin-typeahead-source' => 'cd1d650a',
4013
-
'javelin-uri' => 'cd1d650a',
4014
-
'javelin-util' => 'cd1d650a',
4015
-
'javelin-vector' => 'cd1d650a',
4016
-
'javelin-workflow' => 'cd1d650a',
3999
+
'javelin-dom' => 'fe22443b',
4000
+
'javelin-event' => 'fe22443b',
4001
+
'javelin-install' => 'fe22443b',
4002
+
'javelin-json' => 'fe22443b',
4003
+
'javelin-mask' => 'fe22443b',
4004
+
'javelin-request' => 'fe22443b',
4005
+
'javelin-resource' => 'fe22443b',
4006
+
'javelin-stratcom' => 'fe22443b',
4007
+
'javelin-tokenizer' => 'fe22443b',
4008
+
'javelin-typeahead' => 'fe22443b',
4009
+
'javelin-typeahead-normalizer' => 'fe22443b',
4010
+
'javelin-typeahead-ondemand-source' => 'fe22443b',
4011
+
'javelin-typeahead-preloaded-source' => 'fe22443b',
4012
+
'javelin-typeahead-source' => 'fe22443b',
4013
+
'javelin-uri' => 'fe22443b',
4014
+
'javelin-util' => 'fe22443b',
4015
+
'javelin-vector' => 'fe22443b',
4016
+
'javelin-workflow' => 'fe22443b',
4017
4017
'lightbox-attachment-css' => '139bc58e',
4018
4018
'maniphest-task-summary-css' => 'c41b4907',
4019
4019
'maniphest-transaction-detail-css' => 'c41b4907',
+14
-20
src/applications/people/controller/PhabricatorPeopleController.php
+14
-20
src/applications/people/controller/PhabricatorPeopleController.php
···
2
2
3
3
abstract class PhabricatorPeopleController extends PhabricatorController {
4
4
5
+
public function shouldRequireAdmin() {
6
+
return true;
7
+
}
8
+
5
9
public function buildSideNavView() {
6
10
$nav = new AphrontSideNavFilterView();
7
11
$nav->setBaseURI(new PhutilURI($this->getApplicationURI()));
8
12
9
-
$is_admin = $this->getRequest()->getUser()->getIsAdmin();
10
-
11
-
if ($is_admin) {
12
-
$nav->addLabel(pht('User Administration'));
13
-
$nav->addFilter('edit', pht('Create New User'));
14
-
if (PhabricatorEnv::getEnvConfig('ldap.auth-enabled') === true) {
15
-
$nav->addFilter('ldap', pht('Import from LDAP'));
16
-
}
13
+
$nav->addLabel(pht('User Administration'));
14
+
$nav->addFilter('edit', pht('Create New User'));
15
+
if (PhabricatorEnv::getEnvConfig('ldap.auth-enabled') === true) {
16
+
$nav->addFilter('ldap', pht('Import from LDAP'));
17
17
}
18
18
19
19
$nav->addFilter('people',
20
20
pht('User Directory'),
21
21
$this->getApplicationURI());
22
22
23
-
if ($is_admin) {
24
-
$nav->addFilter('logs', pht('Activity Logs'));
25
-
}
23
+
$nav->addFilter('logs', pht('Activity Logs'));
26
24
27
25
return $nav;
28
26
}
···
33
31
34
32
public function buildApplicationCrumbs() {
35
33
$crumbs = parent::buildApplicationCrumbs();
36
-
// I'm sure this copypasty is wrong.
37
-
$is_admin = $this->getRequest()->getUser()->getIsAdmin();
38
34
39
-
if ($is_admin) {
40
-
$crumbs->addAction(
41
-
id(new PhabricatorMenuItemView())
42
-
->setName(pht('Create New User'))
43
-
->setHref($this->getApplicationURI('edit'))
44
-
->setIcon('create'));
45
-
}
35
+
$crumbs->addAction(
36
+
id(new PhabricatorMenuItemView())
37
+
->setName(pht('Create New User'))
38
+
->setHref($this->getApplicationURI('edit'))
39
+
->setIcon('create'));
46
40
47
41
return $crumbs;
48
42
}
-4
src/applications/people/controller/PhabricatorPeopleEditController.php
-4
src/applications/people/controller/PhabricatorPeopleEditController.php
-4
src/applications/people/controller/PhabricatorPeopleLdapController.php
-4
src/applications/people/controller/PhabricatorPeopleLdapController.php
+8
-10
src/applications/people/controller/PhabricatorPeopleListController.php
+8
-10
src/applications/people/controller/PhabricatorPeopleListController.php
···
46
46
phabricator_time($user->getDateCreated(), $viewer)))
47
47
->addAttribute($email);
48
48
49
-
if ($is_admin) {
50
-
if ($user->getIsDisabled()) {
51
-
$item->addIcon('disable', pht('Disabled'));
52
-
}
49
+
if ($user->getIsDisabled()) {
50
+
$item->addIcon('disable', pht('Disabled'));
51
+
}
53
52
54
-
if ($user->getIsAdmin()) {
55
-
$item->addIcon('highlight', pht('Admin'));
56
-
}
53
+
if ($user->getIsAdmin()) {
54
+
$item->addIcon('highlight', pht('Admin'));
55
+
}
57
56
58
-
if ($user->getIsSystemAgent()) {
59
-
$item->addIcon('computer', pht('System Agent'));
60
-
}
57
+
if ($user->getIsSystemAgent()) {
58
+
$item->addIcon('computer', pht('System Agent'));
61
59
}
62
60
63
61
$list->addItem($item);
-4
src/applications/people/controller/PhabricatorPeopleLogsController.php
-4
src/applications/people/controller/PhabricatorPeopleLogsController.php
+6
src/applications/people/controller/PhabricatorPeopleProfileController.php
+6
src/applications/people/controller/PhabricatorPeopleProfileController.php
···
7
7
private $page;
8
8
private $profileUser;
9
9
10
+
public function shouldRequireAdmin() {
11
+
// Default for people app is true
12
+
// We desire public access here
13
+
return false;
14
+
}
15
+
10
16
public function willProcessRequest(array $data) {
11
17
$this->username = idx($data, 'username');
12
18
$this->page = idx($data, 'page');