diff --git a/src/__phutil_library_map__.php b/src/__phutil_library_map__.php index af6fa96ba3..05ef3c96fe 100644 --- a/src/__phutil_library_map__.php +++ b/src/__phutil_library_map__.php @@ -2042,6 +2042,7 @@ phutil_register_library_map(array( 'PasteSearchConduitAPIMethod' => 'applications/paste/conduit/PasteSearchConduitAPIMethod.php', 'PeopleBrowseUserDirectoryCapability' => 'applications/people/capability/PeopleBrowseUserDirectoryCapability.php', 'PeopleCreateUsersCapability' => 'applications/people/capability/PeopleCreateUsersCapability.php', + 'PeopleDisableUsersCapability' => 'applications/people/capability/PeopleDisableUsersCapability.php', 'PeopleHovercardEngineExtension' => 'applications/people/engineextension/PeopleHovercardEngineExtension.php', 'PeopleMainMenuBarExtension' => 'applications/people/engineextension/PeopleMainMenuBarExtension.php', 'PeopleUserLogGarbageCollector' => 'applications/people/garbagecollector/PeopleUserLogGarbageCollector.php', @@ -7592,6 +7593,7 @@ phutil_register_library_map(array( 'PasteSearchConduitAPIMethod' => 'PhabricatorSearchEngineAPIMethod', 'PeopleBrowseUserDirectoryCapability' => 'PhabricatorPolicyCapability', 'PeopleCreateUsersCapability' => 'PhabricatorPolicyCapability', + 'PeopleDisableUsersCapability' => 'PhabricatorPolicyCapability', 'PeopleHovercardEngineExtension' => 'PhabricatorHovercardEngineExtension', 'PeopleMainMenuBarExtension' => 'PhabricatorMainMenuBarExtension', 'PeopleUserLogGarbageCollector' => 'PhabricatorGarbageCollector', diff --git a/src/applications/people/application/PhabricatorPeopleApplication.php b/src/applications/people/application/PhabricatorPeopleApplication.php index 6322b29b24..9238d8da3b 100644 --- a/src/applications/people/application/PhabricatorPeopleApplication.php +++ b/src/applications/people/application/PhabricatorPeopleApplication.php @@ -97,6 +97,9 @@ final class PhabricatorPeopleApplication extends PhabricatorApplication { PeopleCreateUsersCapability::CAPABILITY => array( 'default' => PhabricatorPolicies::POLICY_ADMIN, ), + PeopleDisableUsersCapability::CAPABILITY => array( + 'default' => PhabricatorPolicies::POLICY_ADMIN, + ), PeopleBrowseUserDirectoryCapability::CAPABILITY => array(), ); } diff --git a/src/applications/people/capability/PeopleDisableUsersCapability.php b/src/applications/people/capability/PeopleDisableUsersCapability.php new file mode 100644 index 0000000000..bb58ed2e76 --- /dev/null +++ b/src/applications/people/capability/PeopleDisableUsersCapability.php @@ -0,0 +1,16 @@ +requireApplicationCapability( + PeopleDisableUsersCapability::CAPABILITY); + if ($this->getActingAsPHID() === $object->getPHID()) { $errors[] = $this->newInvalidError( pht('You can not enable or disable your own account.')); @@ -69,4 +73,14 @@ final class PhabricatorUserDisableTransaction return $errors; } + public function getRequiredCapabilities( + $object, + PhabricatorApplicationTransaction $xaction) { + + // You do not need to be able to edit users to disable them. Instead, this + // requirement is replaced with a requirement that you have the "Can + // Disable Users" permission. + + return null; + } }