1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-10 00:42:41 +01:00

People - refine permissions on creating new users

Summary: Fixes T7142. Make old permission mean "make (non-bot) users" and then nuance the UI for those administrators who can make bot accounts.

Test Plan: loaded up admin a with full powers and admin b with restricted powers. noted admin a could make a full user. noted admin b could not make a full user. noted admin b got an error even via clever uri hacking.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7142

Differential Revision: https://secure.phabricator.com/D11702
This commit is contained in:
Bob Trahan 2015-02-05 16:47:09 -08:00
parent 57f1ab705e
commit 345966cb41
4 changed files with 28 additions and 10 deletions

View file

@ -164,12 +164,23 @@ final class PhabricatorPeopleApplication extends PhabricatorApplication {
public function getQuickCreateItems(PhabricatorUser $viewer) {
$items = array();
if ($viewer->getIsAdmin()) {
$can_create = PhabricatorPolicyFilter::hasCapability(
$viewer,
$this,
PeopleCreateUsersCapability::CAPABILITY);
if ($can_create) {
$item = id(new PHUIListItemView())
->setName(pht('User Account'))
->setIcon('fa-users')
->setHref($this->getBaseURI().'create/');
$items[] = $item;
} else if ($viewer->getIsAdmin()) {
$item = id(new PHUIListItemView())
->setName(pht('Bot Account'))
->setIcon('fa-android')
->setHref($this->getBaseURI().'new/bot/');
$items[] = $item;
}
return $items;

View file

@ -6,7 +6,7 @@ final class PeopleCreateUsersCapability
const CAPABILITY = 'people.create.users';
public function getCapabilityName() {
return pht('Can Create Users');
return pht('Can Create (non-bot) Users');
}
public function describeCapabilityRejection() {

View file

@ -35,12 +35,19 @@ final class PhabricatorPeopleListController
$can_create = $this->hasApplicationCapability(
PeopleCreateUsersCapability::CAPABILITY);
$crumbs->addAction(
id(new PHUIListItemView())
->setName(pht('Create New User'))
->setHref($this->getApplicationURI('create/'))
->setDisabled(!$can_create)
->setIcon('fa-plus-square'));
if ($can_create) {
$crumbs->addAction(
id(new PHUIListItemView())
->setName(pht('Create New User'))
->setHref($this->getApplicationURI('create/'))
->setIcon('fa-plus-square'));
} else if ($viewer->getIsAdmin()) {
$crumbs->addAction(
id(new PHUIListItemView())
->setName(pht('Create New Bot'))
->setHref($this->getApplicationURI('new/bot/'))
->setIcon('fa-plus-square'));
}
return $crumbs;
}

View file

@ -4,13 +4,13 @@ final class PhabricatorPeopleNewController
extends PhabricatorPeopleController {
public function handleRequest(AphrontRequest $request) {
$this->requireApplicationCapability(
PeopleCreateUsersCapability::CAPABILITY);
$type = $request->getURIData('type');
$admin = $request->getUser();
switch ($type) {
case 'standard':
$this->requireApplicationCapability(
PeopleCreateUsersCapability::CAPABILITY);
$is_bot = false;
break;
case 'bot':