@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.)
hq.recaptime.dev/wiki/Phorge
phorge
phabricator
Restrict Workboard initialization to CAN_EDIT
Summary: Make Workboard initialization more restrictive.
Test Plan: Log out, see "No Workboard", Log in with permissions, see "New Workboard", Log in with notchad, see "No Workboard".
Reviewers: epriestley
Reviewed By: epriestley
Subscribers: Korvin
Maniphest Tasks: T7410
Differential Revision: https://secure.phabricator.com/D14306
+5
-1
+5
-1
src/applications/project/controller/PhabricatorProjectBoardViewController.php
+5
-1
src/applications/project/controller/PhabricatorProjectBoardViewController.php
···
67
67
// TODO: Expand the checks here if we add the ability
68
68
// to hide the Backlog column
69
69
if (!$columns) {
70
-
if (!$viewer->isLoggedIn()) {
70
+
$can_edit = PhabricatorPolicyFilter::hasCapability(
71
+
$viewer,
72
+
$project,
73
+
PhabricatorPolicyCapability::CAN_EDIT);
74
+
if (!$can_edit) {
71
75
return $this->noAccessDialog($project);
72
76
}
73
77
switch ($request->getStr('initialize-type')) {