From 1c59b65421362da9e7c31f8a3f2177383efece27 Mon Sep 17 00:00:00 2001
From: Andre Klapper <a9016009@gmx.de>
Date: Mon, 19 Jun 2023 12:08:19 +0200
Subject: [PATCH] Dashboards: add capability who can create Dashboards

Summary:
Add a `dashboard.create` capability to allow limiting dashboard creation (and creation of related panels).
This can reduce spam in open Phorge installations in which anyone can create an account while you still want anyone to be able to view existing dashboards.

Closes T15438

Test Plan:
1. As an admin, go to `/applications/view/PhabricatorDashboardApplication/`
2. See only two options "Can Use Application: All Users" and "Can Configure Application: Administrators"
3. Apply patch
4. As an admin, go to `/applications/view/PhabricatorDashboardApplication/` and see the new option "Can Create Dashboards" set to "All Users"
5. As an average user, go to `/dashboard/` and successfully create a new Dashboard
6. As an admin, go to `/applications/edit/PhabricatorDashboardApplication/` and change "Can Create Dashboards" from "All Users" to "Administrators", select "Save Policies" button
7. As an average user, go to `/dashboard/` and see that "Create Dashboard" is disabled
8. As an average user, go to an existing dashboard not created by this user and see that selecting "Edit Dashboard" shows "You do not have permission to edit this object."
9. As an average user, go to the existing dashboard that you created yourself and see that the Edit Policy is set to this user.
10. As an average user, go to the existing dashboard that you created yourself and see that you can still create or add panels.

Reviewers: O1 Blessed Committers, valerio.bozzolan

Reviewed By: O1 Blessed Committers, valerio.bozzolan

Subscribers: speck, tobiaswiese, valerio.bozzolan, Matthew, Cigaryno

Maniphest Tasks: T15438

Differential Revision: https://we.phorge.it/D25270
---
 src/__phutil_library_map__.php                   |  2 ++
 .../PhabricatorDashboardCreateCapability.php     | 16 ++++++++++++++++
 .../PhabricatorDashboardApplication.php          |  8 ++++++++
 .../editor/PhabricatorDashboardEditEngine.php    |  5 +++++
 4 files changed, 31 insertions(+)
 create mode 100644 src/applications/countdown/capability/PhabricatorDashboardCreateCapability.php

diff --git a/src/__phutil_library_map__.php b/src/__phutil_library_map__.php
index 17560e11d1..09b8b86da4 100644
--- a/src/__phutil_library_map__.php
+++ b/src/__phutil_library_map__.php
@@ -3081,6 +3081,7 @@ phutil_register_library_map(array(
     'PhabricatorDashboardColumn' => 'applications/dashboard/layoutconfig/PhabricatorDashboardColumn.php',
     'PhabricatorDashboardConsoleController' => 'applications/dashboard/controller/PhabricatorDashboardConsoleController.php',
     'PhabricatorDashboardController' => 'applications/dashboard/controller/PhabricatorDashboardController.php',
+    'PhabricatorDashboardCreateCapability' => 'applications/countdown/capability/PhabricatorDashboardCreateCapability.php',
     'PhabricatorDashboardDAO' => 'applications/dashboard/storage/PhabricatorDashboardDAO.php',
     'PhabricatorDashboardDashboardPHIDType' => 'applications/dashboard/phid/PhabricatorDashboardDashboardPHIDType.php',
     'PhabricatorDashboardDatasource' => 'applications/dashboard/typeahead/PhabricatorDashboardDatasource.php',
@@ -9496,6 +9497,7 @@ phutil_register_library_map(array(
     'PhabricatorDashboardColumn' => 'Phobject',
     'PhabricatorDashboardConsoleController' => 'PhabricatorDashboardController',
     'PhabricatorDashboardController' => 'PhabricatorController',
+    'PhabricatorDashboardCreateCapability' => 'PhabricatorPolicyCapability',
     'PhabricatorDashboardDAO' => 'PhabricatorLiskDAO',
     'PhabricatorDashboardDashboardPHIDType' => 'PhabricatorPHIDType',
     'PhabricatorDashboardDatasource' => 'PhabricatorTypeaheadDatasource',
diff --git a/src/applications/countdown/capability/PhabricatorDashboardCreateCapability.php b/src/applications/countdown/capability/PhabricatorDashboardCreateCapability.php
new file mode 100644
index 0000000000..c610df069e
--- /dev/null
+++ b/src/applications/countdown/capability/PhabricatorDashboardCreateCapability.php
@@ -0,0 +1,16 @@
+<?php
+
+final class PhabricatorDashboardCreateCapability
+  extends PhabricatorPolicyCapability {
+
+  const CAPABILITY = 'dashboard.create';
+
+  public function getCapabilityName() {
+    return pht('Can Create Dashboards');
+  }
+
+  public function describeCapabilityRejection() {
+    return pht('You do not have permission to create a dashboard.');
+  }
+
+}
diff --git a/src/applications/dashboard/application/PhabricatorDashboardApplication.php b/src/applications/dashboard/application/PhabricatorDashboardApplication.php
index 9a09283fe3..3cdb932514 100644
--- a/src/applications/dashboard/application/PhabricatorDashboardApplication.php
+++ b/src/applications/dashboard/application/PhabricatorDashboardApplication.php
@@ -83,4 +83,12 @@ final class PhabricatorDashboardApplication extends PhabricatorApplication {
     );
   }
 
+  protected function getCustomCapabilities() {
+    return array(
+      PhabricatorDashboardCreateCapability::CAPABILITY => array(
+        'default' => PhabricatorPolicies::POLICY_USER,
+        'caption' => pht('Default create policy for Dashboards.'),
+      ),
+    );
+  }
 }
diff --git a/src/applications/dashboard/editor/PhabricatorDashboardEditEngine.php b/src/applications/dashboard/editor/PhabricatorDashboardEditEngine.php
index 06b0a3a6fb..84b36fe546 100644
--- a/src/applications/dashboard/editor/PhabricatorDashboardEditEngine.php
+++ b/src/applications/dashboard/editor/PhabricatorDashboardEditEngine.php
@@ -66,6 +66,11 @@ final class PhabricatorDashboardEditEngine
     return $object->getURI();
   }
 
+  protected function getCreateNewObjectPolicy() {
+    return $this->getApplication()->getPolicy(
+      PhabricatorDashboardCreateCapability::CAPABILITY);
+  }
+
   protected function buildCustomEditFields($object) {
     $layout_options = PhabricatorDashboardLayoutMode::getLayoutModeMap();