mirror of
https://we.phorge.it/source/phorge.git
synced 2025-01-11 07:11:04 +01:00
Remove the "create rules" Herald capability
Summary: Ref T603. In thinking about this, I think I went mad with power in creating this capability. I can't imagine any reason to give users access to Herald but not let them create rules. We can restore this later if some install comes up with a good reason to have it, but in the interest of keeping policies as simple as possible, I think we're better off without it. In particular, if you don't want a group of users creating rules, just lock them out of the application entirely. The "Manage Global Rules" capability is still around, I think that one's super good. Test Plan: Edited Herald policies, created a rule. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T603 Differential Revision: https://secure.phabricator.com/D7268
This commit is contained in:
parent
1ee455c441
commit
650dc0cc30
6 changed files with 1 additions and 35 deletions
|
@ -625,7 +625,6 @@ phutil_register_library_map(array(
|
|||
'HeraldAction' => 'applications/herald/storage/HeraldAction.php',
|
||||
'HeraldAdapter' => 'applications/herald/adapter/HeraldAdapter.php',
|
||||
'HeraldApplyTranscript' => 'applications/herald/storage/transcript/HeraldApplyTranscript.php',
|
||||
'HeraldCapabilityCreateRules' => 'applications/herald/capability/HeraldCapabilityCreateRules.php',
|
||||
'HeraldCapabilityManageGlobalRules' => 'applications/herald/capability/HeraldCapabilityManageGlobalRules.php',
|
||||
'HeraldCommitAdapter' => 'applications/herald/adapter/HeraldCommitAdapter.php',
|
||||
'HeraldCondition' => 'applications/herald/storage/HeraldCondition.php',
|
||||
|
@ -2727,7 +2726,6 @@ phutil_register_library_map(array(
|
|||
'HarbormasterScratchTable' => 'HarbormasterDAO',
|
||||
'HeraldAction' => 'HeraldDAO',
|
||||
'HeraldApplyTranscript' => 'HeraldDAO',
|
||||
'HeraldCapabilityCreateRules' => 'PhabricatorPolicyCapability',
|
||||
'HeraldCapabilityManageGlobalRules' => 'PhabricatorPolicyCapability',
|
||||
'HeraldCommitAdapter' => 'HeraldAdapter',
|
||||
'HeraldCondition' => 'HeraldDAO',
|
||||
|
|
|
@ -51,8 +51,6 @@ final class PhabricatorApplicationHerald extends PhabricatorApplication {
|
|||
|
||||
protected function getCustomCapabilities() {
|
||||
return array(
|
||||
HeraldCapabilityCreateRules::CAPABILITY => array(
|
||||
),
|
||||
HeraldCapabilityManageGlobalRules::CAPABILITY => array(
|
||||
'caption' => pht('Global rules can bypass access controls.'),
|
||||
'default' => PhabricatorPolicies::POLICY_ADMIN,
|
||||
|
|
|
@ -1,20 +0,0 @@
|
|||
<?php
|
||||
|
||||
final class HeraldCapabilityCreateRules
|
||||
extends PhabricatorPolicyCapability {
|
||||
|
||||
const CAPABILITY = 'herald.create';
|
||||
|
||||
public function getCapabilityKey() {
|
||||
return self::CAPABILITY;
|
||||
}
|
||||
|
||||
public function getCapabilityName() {
|
||||
return pht('Can Create Rules');
|
||||
}
|
||||
|
||||
public function describeCapabilityRejection() {
|
||||
return pht('You do not have permission to create new Herald rules.');
|
||||
}
|
||||
|
||||
}
|
|
@ -23,15 +23,11 @@ abstract class HeraldController extends PhabricatorController {
|
|||
public function buildApplicationCrumbs() {
|
||||
$crumbs = parent::buildApplicationCrumbs();
|
||||
|
||||
$can_create = $this->hasApplicationCapability(
|
||||
HeraldCapabilityCreateRules::CAPABILITY);
|
||||
|
||||
$crumbs->addAction(
|
||||
id(new PHUIListItemView())
|
||||
->setName(pht('Create Herald Rule'))
|
||||
->setHref($this->getApplicationURI('new/'))
|
||||
->setIcon('create')
|
||||
->setDisabled(!$can_create));
|
||||
->setIcon('create'));
|
||||
|
||||
return $crumbs;
|
||||
}
|
||||
|
|
|
@ -14,9 +14,6 @@ final class HeraldNewController extends HeraldController {
|
|||
$request = $this->getRequest();
|
||||
$user = $request->getUser();
|
||||
|
||||
$this->requireApplicationCapability(
|
||||
HeraldCapabilityCreateRules::CAPABILITY);
|
||||
|
||||
$content_type_map = HeraldAdapter::getEnabledAdapterMap($user);
|
||||
if (empty($content_type_map[$this->contentType])) {
|
||||
$this->contentType = head_key($content_type_map);
|
||||
|
|
|
@ -47,9 +47,6 @@ final class HeraldRuleController extends HeraldController {
|
|||
$rule->setRuleType($rule_type);
|
||||
|
||||
$cancel_uri = $this->getApplicationURI();
|
||||
|
||||
$this->requireApplicationCapability(
|
||||
HeraldCapabilityCreateRules::CAPABILITY);
|
||||
}
|
||||
|
||||
if ($rule->getRuleType() == HeraldRuleTypeConfig::RULE_TYPE_GLOBAL) {
|
||||
|
|
Loading…
Reference in a new issue