Add a granular capability for user directory browsing

Summary: Fixes T4358. User request from IRC, but I think this is generally reasonable. Although we can not prevent users from determining that other user accounts exist in the general case, it does seem reasonable to restrict browsing the user directory to a subset of users. In our case, I'll probably do this on `secure.phabricator.com`, since it seems a little odd to let Google index the user directory, for example. Test Plan: Set the policy to "no one" and tried to browse users. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T4358 Differential Revision: https://secure.phabricator.com/D8112
2024-11-20 13:52:40 +01:00 · 2014-01-30 11:53:49 -08:00 · 2014-01-30 11:53:49 -08:00 · 5fd1e88a7a
commit 5fd1e88a7a
parent 99ab11e97c
4 changed files with 40 additions and 0 deletions
--- a/src/__phutil_library_map__.php
+++ b/src/__phutil_library_map__.php
@ -1050,6 +1050,7 @@ phutil_register_library_map(array(
    'PasteEmbedView' => 'applications/paste/view/PasteEmbedView.php',
    'PasteMockMailReceiver' => 'applications/paste/mail/PasteMockMailReceiver.php',
    'PasteReplyHandler' => 'applications/paste/mail/PasteReplyHandler.php',
+    'PeopleCapabilityBrowseUserDirectory' => 'applications/people/capability/PeopleCapabilityBrowseUserDirectory.php',
    'Phabricator404Controller' => 'applications/base/controller/Phabricator404Controller.php',
    'PhabricatorAWSConfigOptions' => 'applications/config/option/PhabricatorAWSConfigOptions.php',
    'PhabricatorAccessControlTestCase' => 'applications/base/controller/__tests__/PhabricatorAccessControlTestCase.php',
@ -3654,6 +3655,7 @@ phutil_register_library_map(array(
    'PasteEmbedView' => 'AphrontView',
    'PasteMockMailReceiver' => 'PhabricatorObjectMailReceiver',
    'PasteReplyHandler' => 'PhabricatorMailReplyHandler',
+    'PeopleCapabilityBrowseUserDirectory' => 'PhabricatorPolicyCapability',
    'Phabricator404Controller' => 'PhabricatorController',
    'PhabricatorAWSConfigOptions' => 'PhabricatorApplicationConfigOptions',
    'PhabricatorAccessControlTestCase' => 'PhabricatorTestCase',
--- a/src/applications/people/application/PhabricatorApplicationPeople.php
+++ b/src/applications/people/application/PhabricatorApplicationPeople.php
@ -62,6 +62,14 @@ final class PhabricatorApplicationPeople extends PhabricatorApplication {
    );
  }

+
+  protected function getCustomCapabilities() {
+    return array(
+      PeopleCapabilityBrowseUserDirectory::CAPABILITY => array(
+      ),
+    );
+  }
+
  public function loadStatus(PhabricatorUser $user) {
    if (!$user->getIsAdmin()) {
      return array();
--- a/src/applications/people/capability/PeopleCapabilityBrowseUserDirectory.php
+++ b/src/applications/people/capability/PeopleCapabilityBrowseUserDirectory.php
@ -0,0 +1,25 @@
+<?php
+
+final class PeopleCapabilityBrowseUserDirectory
+  extends PhabricatorPolicyCapability {
+
+  const CAPABILITY = 'people.browse';
+
+  public function getCapabilityKey() {
+    return self::CAPABILITY;
+  }
+
+  public function getCapabilityName() {
+    return pht('Can Browse User Directory');
+  }
+
+  public function shouldAllowPublicPolicySetting() {
+    return true;
+  }
+
+  public function describeCapabilityRejection() {
+    return pht(
+      'You do not have permission to browse the user directory.');
+  }
+
+}
--- a/src/applications/people/controller/PhabricatorPeopleListController.php
+++ b/src/applications/people/controller/PhabricatorPeopleListController.php
@ -19,6 +19,11 @@ final class PhabricatorPeopleListController extends PhabricatorPeopleController

  public function processRequest() {
    $request = $this->getRequest();
+    $viewer = $request->getUser();
+
+    $this->requireApplicationCapability(
+      PeopleCapabilityBrowseUserDirectory::CAPABILITY);
+
    $controller = id(new PhabricatorApplicationSearchController($request))
      ->setQueryKey($this->key)
      ->setSearchEngine(new PhabricatorPeopleSearchEngine())