From c11c7f29009aec028e5b15b97e31c71cd78a9cbc Mon Sep 17 00:00:00 2001
From: epriestley <git@epriestley.com>
Date: Mon, 25 Jan 2016 03:21:36 -0800
Subject: [PATCH] Prevent "Manage" profile menu items from being hidden

Summary: Ref T10054. Prevent users from removing this item and locking themselves out of the system unless they can guess the URI.

Test Plan: Tried to disable "Manage", wasn't permitted to.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10054

Differential Revision: https://secure.phabricator.com/D15113
---
 .../PhabricatorPeopleManageProfilePanel.php          |  5 +++++
 .../PhabricatorProjectManageProfilePanel.php         |  5 +++++
 .../search/engine/PhabricatorProfilePanelEngine.php  | 11 +++++++++++
 .../search/profilepanel/PhabricatorProfilePanel.php  |  5 +++++
 .../storage/PhabricatorProfilePanelConfiguration.php |  7 +++++++
 src/docs/user/userguide/profile_menu.diviner         | 12 +++++++++---
 6 files changed, 42 insertions(+), 3 deletions(-)

diff --git a/src/applications/people/profilepanel/PhabricatorPeopleManageProfilePanel.php b/src/applications/people/profilepanel/PhabricatorPeopleManageProfilePanel.php
index ce0bd98d8b..f010016d35 100644
--- a/src/applications/people/profilepanel/PhabricatorPeopleManageProfilePanel.php
+++ b/src/applications/people/profilepanel/PhabricatorPeopleManageProfilePanel.php
@@ -13,6 +13,11 @@ final class PhabricatorPeopleManageProfilePanel
     return pht('Manage');
   }
 
+  public function canHidePanel(
+    PhabricatorProfilePanelConfiguration $config) {
+    return false;
+  }
+
   public function getDisplayName(
     PhabricatorProfilePanelConfiguration $config) {
     $name = $config->getPanelProperty('name');
diff --git a/src/applications/project/profilepanel/PhabricatorProjectManageProfilePanel.php b/src/applications/project/profilepanel/PhabricatorProjectManageProfilePanel.php
index 16985890d4..ae66c4cc3e 100644
--- a/src/applications/project/profilepanel/PhabricatorProjectManageProfilePanel.php
+++ b/src/applications/project/profilepanel/PhabricatorProjectManageProfilePanel.php
@@ -13,6 +13,11 @@ final class PhabricatorProjectManageProfilePanel
     return pht('Manage');
   }
 
+  public function canHidePanel(
+    PhabricatorProfilePanelConfiguration $config) {
+    return false;
+  }
+
   public function canMakeDefault(
     PhabricatorProfilePanelConfiguration $config) {
     return true;
diff --git a/src/applications/search/engine/PhabricatorProfilePanelEngine.php b/src/applications/search/engine/PhabricatorProfilePanelEngine.php
index 658cf5c266..6500676bd1 100644
--- a/src/applications/search/engine/PhabricatorProfilePanelEngine.php
+++ b/src/applications/search/engine/PhabricatorProfilePanelEngine.php
@@ -600,10 +600,13 @@ abstract class PhabricatorProfilePanelEngine extends Phobject {
           $hide_text = pht('Delete');
         }
 
+        $can_disable = $panel->canHidePanel();
+
         $item->addAction(
           id(new PHUIListItemView())
             ->setHref($hide_uri)
             ->setWorkflow(true)
+            ->setDisabled(!$can_disable)
             ->setName($hide_text)
             ->setIcon($hide_icon));
       }
@@ -761,6 +764,14 @@ abstract class PhabricatorProfilePanelEngine extends Phobject {
       $configuration,
       PhabricatorPolicyCapability::CAN_EDIT);
 
+    if (!$configuration->canHidePanel()) {
+      return $controller->newDialog()
+        ->setTitle(pht('Mandatory Panel'))
+        ->appendParagraph(
+          pht('This panel is very important, and can not be disabled.'))
+        ->addCancelButton($this->getConfigureURI());
+    }
+
     if ($configuration->getBuiltinKey() === null) {
       $new_value = null;
 
diff --git a/src/applications/search/profilepanel/PhabricatorProfilePanel.php b/src/applications/search/profilepanel/PhabricatorProfilePanel.php
index 49159dbf8d..8316d13467 100644
--- a/src/applications/search/profilepanel/PhabricatorProfilePanel.php
+++ b/src/applications/search/profilepanel/PhabricatorProfilePanel.php
@@ -30,6 +30,11 @@ abstract class PhabricatorProfilePanel extends Phobject {
     return false;
   }
 
+  public function canHidePanel(
+    PhabricatorProfilePanelConfiguration $config) {
+    return true;
+  }
+
   public function canMakeDefault(
     PhabricatorProfilePanelConfiguration $config) {
     return false;
diff --git a/src/applications/search/storage/PhabricatorProfilePanelConfiguration.php b/src/applications/search/storage/PhabricatorProfilePanelConfiguration.php
index 127ce6b688..faeaeb5207 100644
--- a/src/applications/search/storage/PhabricatorProfilePanelConfiguration.php
+++ b/src/applications/search/storage/PhabricatorProfilePanelConfiguration.php
@@ -105,6 +105,10 @@ final class PhabricatorProfilePanelConfiguration
     return $this->getPanel()->canMakeDefault($this);
   }
 
+  public function canHidePanel() {
+    return $this->getPanel()->canHidePanel($this);
+  }
+
   public function getSortKey() {
     $order = $this->getPanelOrder();
     if ($order === null) {
@@ -120,6 +124,9 @@ final class PhabricatorProfilePanelConfiguration
   }
 
   public function isDisabled() {
+    if (!$this->canHidePanel()) {
+      return false;
+    }
     return ($this->getVisibility() === self::VISIBILITY_DISABLED);
   }
 
diff --git a/src/docs/user/userguide/profile_menu.diviner b/src/docs/user/userguide/profile_menu.diviner
index 51912dd860..bd278b2702 100644
--- a/src/docs/user/userguide/profile_menu.diviner
+++ b/src/docs/user/userguide/profile_menu.diviner
@@ -40,9 +40,10 @@ You can only edit an object's menu if you can edit the object. For example, you
 must have permission to edit a project in order to reconfigure the menu for the
 project.
 
-To edit a menu, click {nav icon="pencil", name="Edit Menu"}. This brings you to
-the menu configuration interface which allows you to add and remove items,
-reorder the menu, edit existing items, and choose a default item.
+To edit a menu, click {nav icon="cogs", name="Manage"} in the menu, then click
+{nav icon="th-list", name="Edit Menu"}. This brings you to the menu
+configuration interface which allows you to add and remove items, reorder the
+menu, edit existing items, and choose a default item.
 
 Menus are comprised of a list of items. Some of the items are builtin
 (for example, projects have builtin "Profile", "Workboard" and "Members"
@@ -95,6 +96,11 @@ Builtin items can not be deleted and have a
 not delete them. You an re-enable a disabled item with the
 {nav icon="plus', name="Enable"} action.
 
+A few items can not be hidden or deleted. For example, the
+{nav icon="cogs", name="Manage"} item must always be available in the menu
+because if you hid it by accident there would no longer be a way to access
+the configuration interface and fix the mistake.
+
 Removing or hiding an item does not disable the underlying functionality.
 For example, if you hide the "Members" item for a project, that just removes
 it from the menu. The project still has members, and users can still navigate