mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-26 00:32:42 +01:00
People - refine permissions on creating new users
Summary: Fixes T7142. Make old permission mean "make (non-bot) users" and then nuance the UI for those administrators who can make bot accounts. Test Plan: loaded up admin a with full powers and admin b with restricted powers. noted admin a could make a full user. noted admin b could not make a full user. noted admin b got an error even via clever uri hacking. Reviewers: epriestley Reviewed By: epriestley Subscribers: Korvin, epriestley Maniphest Tasks: T7142 Differential Revision: https://secure.phabricator.com/D11702
This commit is contained in:
parent
57f1ab705e
commit
345966cb41
4 changed files with 28 additions and 10 deletions
|
@ -164,12 +164,23 @@ final class PhabricatorPeopleApplication extends PhabricatorApplication {
|
|||
public function getQuickCreateItems(PhabricatorUser $viewer) {
|
||||
$items = array();
|
||||
|
||||
if ($viewer->getIsAdmin()) {
|
||||
$can_create = PhabricatorPolicyFilter::hasCapability(
|
||||
$viewer,
|
||||
$this,
|
||||
PeopleCreateUsersCapability::CAPABILITY);
|
||||
|
||||
if ($can_create) {
|
||||
$item = id(new PHUIListItemView())
|
||||
->setName(pht('User Account'))
|
||||
->setIcon('fa-users')
|
||||
->setHref($this->getBaseURI().'create/');
|
||||
$items[] = $item;
|
||||
} else if ($viewer->getIsAdmin()) {
|
||||
$item = id(new PHUIListItemView())
|
||||
->setName(pht('Bot Account'))
|
||||
->setIcon('fa-android')
|
||||
->setHref($this->getBaseURI().'new/bot/');
|
||||
$items[] = $item;
|
||||
}
|
||||
|
||||
return $items;
|
||||
|
|
|
@ -6,7 +6,7 @@ final class PeopleCreateUsersCapability
|
|||
const CAPABILITY = 'people.create.users';
|
||||
|
||||
public function getCapabilityName() {
|
||||
return pht('Can Create Users');
|
||||
return pht('Can Create (non-bot) Users');
|
||||
}
|
||||
|
||||
public function describeCapabilityRejection() {
|
||||
|
|
|
@ -35,12 +35,19 @@ final class PhabricatorPeopleListController
|
|||
|
||||
$can_create = $this->hasApplicationCapability(
|
||||
PeopleCreateUsersCapability::CAPABILITY);
|
||||
if ($can_create) {
|
||||
$crumbs->addAction(
|
||||
id(new PHUIListItemView())
|
||||
->setName(pht('Create New User'))
|
||||
->setHref($this->getApplicationURI('create/'))
|
||||
->setDisabled(!$can_create)
|
||||
->setIcon('fa-plus-square'));
|
||||
} else if ($viewer->getIsAdmin()) {
|
||||
$crumbs->addAction(
|
||||
id(new PHUIListItemView())
|
||||
->setName(pht('Create New Bot'))
|
||||
->setHref($this->getApplicationURI('new/bot/'))
|
||||
->setIcon('fa-plus-square'));
|
||||
}
|
||||
|
||||
return $crumbs;
|
||||
}
|
||||
|
|
|
@ -4,13 +4,13 @@ final class PhabricatorPeopleNewController
|
|||
extends PhabricatorPeopleController {
|
||||
|
||||
public function handleRequest(AphrontRequest $request) {
|
||||
$this->requireApplicationCapability(
|
||||
PeopleCreateUsersCapability::CAPABILITY);
|
||||
$type = $request->getURIData('type');
|
||||
$admin = $request->getUser();
|
||||
|
||||
switch ($type) {
|
||||
case 'standard':
|
||||
$this->requireApplicationCapability(
|
||||
PeopleCreateUsersCapability::CAPABILITY);
|
||||
$is_bot = false;
|
||||
break;
|
||||
case 'bot':
|
||||
|
|
Loading…
Reference in a new issue