When an install has spaces but a user has no access, roadblock them

Summary: Ref T8449. If a user doesn't have access to any spaces, most applications just don't work, and they fail in confusing ways. Just lock users out of everything explicitly up front with a clear message instead of letting them stumble into a big broken mess. Test Plan: Locked a user out of all spaces, saw error to that effect. Reviewers: btrahan, eadler Reviewed By: eadler Subscribers: eadler, epriestley Maniphest Tasks: T8449 Differential Revision: https://secure.phabricator.com/D13545
2024-09-20 01:08:50 +02:00 · 2015-07-03 13:03:33 -07:00 · 2015-07-03 13:03:33 -07:00 · bc22413fa7
commit bc22413fa7
parent 92b73fed6b
3 changed files with 37 additions and 2 deletions
--- a/src/__phutil_library_map__.php
+++ b/src/__phutil_library_map__.php
@ -2658,6 +2658,7 @@ phutil_register_library_map(array(
    'PhabricatorSpacesNamespaceSearchEngine' => 'applications/spaces/query/PhabricatorSpacesNamespaceSearchEngine.php',
    'PhabricatorSpacesNamespaceTransaction' => 'applications/spaces/storage/PhabricatorSpacesNamespaceTransaction.php',
    'PhabricatorSpacesNamespaceTransactionQuery' => 'applications/spaces/query/PhabricatorSpacesNamespaceTransactionQuery.php',
+    'PhabricatorSpacesNoAccessController' => 'applications/spaces/controller/PhabricatorSpacesNoAccessController.php',
    'PhabricatorSpacesRemarkupRule' => 'applications/spaces/remarkup/PhabricatorSpacesRemarkupRule.php',
    'PhabricatorSpacesSchemaSpec' => 'applications/spaces/storage/PhabricatorSpacesSchemaSpec.php',
    'PhabricatorSpacesTestCase' => 'applications/spaces/__tests__/PhabricatorSpacesTestCase.php',
@ -6450,6 +6451,7 @@ phutil_register_library_map(array(
    'PhabricatorSpacesNamespaceSearchEngine' => 'PhabricatorApplicationSearchEngine',
    'PhabricatorSpacesNamespaceTransaction' => 'PhabricatorApplicationTransaction',
    'PhabricatorSpacesNamespaceTransactionQuery' => 'PhabricatorApplicationTransactionQuery',
+    'PhabricatorSpacesNoAccessController' => 'PhabricatorSpacesController',
    'PhabricatorSpacesRemarkupRule' => 'PhabricatorObjectRemarkupRule',
    'PhabricatorSpacesSchemaSpec' => 'PhabricatorConfigSchemaSpec',
    'PhabricatorSpacesTestCase' => 'PhabricatorTestCase',
--- a/src/applications/base/controller/PhabricatorController.php
+++ b/src/applications/base/controller/PhabricatorController.php
@ -200,7 +200,8 @@ abstract class PhabricatorController extends AphrontController {
    if ($this->shouldRequireLogin()) {
      // This actually means we need either:
      //   - a valid user, or a public controller; and
-      //   - permission to see the application.
+      //   - permission to see the application; and
+      //   - permission to see at least one Space if spaces are configured.

      $allow_public = $this->shouldAllowPublic() &&
                      PhabricatorEnv::getEnvConfig('policy.allow-public');
@ -223,10 +224,22 @@ abstract class PhabricatorController extends AphrontController {
        }
      }

+      // If Spaces are configured, require that the user have access to at
+      // least one. If we don't do this, they'll get confusing error messages
+      // later on.
+      $spaces = PhabricatorSpacesNamespaceQuery::getSpacesExist();
+      if ($spaces) {
+        $viewer_spaces = PhabricatorSpacesNamespaceQuery::getViewerSpacesExist(
+          $user);
+        if (!$viewer_spaces) {
+          $controller = new PhabricatorSpacesNoAccessController();
+          return $this->delegateToController($controller);
+        }
+      }
+
      // If the user doesn't have access to the application, don't let them use
      // any of its controllers. We query the application in order to generate
      // a policy exception if the viewer doesn't have permission.
-
      $application = $this->getCurrentApplication();
      if ($application) {
        id(new PhabricatorApplicationQuery())
--- a/src/applications/spaces/controller/PhabricatorSpacesNoAccessController.php
+++ b/src/applications/spaces/controller/PhabricatorSpacesNoAccessController.php
@ -0,0 +1,20 @@
+<?php
+
+final class PhabricatorSpacesNoAccessController
+  extends PhabricatorSpacesController {
+
+  public function handleRequest(AphrontRequest $request) {
+    return $this->newDialog()
+      ->setTitle(pht('No Access to Spaces'))
+      ->appendParagraph(
+        pht(
+          'This install uses spaces to organize objects, but your account '.
+          'does not have access to any spaces.'))
+      ->appendParagraph(
+        pht(
+          'Ask someone to add you to a Space so you can view and create '.
+          'objects.'))
+      ->addCancelButton('/', pht('Drift Aimlessly'));
+  }
+
+}