Page MenuHomePhabricator

Allow "Can Configure Application" permissions to be configured
ClosedPublic

Authored by epriestley on Nov 17 2018, 7:10 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Mar 23, 6:50 PM
Unknown Object (File)
Sat, Mar 16, 10:38 AM
Unknown Object (File)
Sun, Mar 10, 8:46 PM
Unknown Object (File)
Wed, Mar 6, 3:58 AM
Unknown Object (File)
Fri, Mar 1, 4:19 AM
Unknown Object (File)
Feb 22 2024, 2:58 PM
Unknown Object (File)
Feb 21 2024, 12:18 PM
Unknown Object (File)
Feb 5 2024, 3:03 PM
Subscribers

Details

Summary

Ref T13216. See PHI980. Currently, each application in ApplicationsXConfigure has a "Can Configure Application" permission which is hard-coded to "Administrators".

There's no technical reason for this, there just hasn't been a great use case for unlocking it. I think when I originally wrote it our protections against locking yourself out of things weren't that great (i.e., it was easier to set the policy to something that prevented you from editing it after the new policy took effect). Our protections are better now.

The major goal here is to let installs open up Custom Forms for given applications (mostly Maniphest) to more users, but the other options mostly go hand-in-hand with that.

Also, in developer mode, include stack traces for policy exceptions. This makes debugging weird stuff (like the indirect Config application errors here) easier.

Test Plan
  • Granted "Can Configure Application" for Maniphest to all users.
  • Edited custom forms as a non-administrator.
  • Configured Maniphest as a non-administrator.
  • Installed/uninstalled Maniphest as a non-administrator.
  • Tried to lock myself out (got an error message).

Screen Shot 2018-11-17 at 10.48.29 AM.png (1×2 px, 280 KB)

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

I feel like custom forms should have their own edit permissions can that access can be managed more granularly.

This revision is now accepted and ready to land.Nov 19 2018, 1:21 AM
This revision was automatically updated to reflect the committed changes.