mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-23 22:10:55 +01:00
Remove the "create rules" Herald capability
Summary: Ref T603. In thinking about this, I think I went mad with power in creating this capability. I can't imagine any reason to give users access to Herald but not let them create rules. We can restore this later if some install comes up with a good reason to have it, but in the interest of keeping policies as simple as possible, I think we're better off without it. In particular, if you don't want a group of users creating rules, just lock them out of the application entirely. The "Manage Global Rules" capability is still around, I think that one's super good. Test Plan: Edited Herald policies, created a rule. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T603 Differential Revision: https://secure.phabricator.com/D7268
This commit is contained in:
parent
1ee455c441
commit
650dc0cc30
6 changed files with 1 additions and 35 deletions
|
@ -625,7 +625,6 @@ phutil_register_library_map(array(
|
||||||
'HeraldAction' => 'applications/herald/storage/HeraldAction.php',
|
'HeraldAction' => 'applications/herald/storage/HeraldAction.php',
|
||||||
'HeraldAdapter' => 'applications/herald/adapter/HeraldAdapter.php',
|
'HeraldAdapter' => 'applications/herald/adapter/HeraldAdapter.php',
|
||||||
'HeraldApplyTranscript' => 'applications/herald/storage/transcript/HeraldApplyTranscript.php',
|
'HeraldApplyTranscript' => 'applications/herald/storage/transcript/HeraldApplyTranscript.php',
|
||||||
'HeraldCapabilityCreateRules' => 'applications/herald/capability/HeraldCapabilityCreateRules.php',
|
|
||||||
'HeraldCapabilityManageGlobalRules' => 'applications/herald/capability/HeraldCapabilityManageGlobalRules.php',
|
'HeraldCapabilityManageGlobalRules' => 'applications/herald/capability/HeraldCapabilityManageGlobalRules.php',
|
||||||
'HeraldCommitAdapter' => 'applications/herald/adapter/HeraldCommitAdapter.php',
|
'HeraldCommitAdapter' => 'applications/herald/adapter/HeraldCommitAdapter.php',
|
||||||
'HeraldCondition' => 'applications/herald/storage/HeraldCondition.php',
|
'HeraldCondition' => 'applications/herald/storage/HeraldCondition.php',
|
||||||
|
@ -2727,7 +2726,6 @@ phutil_register_library_map(array(
|
||||||
'HarbormasterScratchTable' => 'HarbormasterDAO',
|
'HarbormasterScratchTable' => 'HarbormasterDAO',
|
||||||
'HeraldAction' => 'HeraldDAO',
|
'HeraldAction' => 'HeraldDAO',
|
||||||
'HeraldApplyTranscript' => 'HeraldDAO',
|
'HeraldApplyTranscript' => 'HeraldDAO',
|
||||||
'HeraldCapabilityCreateRules' => 'PhabricatorPolicyCapability',
|
|
||||||
'HeraldCapabilityManageGlobalRules' => 'PhabricatorPolicyCapability',
|
'HeraldCapabilityManageGlobalRules' => 'PhabricatorPolicyCapability',
|
||||||
'HeraldCommitAdapter' => 'HeraldAdapter',
|
'HeraldCommitAdapter' => 'HeraldAdapter',
|
||||||
'HeraldCondition' => 'HeraldDAO',
|
'HeraldCondition' => 'HeraldDAO',
|
||||||
|
|
|
@ -51,8 +51,6 @@ final class PhabricatorApplicationHerald extends PhabricatorApplication {
|
||||||
|
|
||||||
protected function getCustomCapabilities() {
|
protected function getCustomCapabilities() {
|
||||||
return array(
|
return array(
|
||||||
HeraldCapabilityCreateRules::CAPABILITY => array(
|
|
||||||
),
|
|
||||||
HeraldCapabilityManageGlobalRules::CAPABILITY => array(
|
HeraldCapabilityManageGlobalRules::CAPABILITY => array(
|
||||||
'caption' => pht('Global rules can bypass access controls.'),
|
'caption' => pht('Global rules can bypass access controls.'),
|
||||||
'default' => PhabricatorPolicies::POLICY_ADMIN,
|
'default' => PhabricatorPolicies::POLICY_ADMIN,
|
||||||
|
|
|
@ -1,20 +0,0 @@
|
||||||
<?php
|
|
||||||
|
|
||||||
final class HeraldCapabilityCreateRules
|
|
||||||
extends PhabricatorPolicyCapability {
|
|
||||||
|
|
||||||
const CAPABILITY = 'herald.create';
|
|
||||||
|
|
||||||
public function getCapabilityKey() {
|
|
||||||
return self::CAPABILITY;
|
|
||||||
}
|
|
||||||
|
|
||||||
public function getCapabilityName() {
|
|
||||||
return pht('Can Create Rules');
|
|
||||||
}
|
|
||||||
|
|
||||||
public function describeCapabilityRejection() {
|
|
||||||
return pht('You do not have permission to create new Herald rules.');
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
|
@ -23,15 +23,11 @@ abstract class HeraldController extends PhabricatorController {
|
||||||
public function buildApplicationCrumbs() {
|
public function buildApplicationCrumbs() {
|
||||||
$crumbs = parent::buildApplicationCrumbs();
|
$crumbs = parent::buildApplicationCrumbs();
|
||||||
|
|
||||||
$can_create = $this->hasApplicationCapability(
|
|
||||||
HeraldCapabilityCreateRules::CAPABILITY);
|
|
||||||
|
|
||||||
$crumbs->addAction(
|
$crumbs->addAction(
|
||||||
id(new PHUIListItemView())
|
id(new PHUIListItemView())
|
||||||
->setName(pht('Create Herald Rule'))
|
->setName(pht('Create Herald Rule'))
|
||||||
->setHref($this->getApplicationURI('new/'))
|
->setHref($this->getApplicationURI('new/'))
|
||||||
->setIcon('create')
|
->setIcon('create'));
|
||||||
->setDisabled(!$can_create));
|
|
||||||
|
|
||||||
return $crumbs;
|
return $crumbs;
|
||||||
}
|
}
|
||||||
|
|
|
@ -14,9 +14,6 @@ final class HeraldNewController extends HeraldController {
|
||||||
$request = $this->getRequest();
|
$request = $this->getRequest();
|
||||||
$user = $request->getUser();
|
$user = $request->getUser();
|
||||||
|
|
||||||
$this->requireApplicationCapability(
|
|
||||||
HeraldCapabilityCreateRules::CAPABILITY);
|
|
||||||
|
|
||||||
$content_type_map = HeraldAdapter::getEnabledAdapterMap($user);
|
$content_type_map = HeraldAdapter::getEnabledAdapterMap($user);
|
||||||
if (empty($content_type_map[$this->contentType])) {
|
if (empty($content_type_map[$this->contentType])) {
|
||||||
$this->contentType = head_key($content_type_map);
|
$this->contentType = head_key($content_type_map);
|
||||||
|
|
|
@ -47,9 +47,6 @@ final class HeraldRuleController extends HeraldController {
|
||||||
$rule->setRuleType($rule_type);
|
$rule->setRuleType($rule_type);
|
||||||
|
|
||||||
$cancel_uri = $this->getApplicationURI();
|
$cancel_uri = $this->getApplicationURI();
|
||||||
|
|
||||||
$this->requireApplicationCapability(
|
|
||||||
HeraldCapabilityCreateRules::CAPABILITY);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($rule->getRuleType() == HeraldRuleTypeConfig::RULE_TYPE_GLOBAL) {
|
if ($rule->getRuleType() == HeraldRuleTypeConfig::RULE_TYPE_GLOBAL) {
|
||||||
|
|
Loading…
Reference in a new issue