From a0ed843d472ac38a702cfd60ad0f8f7d6e0ad5e2 Mon Sep 17 00:00:00 2001 From: epriestley Date: Sun, 20 Sep 2015 04:28:33 -0700 Subject: [PATCH] Don't allow welcome mail to be sent to users who can't login Summary: Fixes T9446. We allow administrators to send "Welcome" mail to bots and mailing lists. This is harmless (these links do not function), but confusing. Instead, disable this option in the UI and explain why it is disabled when it is clicked. Also prevent generation of this mail lower in the stack. Test Plan: - Viewed a bot page, saw action disabled, clicked it, got explanation. - Viewed a normal user page, saw action enabled, clicked it, sent welcome email. Reviewers: chad Reviewed By: chad Maniphest Tasks: T9446 Differential Revision: https://secure.phabricator.com/D14134 --- .../PhabricatorPeopleProfileController.php | 3 +++ .../PhabricatorPeopleWelcomeController.php | 25 +++++++++++-------- .../people/storage/PhabricatorUser.php | 7 ++++++ 3 files changed, 25 insertions(+), 10 deletions(-) diff --git a/src/applications/people/controller/PhabricatorPeopleProfileController.php b/src/applications/people/controller/PhabricatorPeopleProfileController.php index dbdaf7e8b9..30af5057dd 100644 --- a/src/applications/people/controller/PhabricatorPeopleProfileController.php +++ b/src/applications/people/controller/PhabricatorPeopleProfileController.php @@ -136,11 +136,14 @@ final class PhabricatorPeopleProfileController ->setWorkflow(true) ->setHref($this->getApplicationURI('delete/'.$user->getID().'/'))); + $can_welcome = $user->canEstablishWebSessions(); + $actions->addAction( id(new PhabricatorActionView()) ->setIcon('fa-envelope') ->setName(pht('Send Welcome Email')) ->setWorkflow(true) + ->setDisabled(!$can_welcome) ->setHref($this->getApplicationURI('welcome/'.$user->getID().'/'))); } diff --git a/src/applications/people/controller/PhabricatorPeopleWelcomeController.php b/src/applications/people/controller/PhabricatorPeopleWelcomeController.php index b3762e67c9..14b1544b7f 100644 --- a/src/applications/people/controller/PhabricatorPeopleWelcomeController.php +++ b/src/applications/people/controller/PhabricatorPeopleWelcomeController.php @@ -3,19 +3,12 @@ final class PhabricatorPeopleWelcomeController extends PhabricatorPeopleController { - private $id; - - public function willProcessRequest(array $data) { - $this->id = $data['id']; - } - - public function processRequest() { - $request = $this->getRequest(); - $admin = $request->getUser(); + public function handleRequest(AphrontRequest $request) { + $admin = $this->getViewer(); $user = id(new PhabricatorPeopleQuery()) ->setViewer($admin) - ->withIDs(array($this->id)) + ->withIDs(array($request->getURIData('id'))) ->executeOne(); if (!$user) { return new Aphront404Response(); @@ -23,6 +16,18 @@ final class PhabricatorPeopleWelcomeController $profile_uri = '/p/'.$user->getUsername().'/'; + if (!$user->canEstablishWebSessions()) { + return $this->newDialog() + ->setTitle(pht('Not a Normal User')) + ->appendParagraph( + pht( + 'You can not send this user a welcome mail because they are not '. + 'a normal user and can not log in to the web interface. Special '. + 'users (like bots and mailing lists) are unable to establish web '. + 'sessions.')) + ->addCancelButton($profile_uri, pht('Done')); + } + if ($request->isFormPost()) { $user->sendWelcomeEmail($admin); return id(new AphrontRedirectResponse())->setURI($profile_uri); diff --git a/src/applications/people/storage/PhabricatorUser.php b/src/applications/people/storage/PhabricatorUser.php index 82d17983e8..77d1d41603 100644 --- a/src/applications/people/storage/PhabricatorUser.php +++ b/src/applications/people/storage/PhabricatorUser.php @@ -587,6 +587,13 @@ final class PhabricatorUser } public function sendWelcomeEmail(PhabricatorUser $admin) { + if (!$this->canEstablishWebSessions()) { + throw new Exception( + pht( + 'Can not send welcome mail to users who can not establish '. + 'web sessions!')); + } + $admin_username = $admin->getUserName(); $admin_realname = $admin->getRealName(); $user_username = $this->getUserName();