- Maniphest Tasks
- T6947: Add configuration to lock auth/user creation, or to lock application policies
- Restricted Diffusion Commit
rP46913f651e6f: Auth - add "manage providers" capability
toggled setting in application settings and changes stuck. set policy to admin user a only and could not add a provider as a admin user b.
One inline. We should also:
- Check in PhabricatorAuthDisableController.
- Maybe setDisabled(true) on the "Add Authentication Provider" link on the List view if you don't have the capability, so the button greys out. Likewise with the "disable" "X" on the list view.
- After we default to "Admin", we could remove shouldRequireAdmin() from PhabricatorAuthProviderConfigController. I'm not 100% sure this has use cases -- it would let you create a more open policy around provider management -- but it's more consistent with how other policies work.
This should default to PhabricatorPolicies::POLICY_ADMIN here.