@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.)
hq.recaptime.dev/wiki/Phorge
phorge
phabricator
Align web UI "Disable" and "Approve/Disapprove" flows with new "Can Disable Users" permission
Summary:
Depends on D19606. Ref T13189. See PHI642.
- Disabling/enabling users no longer requires admin. Now, you just need "Can Disable Users".
- Update the UI to appropriately show the action in black or grey depending on what clicking the button will do.
- For "Approve/Disapprove", fix a couple bugs, then let them go through without respect for "Can Disable Users". This is conceptually a different action, even though it ultimately sets the "Disabled" flag.
Test Plan:
- Disabled/enabled users from the web UI as various users, including a non-administrator with "Can Disable Users".
- Hit permissions errors from the web UI as various users, including an administrator without "Can Disable Users".
- Saw the "Disable/Enable" action activate properly based on whether clicking the button would actually work.
- Disapproved a user without "Can Disable Users" permission, tried to re-disapprove a user.
- Approved a user, tried to reapprove a user.
Reviewers: amckinley
Maniphest Tasks: T13189
Differential Revision: https://secure.phabricator.com/D19607
+51
-9
+7
src/applications/people/controller/PhabricatorPeopleApproveController.php
+7
src/applications/people/controller/PhabricatorPeopleApproveController.php
···
16
16
17
17
$done_uri = $this->getApplicationURI('query/approval/');
18
18
19
+
if ($user->getIsApproved()) {
20
+
return $this->newDialog()
21
+
->setTitle(pht('Already Approved'))
22
+
->appendChild(pht('This user has already been approved.'))
23
+
->addCancelButton($done_uri);
24
+
}
25
+
19
26
if ($request->isFormPost()) {
20
27
id(new PhabricatorUserEditor())
21
28
->setActor($viewer)
+32
-2
src/applications/people/controller/PhabricatorPeopleDisableController.php
+32
-2
src/applications/people/controller/PhabricatorPeopleDisableController.php
···
3
3
final class PhabricatorPeopleDisableController
4
4
extends PhabricatorPeopleController {
5
5
6
+
public function shouldRequireAdmin() {
7
+
return false;
8
+
}
9
+
6
10
public function handleRequest(AphrontRequest $request) {
7
11
$viewer = $this->getViewer();
8
12
$id = $request->getURIData('id');
9
-
$via = $request->getURIData('id');
13
+
$via = $request->getURIData('via');
10
14
11
15
$user = id(new PhabricatorPeopleQuery())
12
16
->setViewer($viewer)
···
20
24
// on profiles and also via the "X" action on the approval queue. We do
21
25
// things slightly differently depending on the context the actor is in.
22
26
27
+
// In particular, disabling via "Disapprove" requires you be an
28
+
// administrator (and bypasses the "Can Disable Users" permission).
29
+
// Disabling via "Disable" requires the permission only.
30
+
23
31
$is_disapprove = ($via == 'disapprove');
24
32
if ($is_disapprove) {
25
33
$done_uri = $this->getApplicationURI('query/approval/');
34
+
35
+
if (!$viewer->getIsAdmin()) {
36
+
return $this->newDialog()
37
+
->setTitle(pht('No Permission'))
38
+
->appendParagraph(pht('Only administrators can disapprove users.'))
39
+
->addCancelButton($done_uri);
40
+
}
41
+
42
+
if ($user->getIsApproved()) {
43
+
return $this->newDialog()
44
+
->setTitle(pht('Already Approved'))
45
+
->appendParagraph(pht('This user has already been approved.'))
46
+
->addCancelButton($done_uri);
47
+
}
48
+
49
+
// On the "Disapprove" flow, bypass the "Can Disable Users" permission.
50
+
$actor = PhabricatorUser::getOmnipotentUser();
26
51
$should_disable = true;
27
52
} else {
53
+
$this->requireApplicationCapability(
54
+
PeopleDisableUsersCapability::CAPABILITY);
55
+
56
+
$actor = $viewer;
28
57
$done_uri = $this->getApplicationURI("manage/{$id}/");
29
58
$should_disable = !$user->getIsDisabled();
30
59
}
···
46
75
->setNewValue($should_disable);
47
76
48
77
id(new PhabricatorUserTransactionEditor())
49
-
->setActor($viewer)
78
+
->setActor($actor)
79
+
->setActingAsPHID($viewer->getPHID())
50
80
->setContentSourceFromRequest($request)
51
81
->setContinueOnMissingFields(true)
52
82
->setContinueOnNoEffect(true)
+12
-7
src/applications/people/controller/PhabricatorPeopleProfileManageController.php
+12
-7
src/applications/people/controller/PhabricatorPeopleProfileManageController.php
···
75
75
private function buildCurtain(PhabricatorUser $user) {
76
76
$viewer = $this->getViewer();
77
77
78
+
$is_self = ($user->getPHID() === $viewer->getPHID());
79
+
78
80
$can_edit = PhabricatorPolicyFilter::hasCapability(
79
81
$viewer,
80
82
$user,
81
83
PhabricatorPolicyCapability::CAN_EDIT);
82
84
85
+
$is_admin = $viewer->getIsAdmin();
86
+
$can_admin = ($is_admin && !$is_self);
87
+
88
+
$has_disable = $this->hasApplicationCapability(
89
+
PeopleDisableUsersCapability::CAPABILITY);
90
+
$can_disable = ($has_disable && !$is_self);
91
+
92
+
$can_welcome = ($is_admin && $user->canEstablishWebSessions());
93
+
83
94
$curtain = $this->newCurtainView($user);
84
95
85
96
$curtain->addAction(
···
113
124
$empower_icon = 'fa-arrow-circle-o-up';
114
125
$empower_name = pht('Make Administrator');
115
126
}
116
-
117
-
$is_admin = $viewer->getIsAdmin();
118
-
$is_self = ($user->getPHID() === $viewer->getPHID());
119
-
$can_admin = ($is_admin && !$is_self);
120
127
121
128
$curtain->addAction(
122
129
id(new PhabricatorActionView())
···
146
153
id(new PhabricatorActionView())
147
154
->setIcon($disable_icon)
148
155
->setName($disable_name)
149
-
->setDisabled(!$can_admin)
156
+
->setDisabled(!$can_disable)
150
157
->setWorkflow(true)
151
158
->setHref($this->getApplicationURI('disable/'.$user->getID().'/')));
152
159
···
157
164
->setDisabled(!$can_admin)
158
165
->setWorkflow(true)
159
166
->setHref($this->getApplicationURI('delete/'.$user->getID().'/')));
160
-
161
-
$can_welcome = ($is_admin && $user->canEstablishWebSessions());
162
167
163
168
$curtain->addAction(
164
169
id(new PhabricatorActionView())