Followup from D11358#106424 and make policy.locked fully work

Summary: Fast commit. Also forgot to make the config override the existing policy. I *think* this is the right spot and we're good? Ref T6947. Test Plan: viewed the application settings page for people application and saw the correct overrode setting. Reviewers: epriestley Reviewed By: epriestley Subscribers: Korvin, epriestley Maniphest Tasks: T6947 Differential Revision: https://secure.phabricator.com/D11373
2024-11-26 08:42:41 +01:00 · 2015-01-13 12:03:11 -08:00 · 2015-01-13 12:03:11 -08:00 · 32edb7e2bb
commit 32edb7e2bb
parent 463d094f96
3 changed files with 8 additions and 3 deletions
--- a/src/applications/base/PhabricatorApplication.php
+++ b/src/applications/base/PhabricatorApplication.php
@ -454,6 +454,11 @@ abstract class PhabricatorApplication implements PhabricatorPolicyInterface {
      return null;
    }

+    $policy_locked = PhabricatorEnv::getEnvConfig('policy.locked');
+    if (isset($policy_locked[$capability])) {
+      return $policy_locked[$capability];
+    }
+
    return idx($policy, $capability);
  }

--- a/src/applications/meta/controller/PhabricatorApplicationEditController.php
+++ b/src/applications/meta/controller/PhabricatorApplicationEditController.php
@ -115,11 +115,10 @@ final class PhabricatorApplicationEditController
      ->setUser($user);

    $locked_policies = PhabricatorEnv::getEnvConfig('policy.locked');
-    $locked_map = array_fill_keys($locked_policies, true);
    foreach ($application->getCapabilities() as $capability) {
      $label = $application->getCapabilityLabel($capability);
      $can_edit = $application->isCapabilityEditable($capability);
-      $locked = idx($locked_map, $capability);
+      $locked = idx($locked_policies, $capability);
      $caption = $application->getCapabilityCaption($capability);

      if (!$can_edit || $locked) {
@ -132,7 +131,7 @@ final class PhabricatorApplicationEditController
        $form->appendChild(
          id(new AphrontFormPolicyControl())
          ->setUser($user)
-          ->setDisabled(idx($locked_map, $capability))
+          ->setDisabled($locked)
          ->setCapability($capability)
          ->setPolicyObject($application)
          ->setPolicies($policies)
--- a/src/applications/policy/config/PhabricatorPolicyConfigOptions.php
+++ b/src/applications/policy/config/PhabricatorPolicyConfigOptions.php
@ -46,6 +46,7 @@ final class PhabricatorPolicyConfigOptions
            "available, and the most open policy is 'All Users' (which means ".
            "users must have accounts and be logged in to view things).")),
      $this->newOption('policy.locked', $policy_locked_type, array())
+        ->setLocked(true)
        ->setSummary(pht(
          'Lock specific application policies so they can not be edited.'))
        ->setDescription(pht(