1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-24 15:52:41 +01:00
phorge-phorge/src/applications
epriestley 0d83e1d66f If a user can't see an application, prevent them from using its controllers
Summary:
Ref T603. Broadly, this allows you to implement a policy like "Only users in Engineering can use Differential."

This isn't complete, and there will be a long tail of special cases to deal with. Some examples:

  - If you can't use Differential, should you still be able to attach/detach revisions from tasks?
    - You currently will be able to.
    - This actually seems pretty reasonable.
    - But in other cases it might not be: the "send user a message" action should probably require access to Conpherence.
  - If you can't use Differential, should you still be able to see feed stories about it?
    - You currently will be able to, if you can see the revisions.
    - This seems not-so-reasonable and we should probably lock it down.
  - If you can't use Differential, can users CC you on revisions?
    - Currently, they can, and you can't do anything about it.
    - Probably they shouldn't be able to? This seems challenging to explain in the UI.
  - If you can't use Differential, can you write a Herald rule against it?
    - You currently will be able to.
    - Seems like you obviously shouldn't be able to.
    - I think this is a general issue right now (you can still write Differential herald rules even if you uninstall the application, I believe).

There are probably a few more things I haven't thought of. However, there are a finite number of these things and I suspect there aren't //too/ many more than this -- I can't come up with like 100 of them, and half of the ones above have easy fixes.

Despite the rough edges, I think this accomplishes 95% of what installs expect from it.

Test Plan: Restricted Differential and saw it vanish from the home page.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D7203
2013-10-03 12:39:41 -07:00
..
arcanist/conduit Move Conduit methods inside applications 2012-12-21 12:21:59 -08:00
audit Make most repository reads policy-aware 2013-09-25 16:54:48 -07:00
auth Explain policy exception rules to users 2013-09-27 08:43:41 -07:00
base If a user can't see an application, prevent them from using its controllers 2013-10-03 12:39:41 -07:00
cache Provide 'bin/cache', for managing caches 2013-05-20 10:16:35 -07:00
calendar Move PHUIFormBoxView to PHUIObjectBoxView 2013-09-25 11:23:29 -07:00
chatlog Explain policy exception rules to users 2013-09-27 08:43:41 -07:00
conduit Explain policy exception rules to users 2013-09-27 08:43:41 -07:00
config Add a config setting for storing application settings 2013-10-03 12:39:30 -07:00
conpherence Explain policy exception rules to users 2013-09-27 08:43:41 -07:00
countdown Provide more structure to PHUIObjectBoxView 2013-09-30 09:36:04 -07:00
daemon Explain policy exception rules to users 2013-09-27 08:43:41 -07:00
differential Add differential.getrawdiff to Conduit 2013-10-02 17:03:53 -07:00
diffusion ObjectBoxes for Diffusion 2013-10-01 14:35:31 -07:00
directory/controller If a user can't see an application, prevent them from using its controllers 2013-10-03 12:39:41 -07:00
diviner Explain policy exception rules to users 2013-09-27 08:43:41 -07:00
doorkeeper Explain policy exception rules to users 2013-09-27 08:43:41 -07:00
draft/storage Add draft support to ApplicationTransactions 2012-12-21 05:57:14 -08:00
drydock Provide more structure to PHUIObjectBoxView 2013-09-30 09:36:04 -07:00
fact Convert AphrontTableView to safe HTML 2013-02-09 15:11:38 -08:00
feed Explain policy exception rules to users 2013-09-27 08:43:41 -07:00
files Modernize file embed Remarkup rule 2013-10-01 18:03:09 -07:00
flag Flags - add ability to group by color 2013-10-01 15:06:35 -07:00
harbormaster Make most repository reads policy-aware 2013-09-25 16:54:48 -07:00
help/controller Make Differential views capability-sensitive 2013-09-26 18:45:04 -07:00
herald Provide more structure to PHUIObjectBoxView 2013-09-30 09:36:04 -07:00
legalpad Provide more structure to PHUIObjectBoxView 2013-09-30 09:36:04 -07:00
lipsum Kill PhabricatorObjectDataHandle 2013-09-11 12:27:28 -07:00
macro Make most file reads policy-aware 2013-09-30 09:38:13 -07:00
mailinglists Explain policy exception rules to users 2013-09-27 08:43:41 -07:00
maniphest Maniphest "attach" actions should always have workflow 2013-10-01 12:01:55 -07:00
meta Add more application query capabilities 2013-10-03 12:39:15 -07:00
metamta Make most file reads policy-aware 2013-09-30 09:38:13 -07:00
notification Fix unacceptably light-hearted string in serious business mode 2013-08-22 15:01:22 -07:00
oauthserver Initialize used variable 2013-07-09 21:55:27 -07:00
owners Explain policy exception rules to users 2013-09-27 08:43:41 -07:00
paste Make most file reads policy-aware 2013-09-30 09:38:13 -07:00
people Make most file reads policy-aware 2013-09-30 09:38:13 -07:00
phame Provide more structure to PHUIObjectBoxView 2013-09-30 09:36:04 -07:00
phid Convert bin/files to ObjectQuery 2013-09-30 12:23:18 -07:00
phlux Provide more structure to PHUIObjectBoxView 2013-09-30 09:36:04 -07:00
pholio Make most file reads policy-aware 2013-09-30 09:38:13 -07:00
phortune Provide more structure to PHUIObjectBoxView 2013-09-30 09:36:04 -07:00
phpast Move PHUIFormBoxView to PHUIObjectBoxView 2013-09-25 11:23:29 -07:00
phrequent Add "Stop Tracking" link to entries in the Phrequent search view. 2013-10-01 13:17:28 -07:00
phriction Explain policy exception rules to users 2013-09-27 08:43:41 -07:00
policy Use ApplicationSearch in Applications application 2013-10-02 13:13:07 -07:00
ponder Provide more structure to PHUIObjectBoxView 2013-09-30 09:36:04 -07:00
project Make most file reads policy-aware 2013-09-30 09:38:13 -07:00
releeph Provide more structure to PHUIObjectBoxView 2013-09-30 09:36:04 -07:00
remarkup/conduit Convert Remarkup to safe HTML 2013-02-13 12:34:49 -08:00
repository Make most file reads policy-aware 2013-09-30 09:38:13 -07:00
search Make jump nav use object name queries 2013-10-02 13:11:56 -07:00
settings Move PHUIFormBoxView to PHUIObjectBoxView 2013-09-25 11:23:29 -07:00
slowvote Provide more structure to PHUIObjectBoxView 2013-09-30 09:36:04 -07:00
subscriptions Kill PhabricatorObjectDataHandle 2013-09-11 12:27:28 -07:00
system Add a user-accessible hook for dumping debug code into an install 2013-03-04 13:45:51 -08:00
tokens Explain policy exception rules to users 2013-09-27 08:43:41 -07:00
transactions Write "attach" edges when files are attached to objects via comment or other transactions 2013-10-01 16:15:07 -07:00
typeahead Make Maniphest list page react to viewer capabilities 2013-09-25 13:45:04 -07:00
uiexample Allow transactions to be grouped in the TimelineView 2013-09-24 14:35:35 -07:00
xhprof Make most file reads policy-aware 2013-09-30 09:38:13 -07:00