1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-23 22:10:55 +01:00

Remove the "create rules" Herald capability

Summary:
Ref T603. In thinking about this, I think I went mad with power in creating this capability. I can't imagine any reason to give users access to Herald but not let them create rules.

We can restore this later if some install comes up with a good reason to have it, but in the interest of keeping policies as simple as possible, I think we're better off without it. In particular, if you don't want a group of users creating rules, just lock them out of the application entirely.

The "Manage Global Rules" capability is still around, I think that one's super good.

Test Plan: Edited Herald policies, created a rule.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D7268
This commit is contained in:
epriestley 2013-10-09 13:55:44 -07:00
parent 1ee455c441
commit 650dc0cc30
6 changed files with 1 additions and 35 deletions

View file

@ -625,7 +625,6 @@ phutil_register_library_map(array(
'HeraldAction' => 'applications/herald/storage/HeraldAction.php', 'HeraldAction' => 'applications/herald/storage/HeraldAction.php',
'HeraldAdapter' => 'applications/herald/adapter/HeraldAdapter.php', 'HeraldAdapter' => 'applications/herald/adapter/HeraldAdapter.php',
'HeraldApplyTranscript' => 'applications/herald/storage/transcript/HeraldApplyTranscript.php', 'HeraldApplyTranscript' => 'applications/herald/storage/transcript/HeraldApplyTranscript.php',
'HeraldCapabilityCreateRules' => 'applications/herald/capability/HeraldCapabilityCreateRules.php',
'HeraldCapabilityManageGlobalRules' => 'applications/herald/capability/HeraldCapabilityManageGlobalRules.php', 'HeraldCapabilityManageGlobalRules' => 'applications/herald/capability/HeraldCapabilityManageGlobalRules.php',
'HeraldCommitAdapter' => 'applications/herald/adapter/HeraldCommitAdapter.php', 'HeraldCommitAdapter' => 'applications/herald/adapter/HeraldCommitAdapter.php',
'HeraldCondition' => 'applications/herald/storage/HeraldCondition.php', 'HeraldCondition' => 'applications/herald/storage/HeraldCondition.php',
@ -2727,7 +2726,6 @@ phutil_register_library_map(array(
'HarbormasterScratchTable' => 'HarbormasterDAO', 'HarbormasterScratchTable' => 'HarbormasterDAO',
'HeraldAction' => 'HeraldDAO', 'HeraldAction' => 'HeraldDAO',
'HeraldApplyTranscript' => 'HeraldDAO', 'HeraldApplyTranscript' => 'HeraldDAO',
'HeraldCapabilityCreateRules' => 'PhabricatorPolicyCapability',
'HeraldCapabilityManageGlobalRules' => 'PhabricatorPolicyCapability', 'HeraldCapabilityManageGlobalRules' => 'PhabricatorPolicyCapability',
'HeraldCommitAdapter' => 'HeraldAdapter', 'HeraldCommitAdapter' => 'HeraldAdapter',
'HeraldCondition' => 'HeraldDAO', 'HeraldCondition' => 'HeraldDAO',

View file

@ -51,8 +51,6 @@ final class PhabricatorApplicationHerald extends PhabricatorApplication {
protected function getCustomCapabilities() { protected function getCustomCapabilities() {
return array( return array(
HeraldCapabilityCreateRules::CAPABILITY => array(
),
HeraldCapabilityManageGlobalRules::CAPABILITY => array( HeraldCapabilityManageGlobalRules::CAPABILITY => array(
'caption' => pht('Global rules can bypass access controls.'), 'caption' => pht('Global rules can bypass access controls.'),
'default' => PhabricatorPolicies::POLICY_ADMIN, 'default' => PhabricatorPolicies::POLICY_ADMIN,

View file

@ -1,20 +0,0 @@
<?php
final class HeraldCapabilityCreateRules
extends PhabricatorPolicyCapability {
const CAPABILITY = 'herald.create';
public function getCapabilityKey() {
return self::CAPABILITY;
}
public function getCapabilityName() {
return pht('Can Create Rules');
}
public function describeCapabilityRejection() {
return pht('You do not have permission to create new Herald rules.');
}
}

View file

@ -23,15 +23,11 @@ abstract class HeraldController extends PhabricatorController {
public function buildApplicationCrumbs() { public function buildApplicationCrumbs() {
$crumbs = parent::buildApplicationCrumbs(); $crumbs = parent::buildApplicationCrumbs();
$can_create = $this->hasApplicationCapability(
HeraldCapabilityCreateRules::CAPABILITY);
$crumbs->addAction( $crumbs->addAction(
id(new PHUIListItemView()) id(new PHUIListItemView())
->setName(pht('Create Herald Rule')) ->setName(pht('Create Herald Rule'))
->setHref($this->getApplicationURI('new/')) ->setHref($this->getApplicationURI('new/'))
->setIcon('create') ->setIcon('create'));
->setDisabled(!$can_create));
return $crumbs; return $crumbs;
} }

View file

@ -14,9 +14,6 @@ final class HeraldNewController extends HeraldController {
$request = $this->getRequest(); $request = $this->getRequest();
$user = $request->getUser(); $user = $request->getUser();
$this->requireApplicationCapability(
HeraldCapabilityCreateRules::CAPABILITY);
$content_type_map = HeraldAdapter::getEnabledAdapterMap($user); $content_type_map = HeraldAdapter::getEnabledAdapterMap($user);
if (empty($content_type_map[$this->contentType])) { if (empty($content_type_map[$this->contentType])) {
$this->contentType = head_key($content_type_map); $this->contentType = head_key($content_type_map);

View file

@ -47,9 +47,6 @@ final class HeraldRuleController extends HeraldController {
$rule->setRuleType($rule_type); $rule->setRuleType($rule_type);
$cancel_uri = $this->getApplicationURI(); $cancel_uri = $this->getApplicationURI();
$this->requireApplicationCapability(
HeraldCapabilityCreateRules::CAPABILITY);
} }
if ($rule->getRuleType() == HeraldRuleTypeConfig::RULE_TYPE_GLOBAL) { if ($rule->getRuleType() == HeraldRuleTypeConfig::RULE_TYPE_GLOBAL) {