Page MenuHomePhabricator
Files F13177466

D11357.diff
No OneTemporary
Actions

D11357.diff
View Options

diff --git a/src/__phutil_library_map__.php b/src/__phutil_library_map__.php
--- a/src/__phutil_library_map__.php
+++ b/src/__phutil_library_map__.php
@@ -1224,6 +1224,7 @@
'PasteQueryConduitAPIMethod' => 'applications/paste/conduit/PasteQueryConduitAPIMethod.php',
'PasteReplyHandler' => 'applications/paste/mail/PasteReplyHandler.php',
'PeopleBrowseUserDirectoryCapability' => 'applications/people/capability/PeopleBrowseUserDirectoryCapability.php',
+ 'PeopleCreateUsersCapability' => 'applications/people/capability/PeopleCreateUsersCapability.php',
'PeopleUserLogGarbageCollector' => 'applications/people/garbagecollector/PeopleUserLogGarbageCollector.php',
'Phabricator404Controller' => 'applications/base/controller/Phabricator404Controller.php',
'PhabricatorAPCSetupCheck' => 'applications/config/check/PhabricatorAPCSetupCheck.php',
@@ -4382,6 +4383,7 @@
'PasteQueryConduitAPIMethod' => 'PasteConduitAPIMethod',
'PasteReplyHandler' => 'PhabricatorMailReplyHandler',
'PeopleBrowseUserDirectoryCapability' => 'PhabricatorPolicyCapability',
+ 'PeopleCreateUsersCapability' => 'PhabricatorPolicyCapability',
'PeopleUserLogGarbageCollector' => 'PhabricatorGarbageCollector',
'Phabricator404Controller' => 'PhabricatorController',
'PhabricatorAPCSetupCheck' => 'PhabricatorSetupCheck',
diff --git a/src/applications/people/application/PhabricatorPeopleApplication.php b/src/applications/people/application/PhabricatorPeopleApplication.php
--- a/src/applications/people/application/PhabricatorPeopleApplication.php
+++ b/src/applications/people/application/PhabricatorPeopleApplication.php
@@ -78,6 +78,9 @@
protected function getCustomCapabilities() {
return array(
+ PeopleCreateUsersCapability::CAPABILITY => array(
+ 'default' => PhabricatorPolicies::POLICY_ADMIN,
+ ),
PeopleBrowseUserDirectoryCapability::CAPABILITY => array(),
);
}
diff --git a/src/applications/people/capability/PeopleCreateUsersCapability.php b/src/applications/people/capability/PeopleCreateUsersCapability.php
new file mode 100644
--- /dev/null
+++ b/src/applications/people/capability/PeopleCreateUsersCapability.php
@@ -0,0 +1,16 @@
+<?php
+
+final class PeopleCreateUsersCapability
+ extends PhabricatorPolicyCapability {
+
+ const CAPABILITY = 'people.create.users';
+
+ public function getCapabilityName() {
+ return pht('Can Create Users');
+ }
+
+ public function describeCapabilityRejection() {
+ return pht('You do not have permission to create users.');
+ }
+
+}
diff --git a/src/applications/people/controller/PhabricatorPeopleController.php b/src/applications/people/controller/PhabricatorPeopleController.php
--- a/src/applications/people/controller/PhabricatorPeopleController.php
+++ b/src/applications/people/controller/PhabricatorPeopleController.php
@@ -37,13 +37,14 @@
$viewer = $this->getRequest()->getUser();
- if ($viewer->getIsAdmin()) {
- $crumbs->addAction(
- id(new PHUIListItemView())
- ->setName(pht('Create New User'))
- ->setHref($this->getApplicationURI('create/'))
- ->setIcon('fa-plus-square'));
- }
+ $can_create = $this->hasApplicationCapability(
+ PeopleCreateUsersCapability::CAPABILITY);
+ $crumbs->addAction(
+ id(new PHUIListItemView())
+ ->setName(pht('Create New User'))
+ ->setHref($this->getApplicationURI('create/'))
+ ->setDisabled(!$can_create)
+ ->setIcon('fa-plus-square'));
return $crumbs;
}
diff --git a/src/applications/people/controller/PhabricatorPeopleCreateController.php b/src/applications/people/controller/PhabricatorPeopleCreateController.php
--- a/src/applications/people/controller/PhabricatorPeopleCreateController.php
+++ b/src/applications/people/controller/PhabricatorPeopleCreateController.php
@@ -3,8 +3,9 @@
final class PhabricatorPeopleCreateController
extends PhabricatorPeopleController {
- public function processRequest() {
- $request = $this->getRequest();
+ public function handleRequest(AphrontRequest $request) {
+ $this->requireApplicationCapability(
+ PeopleCreateUsersCapability::CAPABILITY);
$admin = $request->getUser();
id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession(
diff --git a/src/applications/people/controller/PhabricatorPeopleLdapController.php b/src/applications/people/controller/PhabricatorPeopleLdapController.php
--- a/src/applications/people/controller/PhabricatorPeopleLdapController.php
+++ b/src/applications/people/controller/PhabricatorPeopleLdapController.php
@@ -3,9 +3,9 @@
final class PhabricatorPeopleLdapController
extends PhabricatorPeopleController {
- public function processRequest() {
-
- $request = $this->getRequest();
+ public function handleRequest(AphrontRequest $request) {
+ $this->requireApplicationCapability(
+ PeopleCreateUsersCapability::CAPABILITY);
$admin = $request->getUser();
$content = array();
diff --git a/src/applications/people/controller/PhabricatorPeopleNewController.php b/src/applications/people/controller/PhabricatorPeopleNewController.php
--- a/src/applications/people/controller/PhabricatorPeopleNewController.php
+++ b/src/applications/people/controller/PhabricatorPeopleNewController.php
@@ -3,17 +3,13 @@
final class PhabricatorPeopleNewController
extends PhabricatorPeopleController {
- private $type;
-
- public function willProcessRequest(array $data) {
- $this->type = $data['type'];
- }
-
- public function processRequest() {
- $request = $this->getRequest();
+ public function handleRequest(AphrontRequest $request) {
+ $this->requireApplicationCapability(
+ PeopleCreateUsersCapability::CAPABILITY);
+ $type = $request->getURIData('type');
$admin = $request->getUser();
- switch ($this->type) {
+ switch ($type) {
case 'standard':
$is_bot = false;
break;
@@ -36,7 +32,6 @@
$new_email = null;
- $request = $this->getRequest();
if ($request->isFormPost()) {
$welcome_checked = $request->getInt('welcome');

File Metadata

Mime Type
text/plain
Expires
Thu, May 9, 7:44 PM (3 w, 4 d ago)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
6275867
Default Alt Text
D11357.diff (5 KB)

Event Timeline

Phabricator · Built by Phacility