revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2025-02-08 04:48:28 +01:00
Code Issues Releases Wiki Activity

When an install has spaces but a user has no access, roadblock them

Browse source 
Summary:
Ref T8449. If a user doesn't have access to any spaces, most applications just don't work, and they fail in confusing ways.

Just lock users out of everything explicitly up front with a clear message instead of letting them stumble into a big broken mess.

Test Plan: Locked a user out of all spaces, saw error to that effect.

Reviewers: btrahan, eadler

Reviewed By: eadler

Subscribers: eadler, epriestley

Maniphest Tasks: T8449

Differential Revision: https://secure.phabricator.com/D13545
This commit is contained in:
epriestley 2015-07-03 13:03:33 -07:00
parent 92b73fed6b
commit bc22413fa7
3 changed files with 37 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/__phutil_library_map__.php
View file

@ -2658,6 +2658,7 @@ phutil_register_library_map(array(
'PhabricatorSpacesNamespaceSearchEngine' => 'applications/spaces/query/PhabricatorSpacesNamespaceSearchEngine.php', 'PhabricatorSpacesNamespaceSearchEngine' => 'applications/spaces/query/PhabricatorSpacesNamespaceSearchEngine.php',
'PhabricatorSpacesNamespaceTransaction' => 'applications/spaces/storage/PhabricatorSpacesNamespaceTransaction.php', 'PhabricatorSpacesNamespaceTransaction' => 'applications/spaces/storage/PhabricatorSpacesNamespaceTransaction.php',
'PhabricatorSpacesNamespaceTransactionQuery' => 'applications/spaces/query/PhabricatorSpacesNamespaceTransactionQuery.php', 'PhabricatorSpacesNamespaceTransactionQuery' => 'applications/spaces/query/PhabricatorSpacesNamespaceTransactionQuery.php',
'PhabricatorSpacesNoAccessController' => 'applications/spaces/controller/PhabricatorSpacesNoAccessController.php',
'PhabricatorSpacesRemarkupRule' => 'applications/spaces/remarkup/PhabricatorSpacesRemarkupRule.php', 'PhabricatorSpacesRemarkupRule' => 'applications/spaces/remarkup/PhabricatorSpacesRemarkupRule.php',
'PhabricatorSpacesSchemaSpec' => 'applications/spaces/storage/PhabricatorSpacesSchemaSpec.php', 'PhabricatorSpacesSchemaSpec' => 'applications/spaces/storage/PhabricatorSpacesSchemaSpec.php',
'PhabricatorSpacesTestCase' => 'applications/spaces/__tests__/PhabricatorSpacesTestCase.php', 'PhabricatorSpacesTestCase' => 'applications/spaces/__tests__/PhabricatorSpacesTestCase.php',
@ -6450,6 +6451,7 @@ phutil_register_library_map(array(
'PhabricatorSpacesNamespaceSearchEngine' => 'PhabricatorApplicationSearchEngine', 'PhabricatorSpacesNamespaceSearchEngine' => 'PhabricatorApplicationSearchEngine',
'PhabricatorSpacesNamespaceTransaction' => 'PhabricatorApplicationTransaction', 'PhabricatorSpacesNamespaceTransaction' => 'PhabricatorApplicationTransaction',
'PhabricatorSpacesNamespaceTransactionQuery' => 'PhabricatorApplicationTransactionQuery', 'PhabricatorSpacesNamespaceTransactionQuery' => 'PhabricatorApplicationTransactionQuery',
'PhabricatorSpacesNoAccessController' => 'PhabricatorSpacesController',
'PhabricatorSpacesRemarkupRule' => 'PhabricatorObjectRemarkupRule', 'PhabricatorSpacesRemarkupRule' => 'PhabricatorObjectRemarkupRule',
'PhabricatorSpacesSchemaSpec' => 'PhabricatorConfigSchemaSpec', 'PhabricatorSpacesSchemaSpec' => 'PhabricatorConfigSchemaSpec',
'PhabricatorSpacesTestCase' => 'PhabricatorTestCase', 'PhabricatorSpacesTestCase' => 'PhabricatorTestCase',

17
src/applications/base/controller/PhabricatorController.php
View file

@ -200,7 +200,8 @@ abstract class PhabricatorController extends AphrontController {
if ($this->shouldRequireLogin()) { if ($this->shouldRequireLogin()) {
// This actually means we need either: // This actually means we need either:
// - a valid user, or a public controller; and // - a valid user, or a public controller; and
// - permission to see the application. // - permission to see the application; and
// - permission to see at least one Space if spaces are configured.
$allow_public = $this->shouldAllowPublic() && $allow_public = $this->shouldAllowPublic() &&
PhabricatorEnv::getEnvConfig('policy.allow-public'); PhabricatorEnv::getEnvConfig('policy.allow-public');
@ -223,10 +224,22 @@ abstract class PhabricatorController extends AphrontController {
} }
} }
// If Spaces are configured, require that the user have access to at
// least one. If we don't do this, they'll get confusing error messages
// later on.
$spaces = PhabricatorSpacesNamespaceQuery::getSpacesExist();
if ($spaces) {
$viewer_spaces = PhabricatorSpacesNamespaceQuery::getViewerSpacesExist(
$user);
if (!$viewer_spaces) {
$controller = new PhabricatorSpacesNoAccessController();
return $this->delegateToController($controller);
}
}
// If the user doesn't have access to the application, don't let them use // If the user doesn't have access to the application, don't let them use
// any of its controllers. We query the application in order to generate // any of its controllers. We query the application in order to generate
// a policy exception if the viewer doesn't have permission. // a policy exception if the viewer doesn't have permission.
$application = $this->getCurrentApplication(); $application = $this->getCurrentApplication();
if ($application) { if ($application) {
id(new PhabricatorApplicationQuery()) id(new PhabricatorApplicationQuery())

20
src/applications/spaces/controller/PhabricatorSpacesNoAccessController.php Normal file
View file

@ -0,0 +1,20 @@
<?php
final class PhabricatorSpacesNoAccessController
extends PhabricatorSpacesController {
public function handleRequest(AphrontRequest $request) {
return $this->newDialog()
->setTitle(pht('No Access to Spaces'))
->appendParagraph(
pht(
'This install uses spaces to organize objects, but your account '.
'does not have access to any spaces.'))
->appendParagraph(
pht(
'Ask someone to add you to a Space so you can view and create '.
'objects.'))
->addCancelButton('/', pht('Drift Aimlessly'));
}
}