Show an "approval queue" item on the home page for admins, and sort out menu item visibility

Summary:
  - If you're an administrator and there are users waiting for approval, show a count on the home page.
  - Sort out the `isUserActivated()` access check.
  - Hide all the menu widgets except "Logout" for disabled and unapproved users.
  - Add a "Log In" item.
  - Add a bunch of unit tests.

Test Plan: Ran unit tests, clicked around as unapproved/approved/logged-in/logged-out users.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran, chad

Differential Revision: https://secure.phabricator.com/D7574

src/applications/auth/application/PhabricatorApplicationAuth.php

@@ -41,6 +41,20 @@ final class PhabricatorApplicationAuth extends PhabricatorApplication {
         ->setHref('/logout/')
         ->setSelected(($controller instanceof PhabricatorLogoutController));
       $items[] = $item;
+    } else {
+      if ($controller instanceof PhabricatorAuthController) {
+        // Don't show the "Login" item on auth controllers, since they're
+        // generally all related to logging in anyway.
+      } else {
+        $item = id(new PHUIListItemView())
+          ->addClass('core-menu-item')
+          ->setName(pht('Log In'))
+          // TODO: Login icon?
+          ->setIcon('power')
+          ->setWorkflow(true)
+          ->setHref('/auth/login/');
+        $items[] = $item;
+      }
     }
 
     return $items;

src/applications/base/controller/PhabricatorController.php

@@ -74,10 +74,15 @@ abstract class PhabricatorController extends AphrontController {
       }
     }
 
-    if ($user->getIsDisabled() && $this->shouldRequireEnabledUser()) {
+    if ($this->shouldRequireEnabledUser()) {
-      $disabled_user_controller = new PhabricatorDisabledUserController(
+      if ($user->isLoggedIn() && !$user->getIsApproved()) {
-        $request);
+        $controller = new PhabricatorAuthNeedsApprovalController($request);
-      return $this->delegateToController($disabled_user_controller);
+        return $this->delegateToController($controller);
+      }
+      if ($user->getIsDisabled()) {
+        $controller = new PhabricatorDisabledUserController($request);
+        return $this->delegateToController($controller);
+      }
     }
 
     $event = new PhabricatorEvent(
@@ -120,11 +125,6 @@ abstract class PhabricatorController extends AphrontController {
             return $this->delegateToController($controller);
           }
         }
-        if (!$user->getIsApproved()) {
-          $controller = new PhabricatorAuthNeedsApprovalController($request);
-          $this->setCurrentApplication($auth_application);
-          return $this->delegateToController($controller);
-        }
       }
 
       // If the user doesn't have access to the application, don't let them use

src/applications/base/controller/__tests__/PhabricatorAccessControlTestCase.php

@@ -47,6 +47,11 @@ final class PhabricatorAccessControlTestCase
       ->setUsername('admin')
       ->save();
 
+    $u_notapproved = $this->generateNewTestUser()
+      ->setIsApproved(0)
+      ->setUsername('notapproved')
+      ->save();
+
     $env = PhabricatorEnv::beginScopedEnv();
     $env->overrideEnvConfig('phabricator.base-uri', 'http://'.$host);
     $env->overrideEnvConfig('policy.allow-public', false);
@@ -68,6 +73,7 @@ final class PhabricatorAccessControlTestCase
       array(
         $u_public,
         $u_disabled,
+        $u_notapproved,
       ));
 
 
@@ -86,6 +92,7 @@ final class PhabricatorAccessControlTestCase
         $u_unverified,
         $u_public,
         $u_disabled,
+        $u_notapproved,
       ));
 
     $this->checkAccess(
@@ -100,6 +107,7 @@ final class PhabricatorAccessControlTestCase
       array(
         $u_public,
         $u_disabled,
+        $u_notapproved,
       ));
     $env->overrideEnvConfig('auth.require-email-verification', false);
 
@@ -118,6 +126,7 @@ final class PhabricatorAccessControlTestCase
         $u_unverified,
         $u_public,
         $u_disabled,
+        $u_notapproved,
       ));
 
 
@@ -132,6 +141,7 @@ final class PhabricatorAccessControlTestCase
         $u_unverified,
         $u_admin,
         $u_disabled,
+        $u_notapproved,
       ),
       array(
         $u_public,
@@ -152,6 +162,7 @@ final class PhabricatorAccessControlTestCase
       ),
       array(
         $u_disabled,
+        $u_notapproved,
       ));
 
 
@@ -184,6 +195,7 @@ final class PhabricatorAccessControlTestCase
       ),
       array(
         $u_disabled,
+        $u_notapproved,
       ));
     $env->overrideEnvConfig('policy.allow-public', false);
 
@@ -208,6 +220,7 @@ final class PhabricatorAccessControlTestCase
         $u_admin,
         $u_public,
         $u_disabled,
+        $u_notapproved,
       ));
 
     $this->checkAccess(
@@ -222,6 +235,7 @@ final class PhabricatorAccessControlTestCase
       ),
       array(
         $u_disabled,
+        $u_notapproved,
       ));
   }
 

src/applications/people/application/PhabricatorApplicationPeople.php

@@ -62,13 +62,39 @@ final class PhabricatorApplicationPeople extends PhabricatorApplication {
     );
   }
 
+  public function loadStatus(PhabricatorUser $user) {
+    if (!$user->getIsAdmin()) {
+      return array();
+    }
+
+    $need_approval = id(new PhabricatorPeopleQuery())
+      ->setViewer($user)
+      ->withIsApproved(false)
+      ->execute();
+
+    if (!$need_approval) {
+      return array();
+    }
+
+    $status = array();
+
+    $count = count($need_approval);
+    $type = PhabricatorApplicationStatusView::TYPE_NEEDS_ATTENTION;
+    $status[] = id(new PhabricatorApplicationStatusView())
+      ->setType($type)
+      ->setText(pht('%d User(s) Need Approval', $count))
+      ->setCount($count);
+
+    return $status;
+  }
+
   public function buildMainMenuItems(
     PhabricatorUser $user,
     PhabricatorController $controller = null) {
 
     $items = array();
 
-    if ($user->isLoggedIn()) {
+    if ($user->isLoggedIn() && $user->isUserActivated()) {
       $image = $user->loadProfileImageURI();
 
       $item = new PHUIListItemView();

src/applications/settings/application/PhabricatorApplicationSettings.php

@@ -37,7 +37,7 @@ final class PhabricatorApplicationSettings extends PhabricatorApplication {
 
     $items = array();
 
-    if ($user->isLoggedIn()) {
+    if ($user->isLoggedIn() && $user->isUserActivated()) {
       $selected = ($controller instanceof PhabricatorSettingsMainController);
       $item = new PHUIListItemView();
       $item->setName(pht('Settings'));

src/infrastructure/internationalization/PhabricatorBaseEnglishTranslation.php

@@ -810,6 +810,11 @@ abstract class PhabricatorBaseEnglishTranslation
         ),
       ),
 
+      '%d User(s) Need Approval' => array(
+        '%d User Needs Approval',
+        '%d Users Need Approval',
+      ),
+
     );
   }
 

src/view/page/menu/PhabricatorMainMenuView.php

@@ -44,7 +44,7 @@ final class PhabricatorMainMenuView extends AphrontView {
     $search_button = '';
     $app_button = '';
 
-    if ($user->isLoggedIn()) {
+    if ($user->isLoggedIn() && $user->isUserActivated()) {
       list($menu, $dropdowns) = $this->renderNotificationMenu();
       $alerts[] = $menu;
       $menus = array_merge($menus, $dropdowns);
@@ -91,8 +91,11 @@ final class PhabricatorMainMenuView extends AphrontView {
       'helpURI' => '/help/keyboardshortcut/',
     );
 
-    $show_search = ($user->isLoggedIn()) ||
+    if ($user->isLoggedIn()) {
-                   (PhabricatorEnv::getEnvConfig('policy.allow-public'));
+      $show_search = $user->isUserActivated();
+    } else {
+      $show_search = PhabricatorEnv::getEnvConfig('policy.allow-public');
+    }
 
     if ($show_search) {
       $search = new PhabricatorMainMenuSearchView();