Page MenuHomePhabricator

D11356.id27282.diff
No OneTemporary

D11356.id27282.diff

diff --git a/src/__phutil_library_map__.php b/src/__phutil_library_map__.php
--- a/src/__phutil_library_map__.php
+++ b/src/__phutil_library_map__.php
@@ -179,6 +179,7 @@
'AuditActionMenuEventListener' => 'applications/audit/events/AuditActionMenuEventListener.php',
'AuditConduitAPIMethod' => 'applications/audit/conduit/AuditConduitAPIMethod.php',
'AuditQueryConduitAPIMethod' => 'applications/audit/conduit/AuditQueryConduitAPIMethod.php',
+ 'AuthManageProvidersCapability' => 'applications/auth/capability/AuthManageProvidersCapability.php',
'CalendarColors' => 'applications/calendar/constants/CalendarColors.php',
'CalendarConstants' => 'applications/calendar/constants/CalendarConstants.php',
'CalendarTimeUtil' => 'applications/calendar/util/CalendarTimeUtil.php',
@@ -3256,6 +3257,7 @@
'AuditActionMenuEventListener' => 'PhabricatorEventListener',
'AuditConduitAPIMethod' => 'ConduitAPIMethod',
'AuditQueryConduitAPIMethod' => 'AuditConduitAPIMethod',
+ 'AuthManageProvidersCapability' => 'PhabricatorPolicyCapability',
'CalendarColors' => 'CalendarConstants',
'CalendarTimeUtilTestCase' => 'PhabricatorTestCase',
'CelerityManagementMapWorkflow' => 'CelerityManagementWorkflow',
diff --git a/src/applications/auth/application/PhabricatorAuthApplication.php b/src/applications/auth/application/PhabricatorAuthApplication.php
--- a/src/applications/auth/application/PhabricatorAuthApplication.php
+++ b/src/applications/auth/application/PhabricatorAuthApplication.php
@@ -144,4 +144,9 @@
);
}
+ protected function getCustomCapabilities() {
+ return array(
+ AuthManageProvidersCapability::CAPABILITY => array(),
+ );
+ }
}
diff --git a/src/applications/auth/capability/AuthManageProvidersCapability.php b/src/applications/auth/capability/AuthManageProvidersCapability.php
new file mode 100644
--- /dev/null
+++ b/src/applications/auth/capability/AuthManageProvidersCapability.php
@@ -0,0 +1,17 @@
+<?php
+
+final class AuthManageProvidersCapability
+ extends PhabricatorPolicyCapability {
+
+ const CAPABILITY = 'auth.manage.providers';
+
+ public function getCapabilityName() {
+ return pht('Can Manage Auth Providers');
+ }
+
+ public function describeCapabilityRejection() {
+ return pht(
+ 'You do not have permission to manage authentication providers.');
+ }
+
+}
diff --git a/src/applications/auth/controller/config/PhabricatorAuthEditController.php b/src/applications/auth/controller/config/PhabricatorAuthEditController.php
--- a/src/applications/auth/controller/config/PhabricatorAuthEditController.php
+++ b/src/applications/auth/controller/config/PhabricatorAuthEditController.php
@@ -3,19 +3,14 @@
final class PhabricatorAuthEditController
extends PhabricatorAuthProviderConfigController {
- private $providerClass;
- private $configID;
-
- public function willProcessRequest(array $data) {
- $this->providerClass = idx($data, 'className');
- $this->configID = idx($data, 'id');
- }
-
- public function processRequest() {
- $request = $this->getRequest();
+ public function handleRequest(AphrontRequest $request) {
+ $this->requireApplicationCapability(
+ AuthManageProvidersCapability::CAPABILITY);
$viewer = $request->getUser();
+ $provider_class = $request->getURIData('className');
+ $config_id = $request->getURIData('configID');
- if ($this->configID) {
+ if ($config_id) {
$config = id(new PhabricatorAuthProviderConfigQuery())
->setViewer($viewer)
->requireCapabilities(
@@ -23,7 +18,7 @@
PhabricatorPolicyCapability::CAN_VIEW,
PhabricatorPolicyCapability::CAN_EDIT,
))
- ->withIDs(array($this->configID))
+ ->withIDs(array($config_id))
->executeOne();
if (!$config) {
return new Aphront404Response();
@@ -38,7 +33,7 @@
} else {
$providers = PhabricatorAuthProvider::getAllBaseProviders();
foreach ($providers as $candidate_provider) {
- if (get_class($candidate_provider) === $this->providerClass) {
+ if (get_class($candidate_provider) === $provider_class) {
$provider = $candidate_provider;
break;
}
diff --git a/src/applications/auth/controller/config/PhabricatorAuthNewController.php b/src/applications/auth/controller/config/PhabricatorAuthNewController.php
--- a/src/applications/auth/controller/config/PhabricatorAuthNewController.php
+++ b/src/applications/auth/controller/config/PhabricatorAuthNewController.php
@@ -3,7 +3,9 @@
final class PhabricatorAuthNewController
extends PhabricatorAuthProviderConfigController {
- public function processRequest() {
+ public function handleRequest(AphrontRequest $request) {
+ $this->requireApplicationCapability(
+ AuthManageProvidersCapability::CAPABILITY);
$request = $this->getRequest();
$viewer = $request->getUser();

File Metadata

Mime Type
text/plain
Expires
Mon, Mar 17, 1:24 PM (1 d, 7 h ago)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
7708402
Default Alt Text
D11356.id27282.diff (4 KB)

Event Timeline