Make "user role" editing more clear

Summary: The various interfaces here are in conflict about what a role is and isn't. Make them all consistent. Test Plan: Edited some users into various roles, verified they reported correctly. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T1190 Differential Revision: https://secure.phabricator.com/D2415
2024-11-10 08:52:39 +01:00 · 2012-05-07 10:25:36 -07:00 · 2012-05-07 10:25:36 -07:00 · 803dea1517
commit 803dea1517
parent 2d9d2f1aed
2 changed files with 37 additions and 9 deletions
--- a/src/applications/people/controller/edit/PhabricatorPeopleEditController.php
+++ b/src/applications/people/controller/edit/PhabricatorPeopleEditController.php
@ -47,7 +47,7 @@ final class PhabricatorPeopleEditController

    $views = array(
      'basic'     => 'Basic Information',
-      'role'      => 'Edit Role',
+      'role'      => 'Edit Roles',
      'cert'      => 'Conduit Certificate',
    );

@ -269,13 +269,28 @@ final class PhabricatorPeopleEditController
              'Send "Welcome to Phabricator" email.',
              $welcome_checked));
    } else {
+      $roles = array();
+
+      if ($user->getIsSystemAgent()) {
+        $roles[] = 'System Agent';
+      }
+      if ($user->getIsAdmin()) {
+        $roles[] = 'Admin';
+      }
+      if ($user->getIsDisabled()) {
+        $roles[] = 'Disabled';
+      }
+
+      if (!$roles) {
+        $roles[] = 'Normal User';
+      }
+
+      $roles = implode(', ', $roles);
+
      $form->appendChild(
        id(new AphrontFormStaticControl())
-          ->setLabel('Role')
-          ->setValue(
-            $user->getIsSystemAgent()
-              ? 'System Agent'
-              : 'Normal User'));
+          ->setLabel('Roles')
+          ->setValue($roles));
    }

    $form
@ -374,7 +389,7 @@ final class PhabricatorPeopleEditController
          ->addCheckbox(
            'is_admin',
            1,
-            'Admin: wields absolute power.',
+            'Administrator',
            $user->getIsAdmin())
          ->setDisabled($is_self))
      ->appendChild(
@ -382,9 +397,17 @@ final class PhabricatorPeopleEditController
          ->addCheckbox(
            'is_disabled',
            1,
-            'Disabled: can not login.',
+            'Disabled',
            $user->getIsDisabled())
-          ->setDisabled($is_self));
+          ->setDisabled($is_self))
+      ->appendChild(
+        id(new AphrontFormCheckboxControl())
+          ->addCheckbox(
+            'is_agent',
+            1,
+            'System Agent (Bot/Script User)',
+            $user->getIsSystemAgent())
+          ->setDisabled(true));

    if (!$is_self) {
      $form
--- a/src/docs/userguide/users.diviner
+++ b/src/docs/userguide/users.diviner
@ -44,6 +44,11 @@ for them. System agents:
  - **can not review diffs or own tasks**;
  - **do not appear in CC tokenzers**.

+Currently, the **System Agent** role for an account can not be changed after the
+account is created. This prevents administrators form changing a normal user
+into a system agent, retrieving their Conduit certificate, and then changing
+them back (which would allow administrators to gain other users' credentials).
+
 = Disabled Users =

 **Disabled Users** are accounts that are no longer active. Generally, when