Ref T6947.
Details
Details
- Reviewers
epriestley - Maniphest Tasks
- T6947: Add configuration to lock auth/user creation, or to lock application policies
- Commits
- Restricted Diffusion Commit
rP46913f651e6f: Auth - add "manage providers" capability
toggled setting in application settings and changes stuck. set policy to admin user a only and could not add a provider as a admin user b.
Diff Detail
Diff Detail
- Repository
- rP Phabricator
- Lint
Lint Not Applicable - Unit
Tests Not Applicable
Event Timeline
Comment Actions
One inline. We should also:
- Check in PhabricatorAuthDisableController.
- Maybe setDisabled(true) on the "Add Authentication Provider" link on the List view if you don't have the capability, so the button greys out. Likewise with the "disable" "X" on the list view.
- After we default to "Admin", we could remove shouldRequireAdmin() from PhabricatorAuthProviderConfigController. I'm not 100% sure this has use cases -- it would let you create a more open policy around provider management -- but it's more consistent with how other policies work.
| src/applications/auth/application/PhabricatorAuthApplication.php | ||
|---|---|---|
| 149 | This should default to PhabricatorPolicies::POLICY_ADMIN here. | |
Comment Actions
The handleReqeust(AphrontRequest $request) cleanups are also really nice, I'm glad we made that change.
Comment Actions
Yeah, the code definitely looks better this way... I figure I'll keep nibbling and eventually we can get more serious about conversion.