diff --git a/src/__phutil_library_map__.php b/src/__phutil_library_map__.php index 23d2562822..459c95643c 100644 --- a/src/__phutil_library_map__.php +++ b/src/__phutil_library_map__.php @@ -2658,6 +2658,7 @@ phutil_register_library_map(array( 'PhabricatorSpacesNamespaceSearchEngine' => 'applications/spaces/query/PhabricatorSpacesNamespaceSearchEngine.php', 'PhabricatorSpacesNamespaceTransaction' => 'applications/spaces/storage/PhabricatorSpacesNamespaceTransaction.php', 'PhabricatorSpacesNamespaceTransactionQuery' => 'applications/spaces/query/PhabricatorSpacesNamespaceTransactionQuery.php', + 'PhabricatorSpacesNoAccessController' => 'applications/spaces/controller/PhabricatorSpacesNoAccessController.php', 'PhabricatorSpacesRemarkupRule' => 'applications/spaces/remarkup/PhabricatorSpacesRemarkupRule.php', 'PhabricatorSpacesSchemaSpec' => 'applications/spaces/storage/PhabricatorSpacesSchemaSpec.php', 'PhabricatorSpacesTestCase' => 'applications/spaces/__tests__/PhabricatorSpacesTestCase.php', @@ -6450,6 +6451,7 @@ phutil_register_library_map(array( 'PhabricatorSpacesNamespaceSearchEngine' => 'PhabricatorApplicationSearchEngine', 'PhabricatorSpacesNamespaceTransaction' => 'PhabricatorApplicationTransaction', 'PhabricatorSpacesNamespaceTransactionQuery' => 'PhabricatorApplicationTransactionQuery', + 'PhabricatorSpacesNoAccessController' => 'PhabricatorSpacesController', 'PhabricatorSpacesRemarkupRule' => 'PhabricatorObjectRemarkupRule', 'PhabricatorSpacesSchemaSpec' => 'PhabricatorConfigSchemaSpec', 'PhabricatorSpacesTestCase' => 'PhabricatorTestCase', diff --git a/src/applications/base/controller/PhabricatorController.php b/src/applications/base/controller/PhabricatorController.php index 3476bb8f9a..1551667591 100644 --- a/src/applications/base/controller/PhabricatorController.php +++ b/src/applications/base/controller/PhabricatorController.php @@ -200,7 +200,8 @@ abstract class PhabricatorController extends AphrontController { if ($this->shouldRequireLogin()) { // This actually means we need either: // - a valid user, or a public controller; and - // - permission to see the application. + // - permission to see the application; and + // - permission to see at least one Space if spaces are configured. $allow_public = $this->shouldAllowPublic() && PhabricatorEnv::getEnvConfig('policy.allow-public'); @@ -223,10 +224,22 @@ abstract class PhabricatorController extends AphrontController { } } + // If Spaces are configured, require that the user have access to at + // least one. If we don't do this, they'll get confusing error messages + // later on. + $spaces = PhabricatorSpacesNamespaceQuery::getSpacesExist(); + if ($spaces) { + $viewer_spaces = PhabricatorSpacesNamespaceQuery::getViewerSpacesExist( + $user); + if (!$viewer_spaces) { + $controller = new PhabricatorSpacesNoAccessController(); + return $this->delegateToController($controller); + } + } + // If the user doesn't have access to the application, don't let them use // any of its controllers. We query the application in order to generate // a policy exception if the viewer doesn't have permission. - $application = $this->getCurrentApplication(); if ($application) { id(new PhabricatorApplicationQuery()) diff --git a/src/applications/spaces/controller/PhabricatorSpacesNoAccessController.php b/src/applications/spaces/controller/PhabricatorSpacesNoAccessController.php new file mode 100644 index 0000000000..7e07bd8e17 --- /dev/null +++ b/src/applications/spaces/controller/PhabricatorSpacesNoAccessController.php @@ -0,0 +1,20 @@ +newDialog() + ->setTitle(pht('No Access to Spaces')) + ->appendParagraph( + pht( + 'This install uses spaces to organize objects, but your account '. + 'does not have access to any spaces.')) + ->appendParagraph( + pht( + 'Ask someone to add you to a Space so you can view and create '. + 'objects.')) + ->addCancelButton('/', pht('Drift Aimlessly')); + } + +}