Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F18768787
D13120.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
8 KB
Referenced Files
None
Subscribers
None
D13120.diff
View Options
diff --git a/src/applications/conduit/controller/PhabricatorConduitAPIController.php b/src/applications/conduit/controller/PhabricatorConduitAPIController.php
--- a/src/applications/conduit/controller/PhabricatorConduitAPIController.php
+++ b/src/applications/conduit/controller/PhabricatorConduitAPIController.php
@@ -60,10 +60,6 @@
// CSRF validation or are using a non-web authentication mechanism.
$allow_unguarded_writes = true;
- if (isset($metadata['actAsUser'])) {
- $this->actAsUser($api_request, $metadata['actAsUser']);
- }
-
if ($auth_error === null) {
$conduit_user = $api_request->getUser();
if ($conduit_user && $conduit_user->getPHID()) {
@@ -164,44 +160,6 @@
}
/**
- * Change the api request user to the user that we want to act as.
- * Only admins can use actAsUser
- *
- * @param ConduitAPIRequest Request being executed.
- * @param string The username of the user we want to act as
- */
- private function actAsUser(
- ConduitAPIRequest $api_request,
- $user_name) {
-
- $config_key = 'security.allow-conduit-act-as-user';
- if (!PhabricatorEnv::getEnvConfig($config_key)) {
- throw new Exception(pht('%s is disabled.', $config_key));
- }
-
- if (!$api_request->getUser()->getIsAdmin()) {
- throw new Exception(
- pht(
- 'Only administrators can use %s.',
- __FUNCTION__));
- }
-
- $user = id(new PhabricatorUser())->loadOneWhere(
- 'userName = %s',
- $user_name);
-
- if (!$user) {
- throw new Exception(
- pht(
- "The %s username '%s' is not a valid user.",
- __FUNCTION__,
- $user_name));
- }
-
- $api_request->setUser($user);
- }
-
- /**
* Authenticate the client making the request to a Phabricator user account.
*
* @param ConduitAPIRequest Request being executed.
diff --git a/src/applications/config/check/PhabricatorExtraConfigSetupCheck.php b/src/applications/config/check/PhabricatorExtraConfigSetupCheck.php
--- a/src/applications/config/check/PhabricatorExtraConfigSetupCheck.php
+++ b/src/applications/config/check/PhabricatorExtraConfigSetupCheck.php
@@ -271,6 +271,9 @@
'metamta.maniphest.public-create-email' => $public_mail_reason,
'metamta.maniphest.default-public-author' => $public_mail_reason,
'metamta.paste.public-create-email' => $public_mail_reason,
+
+ 'security.allow-conduit-act-as-user' => pht(
+ 'Impersonating users over the API is no longer supported.'),
);
return $ancient_config;
diff --git a/src/applications/config/option/PhabricatorSecurityConfigOptions.php b/src/applications/config/option/PhabricatorSecurityConfigOptions.php
--- a/src/applications/config/option/PhabricatorSecurityConfigOptions.php
+++ b/src/applications/config/option/PhabricatorSecurityConfigOptions.php
@@ -278,22 +278,6 @@
'unsecured content over plain HTTP. It is very difficult to '.
'undo this change once users\' browsers have accepted the '.
'setting.')),
- $this->newOption('security.allow-conduit-act-as-user', 'bool', false)
- ->setBoolOptions(
- array(
- pht('Allow'),
- pht('Disallow'),
- ))
- ->setLocked(true)
- ->setSummary(
- pht('Allow administrators to use the Conduit API as other users.'))
- ->setDescription(
- pht(
- 'DEPRECATED - if you enable this, you are allowing '.
- 'administrators to act as any user via the Conduit API. '.
- 'Enabling this is not advised as it introduces a huge policy '.
- 'violation and has been obsoleted in functionality.')),
-
);
}
diff --git a/src/docs/user/userguide/users.diviner b/src/docs/user/userguide/users.diviner
--- a/src/docs/user/userguide/users.diviner
+++ b/src/docs/user/userguide/users.diviner
@@ -1,18 +1,24 @@
@title User Guide: Account Roles
@group userguide
-Describes account roles like "Administrator", "Disabled" and "Bot".
+Describes account roles like "Administrator", "Disabled", "Bot" and "Mailing
+List".
-= Overview =
+
+Overview
+========
When you create a user account, you can set roles like "Administrator",
-"Disabled" or "Bot". This document explains what these roles mean.
+"Disabled", "Bot" and "Mailing List". This document explains what these roles
+mean.
+
-= Administrators =
+Administrators
+==============
-**Administrators** are normal users with a few extra capabilities. Their primary
-role is to keep things running smoothly, and they are not all-powerful. In
-Phabricator, administrators are more like //janitors//.
+**Administrators** are normal users with a few extra capabilities. Their
+primary role is to keep things running smoothly, and they are not all-powerful.
+In Phabricator, administrators are more like //janitors//.
Administrators can create, delete, enable, disable, and approve user accounts.
Various applications have a few other capabilities which are reserved for
@@ -29,47 +35,68 @@
can't do much damage, and an attacker who compromises an administrator account
is limited in what they can accomplish.
-NOTE: Administrators currently //can// act on behalf of other users via Conduit.
-This will be locked down at some point.
-= Bot/Script Accounts =
+Bot Accounts
+============
-**Bot/Script** accounts are accounts for bots and scripts which need to
+**Bot** ("Robot") accounts are accounts for bots and scripts which need to
interface with the system, but are not regular users. Generally, when you write
-scripts that use Conduit (like the IRC bot), you should create a Bot/Script
-account for them.
-
-These accounts were previously called "System Agents", but were renamed to make
-things more clear.
+scripts that use the Conduit API, you should create a bot account for them.
-The **Bot/Script** role for an account can not be changed after the account is
+The **Bot** role for an account can not be changed after the account is
created. This prevents administrators form changing a normal user into a bot,
retrieving their Conduit certificate, and then changing them back (which
would allow administrators to gain other users' credentials).
-**Bot/Script** accounts differ from normal accounts in that:
+**Bot** accounts differ from normal accounts in that:
+ - they can not log in to the web UI;
- administrators can access them, edit settings, and retrieve credentials;
- they do not receive email;
- they appear with lower precedence in the UI when selecting users, with
a "Bot" note (because it usually does not make sense to, for example,
assign a task to a bot).
-= Disabled Users =
+
+Mailing Lists
+=============
+
+**Mailing List** accounts let you represent an existing external mailing list
+(like a Google Group or a Mailman list) as a user. You can subscribe this user
+to objects (like tasks) to send them mail.
+
+Because these accounts are also user accounts, they can be added to projects
+and affected by policies. The list won't receive mail about anything the
+underlying user account can't see.
+
+The **Mailing List** role for an account can not be changed after the account
+is created.
+
+**Mailing List** accounts differ from normal accounts in that they:
+
+ - can not log in;
+ - can not access the Conduit API;
+ - administrators can access them and edit settings; and
+ - they appear with lower precedence in the UI when selecting users, with
+ a "Mailing List" note.
+
+
+Disabled Users
+==============
**Disabled Users** are accounts that are no longer active. Generally, when
someone leaves a project (e.g., leaves your company, or their internship or
-contract ends) you should disable their account to terminate their access to the
-system. Disabled users:
+contract ends) you should disable their account to terminate their access to
+the system. Disabled users:
- can not login;
- - can not access Conduit;
+ - can not access the Conduit API;
- do not receive email; and
- appear with lower precedence in the UI when selecting users, with a
"Disabled" note (because it usually does not make sense to, for example,
assign a task to a disabled user).
While users can also be deleted, it is strongly recommended that you disable
-them instead if they interacted with any objects in the system. If you delete a
-user entirely, you won't be able to find things they used to own or restore
-their data later if they rejoin the project.
+them instead, particularly if they interacted with any objects in the system.
+If you delete a user entirely, you won't be able to find things they used to
+own or restore their data later if they rejoin the project.
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Thu, Oct 9, 5:23 AM (2 w, 1 d ago)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
8681821
Default Alt Text
D13120.diff (8 KB)
Attached To
Mode
D13120: Update account roles documentation and remove actAsUser
Attached
Detach File
Event Timeline
Log In to Comment