From 267e718dfe2f0c62b49328f11908f8fe0e174717 Mon Sep 17 00:00:00 2001 From: Chad Little Date: Mon, 19 Oct 2015 12:12:52 -0700 Subject: [PATCH] Don't allow logged out users to initialize a Workboard Summary: Right now logged out users can enable a workboard on a project. Test Plan: Log out, view a public project, click on Workboard, get not set up dialog. Click Cancel, return to project details. Reviewers: epriestley Reviewed By: epriestley Subscribers: Korvin Differential Revision: https://secure.phabricator.com/D14304 --- .../PhabricatorProjectBoardViewController.php | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/src/applications/project/controller/PhabricatorProjectBoardViewController.php b/src/applications/project/controller/PhabricatorProjectBoardViewController.php index ffe3ea2e73..332736998e 100644 --- a/src/applications/project/controller/PhabricatorProjectBoardViewController.php +++ b/src/applications/project/controller/PhabricatorProjectBoardViewController.php @@ -67,6 +67,9 @@ final class PhabricatorProjectBoardViewController // TODO: Expand the checks here if we add the ability // to hide the Backlog column if (!$columns) { + if (!$viewer->isLoggedIn()) { + return $this->noAccessDialog($project); + } switch ($request->getStr('initialize-type')) { case 'backlog-only': $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites(); @@ -713,6 +716,20 @@ final class PhabricatorProjectBoardViewController ->setDialog($dialog); } + private function noAccessDialog(PhabricatorProject $project) { + + $instructions = pht('This workboard has not been setup yet.'); + + $dialog = id(new AphrontDialogView()) + ->setUser($this->getRequest()->getUser()) + ->setTitle(pht('No Workboard')) + ->addCancelButton($this->getApplicationURI('view/'.$project->getID().'/')) + ->appendParagraph($instructions); + + return id(new AphrontDialogResponse()) + ->setDialog($dialog); + } + /** * Add current state parameters (like order and the visibility of hidden