Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F15431391
D19607.id.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
5 KB
Referenced Files
None
Subscribers
None
D19607.id.diff
View Options
diff --git a/src/applications/people/controller/PhabricatorPeopleApproveController.php b/src/applications/people/controller/PhabricatorPeopleApproveController.php
--- a/src/applications/people/controller/PhabricatorPeopleApproveController.php
+++ b/src/applications/people/controller/PhabricatorPeopleApproveController.php
@@ -16,6 +16,13 @@
$done_uri = $this->getApplicationURI('query/approval/');
+ if ($user->getIsApproved()) {
+ return $this->newDialog()
+ ->setTitle(pht('Already Approved'))
+ ->appendChild(pht('This user has already been approved.'))
+ ->addCancelButton($done_uri);
+ }
+
if ($request->isFormPost()) {
id(new PhabricatorUserEditor())
->setActor($viewer)
diff --git a/src/applications/people/controller/PhabricatorPeopleDisableController.php b/src/applications/people/controller/PhabricatorPeopleDisableController.php
--- a/src/applications/people/controller/PhabricatorPeopleDisableController.php
+++ b/src/applications/people/controller/PhabricatorPeopleDisableController.php
@@ -3,10 +3,14 @@
final class PhabricatorPeopleDisableController
extends PhabricatorPeopleController {
+ public function shouldRequireAdmin() {
+ return false;
+ }
+
public function handleRequest(AphrontRequest $request) {
$viewer = $this->getViewer();
$id = $request->getURIData('id');
- $via = $request->getURIData('id');
+ $via = $request->getURIData('via');
$user = id(new PhabricatorPeopleQuery())
->setViewer($viewer)
@@ -20,11 +24,36 @@
// on profiles and also via the "X" action on the approval queue. We do
// things slightly differently depending on the context the actor is in.
+ // In particular, disabling via "Disapprove" requires you be an
+ // administrator (and bypasses the "Can Disable Users" permission).
+ // Disabling via "Disable" requires the permission only.
+
$is_disapprove = ($via == 'disapprove');
if ($is_disapprove) {
$done_uri = $this->getApplicationURI('query/approval/');
+
+ if (!$viewer->getIsAdmin()) {
+ return $this->newDialog()
+ ->setTitle(pht('No Permission'))
+ ->appendParagraph(pht('Only administrators can disapprove users.'))
+ ->addCancelButton($done_uri);
+ }
+
+ if ($user->getIsApproved()) {
+ return $this->newDialog()
+ ->setTitle(pht('Already Approved'))
+ ->appendParagraph(pht('This user has already been approved.'))
+ ->addCancelButton($done_uri);
+ }
+
+ // On the "Disapprove" flow, bypass the "Can Disable Users" permission.
+ $actor = PhabricatorUser::getOmnipotentUser();
$should_disable = true;
} else {
+ $this->requireApplicationCapability(
+ PeopleDisableUsersCapability::CAPABILITY);
+
+ $actor = $viewer;
$done_uri = $this->getApplicationURI("manage/{$id}/");
$should_disable = !$user->getIsDisabled();
}
@@ -46,7 +75,8 @@
->setNewValue($should_disable);
id(new PhabricatorUserTransactionEditor())
- ->setActor($viewer)
+ ->setActor($actor)
+ ->setActingAsPHID($viewer->getPHID())
->setContentSourceFromRequest($request)
->setContinueOnMissingFields(true)
->setContinueOnNoEffect(true)
diff --git a/src/applications/people/controller/PhabricatorPeopleProfileManageController.php b/src/applications/people/controller/PhabricatorPeopleProfileManageController.php
--- a/src/applications/people/controller/PhabricatorPeopleProfileManageController.php
+++ b/src/applications/people/controller/PhabricatorPeopleProfileManageController.php
@@ -75,11 +75,22 @@
private function buildCurtain(PhabricatorUser $user) {
$viewer = $this->getViewer();
+ $is_self = ($user->getPHID() === $viewer->getPHID());
+
$can_edit = PhabricatorPolicyFilter::hasCapability(
$viewer,
$user,
PhabricatorPolicyCapability::CAN_EDIT);
+ $is_admin = $viewer->getIsAdmin();
+ $can_admin = ($is_admin && !$is_self);
+
+ $has_disable = $this->hasApplicationCapability(
+ PeopleDisableUsersCapability::CAPABILITY);
+ $can_disable = ($has_disable && !$is_self);
+
+ $can_welcome = ($is_admin && $user->canEstablishWebSessions());
+
$curtain = $this->newCurtainView($user);
$curtain->addAction(
@@ -114,10 +125,6 @@
$empower_name = pht('Make Administrator');
}
- $is_admin = $viewer->getIsAdmin();
- $is_self = ($user->getPHID() === $viewer->getPHID());
- $can_admin = ($is_admin && !$is_self);
-
$curtain->addAction(
id(new PhabricatorActionView())
->setIcon($empower_icon)
@@ -146,7 +153,7 @@
id(new PhabricatorActionView())
->setIcon($disable_icon)
->setName($disable_name)
- ->setDisabled(!$can_admin)
+ ->setDisabled(!$can_disable)
->setWorkflow(true)
->setHref($this->getApplicationURI('disable/'.$user->getID().'/')));
@@ -158,8 +165,6 @@
->setWorkflow(true)
->setHref($this->getApplicationURI('delete/'.$user->getID().'/')));
- $can_welcome = ($is_admin && $user->canEstablishWebSessions());
-
$curtain->addAction(
id(new PhabricatorActionView())
->setIcon('fa-envelope')
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Tue, Mar 25, 12:05 PM (1 w, 3 d ago)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
7715132
Default Alt Text
D19607.id.diff (5 KB)
Attached To
Mode
D19607: Align web UI "Disable" and "Approve/Disapprove" flows with new "Can Disable Users" permission
Attached
Detach File
Event Timeline
Log In to Comment