Prevent administrators from locking themselves out of applications

Summary: Ref T603. This could be a nicer UX, but limit the amount of foot-shooting that users can possibly do. You can still manage if you're really tricky ("Members of project X", then leave the project) but this should make it hard to make a mistake. It seems very unlikely any user ever intends to lock themselves out of an application. Test Plan: Set an application's view policy to permissive ("Administrators") and nonpermissive ("No One") values. The former were accepted, the latter rejected. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T603 Differential Revision: https://secure.phabricator.com/D7218
2024-12-20 20:40:56 +01:00 · 2013-10-04 15:13:58 -07:00 · 2013-10-04 15:13:58 -07:00 · a600ab7731
commit a600ab7731
parent 1a5de83ad1
1 changed files with 13 additions and 0 deletions
--- a/src/applications/meta/controller/PhabricatorApplicationEditController.php
+++ b/src/applications/meta/controller/PhabricatorApplicationEditController.php
@ -75,6 +75,19 @@ final class PhabricatorApplicationEditController

        $value[$phid]['policy'] = $result + $value[$phid]['policy'];

+        // Don't allow users to make policy edits which would lock them out of
+        // applications, since they would be unable to undo those actions.
+        PhabricatorEnv::overrideConfig($key, $value);
+        PhabricatorPolicyFilter::mustRetainCapability(
+          $user,
+          $application,
+          PhabricatorPolicyCapability::CAN_VIEW);
+
+        PhabricatorPolicyFilter::mustRetainCapability(
+          $user,
+          $application,
+          PhabricatorPolicyCapability::CAN_EDIT);
+
        PhabricatorConfigEditor::storeNewValue(
          $config_entry,
          $value,