1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-28 09:42:41 +01:00
phorge-phorge/src
epriestley 0d83e1d66f If a user can't see an application, prevent them from using its controllers
Summary:
Ref T603. Broadly, this allows you to implement a policy like "Only users in Engineering can use Differential."

This isn't complete, and there will be a long tail of special cases to deal with. Some examples:

  - If you can't use Differential, should you still be able to attach/detach revisions from tasks?
    - You currently will be able to.
    - This actually seems pretty reasonable.
    - But in other cases it might not be: the "send user a message" action should probably require access to Conpherence.
  - If you can't use Differential, should you still be able to see feed stories about it?
    - You currently will be able to, if you can see the revisions.
    - This seems not-so-reasonable and we should probably lock it down.
  - If you can't use Differential, can users CC you on revisions?
    - Currently, they can, and you can't do anything about it.
    - Probably they shouldn't be able to? This seems challenging to explain in the UI.
  - If you can't use Differential, can you write a Herald rule against it?
    - You currently will be able to.
    - Seems like you obviously shouldn't be able to.
    - I think this is a general issue right now (you can still write Differential herald rules even if you uninstall the application, I believe).

There are probably a few more things I haven't thought of. However, there are a finite number of these things and I suspect there aren't //too/ many more than this -- I can't come up with like 100 of them, and half of the ones above have easy fixes.

Despite the rough edges, I think this accomplishes 95% of what installs expect from it.

Test Plan: Restricted Differential and saw it vanish from the home page.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D7203
2013-10-03 12:39:41 -07:00
..
aphront Fix two issues with audio macros 2013-09-28 15:32:48 -07:00
applications If a user can't see an application, prevent them from using its controllers 2013-10-03 12:39:41 -07:00
docs Convert maniphest to use standard fields 2013-09-19 11:56:15 -07:00
extensions Add src/extensions/ to Phabricator 2013-08-14 15:38:06 -07:00
infrastructure Possibly fix an issue with storage upgrade, see <https://github.com/facebook/phabricator/issues/399> 2013-10-02 07:44:19 -07:00
view Provide more structure to PHUIObjectBoxView 2013-09-30 09:36:04 -07:00
__celerity_resource_map__.php Minor Timeline CSS tweaks 2013-10-01 15:48:21 -07:00
__phutil_library_init__.php Delete license headers from files 2012-11-05 11:16:51 -08:00
__phutil_library_map__.php Add more application query capabilities 2013-10-03 12:39:15 -07:00