Page MenuHomePhabricator
Files F15436222

D19606.id46871.diff
No OneTemporary
Actions

D19606.id46871.diff
View Options

diff --git a/src/__phutil_library_map__.php b/src/__phutil_library_map__.php
--- a/src/__phutil_library_map__.php
+++ b/src/__phutil_library_map__.php
@@ -2042,6 +2042,7 @@
'PasteSearchConduitAPIMethod' => 'applications/paste/conduit/PasteSearchConduitAPIMethod.php',
'PeopleBrowseUserDirectoryCapability' => 'applications/people/capability/PeopleBrowseUserDirectoryCapability.php',
'PeopleCreateUsersCapability' => 'applications/people/capability/PeopleCreateUsersCapability.php',
+ 'PeopleDisableUsersCapability' => 'applications/people/capability/PeopleDisableUsersCapability.php',
'PeopleHovercardEngineExtension' => 'applications/people/engineextension/PeopleHovercardEngineExtension.php',
'PeopleMainMenuBarExtension' => 'applications/people/engineextension/PeopleMainMenuBarExtension.php',
'PeopleUserLogGarbageCollector' => 'applications/people/garbagecollector/PeopleUserLogGarbageCollector.php',
@@ -7592,6 +7593,7 @@
'PasteSearchConduitAPIMethod' => 'PhabricatorSearchEngineAPIMethod',
'PeopleBrowseUserDirectoryCapability' => 'PhabricatorPolicyCapability',
'PeopleCreateUsersCapability' => 'PhabricatorPolicyCapability',
+ 'PeopleDisableUsersCapability' => 'PhabricatorPolicyCapability',
'PeopleHovercardEngineExtension' => 'PhabricatorHovercardEngineExtension',
'PeopleMainMenuBarExtension' => 'PhabricatorMainMenuBarExtension',
'PeopleUserLogGarbageCollector' => 'PhabricatorGarbageCollector',
diff --git a/src/applications/people/application/PhabricatorPeopleApplication.php b/src/applications/people/application/PhabricatorPeopleApplication.php
--- a/src/applications/people/application/PhabricatorPeopleApplication.php
+++ b/src/applications/people/application/PhabricatorPeopleApplication.php
@@ -97,6 +97,9 @@
PeopleCreateUsersCapability::CAPABILITY => array(
'default' => PhabricatorPolicies::POLICY_ADMIN,
),
+ PeopleDisableUsersCapability::CAPABILITY => array(
+ 'default' => PhabricatorPolicies::POLICY_ADMIN,
+ ),
PeopleBrowseUserDirectoryCapability::CAPABILITY => array(),
);
}
diff --git a/src/applications/people/capability/PeopleDisableUsersCapability.php b/src/applications/people/capability/PeopleDisableUsersCapability.php
new file mode 100644
--- /dev/null
+++ b/src/applications/people/capability/PeopleDisableUsersCapability.php
@@ -0,0 +1,16 @@
+<?php
+
+final class PeopleDisableUsersCapability
+ extends PhabricatorPolicyCapability {
+
+ const CAPABILITY = 'people.disable.users';
+
+ public function getCapabilityName() {
+ return pht('Can Disable Users');
+ }
+
+ public function describeCapabilityRejection() {
+ return pht('You do not have permission to disable or enable users.');
+ }
+
+}
diff --git a/src/applications/people/xaction/PhabricatorUserDisableTransaction.php b/src/applications/people/xaction/PhabricatorUserDisableTransaction.php
--- a/src/applications/people/xaction/PhabricatorUserDisableTransaction.php
+++ b/src/applications/people/xaction/PhabricatorUserDisableTransaction.php
@@ -60,6 +60,10 @@
continue;
}
+ // You must have the "Can Disable Users" permission to disable a user.
+ $this->requireApplicationCapability(
+ PeopleDisableUsersCapability::CAPABILITY);
+
if ($this->getActingAsPHID() === $object->getPHID()) {
$errors[] = $this->newInvalidError(
pht('You can not enable or disable your own account.'));
@@ -69,4 +73,14 @@
return $errors;
}
+ public function getRequiredCapabilities(
+ $object,
+ PhabricatorApplicationTransaction $xaction) {
+
+ // You do not need to be able to edit users to disable them. Instead, this
+ // requirement is replaced with a requirement that you have the "Can
+ // Disable Users" permission.
+
+ return null;
+ }
}

File Metadata

Mime Type
text/plain
Expires
Wed, Mar 26, 12:44 PM (2 w, 1 d ago)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
7720469
Default Alt Text
D19606.id46871.diff (3 KB)

Event Timeline

Phabricator · Built by Phacility