Page MenuHomePhabricator

Allow "user.edit" to enable or disable users
ClosedPublic

Authored by epriestley on Aug 13 2018, 10:40 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Dec 11, 1:02 AM
Unknown Object (File)
Fri, Dec 6, 7:28 AM
Unknown Object (File)
Wed, Dec 4, 5:09 AM
Unknown Object (File)
Wed, Nov 27, 6:04 PM
Unknown Object (File)
Oct 20 2024, 8:19 AM
Unknown Object (File)
Oct 13 2024, 11:01 AM
Unknown Object (File)
Oct 9 2024, 9:52 AM
Unknown Object (File)
Sep 30 2024, 7:47 PM
Subscribers
None

Details

Summary

Depends on D19577. Ref T13164. See PHI642. This adds modern transaction-oriented enable/disable support.

Currently, this also doesn't let you disable normal users even when you're an administrator. I'll refine the policy model later in this change series, since that's also the goal here (let users set "Can Disable Users" to some more broad set of users than "Administrators").

This also leaves us with two different edit pathways: the old UserEditor one and the new UserTransactionEditor one. The next couple diffs will redefine the other pathways in terms of this pathway.

Test Plan
  • Enabled/disabled a bot.
  • Tried to disable another non-bot user. This isn't allowed yet, since even as an administrator you don't have CAN_EDIT on them and currently need it: right now, there's no way for a particular set of transactions to say they can move forward with reduced permissions.
  • Tried to enable/disable myself. This isn't allowed since you can't enable/disable yourself.

Diff Detail

Repository
rP Phabricator
Branch
uxaction3
Lint
Lint Passed
Unit
Tests Passed
Build Status
Buildable 20609
Build 28001: Run Core Tests
Build 28000: arc lint + arc unit

Event Timeline

amckinley added inline comments.
src/applications/people/xaction/PhabricatorUserDisableTransaction.php
63

How hard should we try not to let user shoot themselves in the foot? I'm thinking about users disabling all the administrators on an instance (or all the instance managers). I guess as long as you have the enable/disable ability and you can't disable yourself, every situation should at least be recoverable.

This revision is now accepted and ready to land.Aug 13 2018, 10:52 PM

Yeah, I think you can't completely wedge an install because even if "Can Disable User" is "All Users", one user will win the battle royale and be unable to disable themselves. They can then re-enable an administrator and all the damage can be undone from there.

I'll probably add a bin/user disable/enable or similar too just as an easy backup for support and such. I'd like to sort of move away from the very-old, non-scriptable, weird-feeling bin/accountadmin.

You can also use bin/conduit --as the-battle-royale-winner ... to forcefully unwedge an install if you have CLI access but don't want to touch the database, I suppose.

This revision was automatically updated to reflect the committed changes.