Page MenuHomePhabricator

Add a "Can Disable Users" capability to the "People" application
ClosedPublic

Authored by epriestley on Aug 27 2018, 1:58 PM.
Tags
None
Referenced Files
F17723248: D19606.id.diff
Fri, Jul 18, 11:33 AM
F17711953: D19606.diff
Thu, Jul 17, 9:20 AM
Unknown Object (File)
Jun 5 2025, 5:10 PM
Unknown Object (File)
Jun 3 2025, 11:31 PM
Unknown Object (File)
Jun 2 2025, 8:28 PM
Unknown Object (File)
Jun 2 2025, 8:27 PM
Unknown Object (File)
Jun 2 2025, 8:22 PM
Unknown Object (File)
May 8 2025, 8:24 PM
Subscribers
None

Details

Summary

Depends on D19605. Ref T13189. See PHI642. This adds a separate "Can Disable Users" capability, and makes the underlying transaction use it.

This doesn't actually let you weaken the permission, since all pathways need more permissions:

  • user.edit needs CAN_EDIT.
  • user.disable/enable need admin.
  • Web UI workflow needs admin.

Upcoming changes will update these pathways.

Without additional changes, this does let you strengthen the permission.

This also fixes the inability to disable non-bot users via the web UI.

Test Plan
  • Set permission to "No One", tried to disable users. Got a tailored policy error.
  • Set permission to "All Users", disabled/enabled a non-bot user.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable