Page MenuHomePhabricator

D7573.diff

diff --git a/src/__phutil_library_map__.php b/src/__phutil_library_map__.php
--- a/src/__phutil_library_map__.php
+++ b/src/__phutil_library_map__.php
@@ -1082,6 +1082,7 @@
'PhabricatorAuthManagementRecoverWorkflow' => 'applications/auth/management/PhabricatorAuthManagementRecoverWorkflow.php',
'PhabricatorAuthManagementRefreshWorkflow' => 'applications/auth/management/PhabricatorAuthManagementRefreshWorkflow.php',
'PhabricatorAuthManagementWorkflow' => 'applications/auth/management/PhabricatorAuthManagementWorkflow.php',
+ 'PhabricatorAuthNeedsApprovalController' => 'applications/auth/controller/PhabricatorAuthNeedsApprovalController.php',
'PhabricatorAuthNewController' => 'applications/auth/controller/config/PhabricatorAuthNewController.php',
'PhabricatorAuthOldOAuthRedirectController' => 'applications/auth/controller/PhabricatorAuthOldOAuthRedirectController.php',
'PhabricatorAuthProvider' => 'applications/auth/provider/PhabricatorAuthProvider.php',
@@ -1600,7 +1601,9 @@
'PhabricatorPasteTransactionComment' => 'applications/paste/storage/PhabricatorPasteTransactionComment.php',
'PhabricatorPasteTransactionQuery' => 'applications/paste/query/PhabricatorPasteTransactionQuery.php',
'PhabricatorPasteViewController' => 'applications/paste/controller/PhabricatorPasteViewController.php',
+ 'PhabricatorPeopleApproveController' => 'applications/people/controller/PhabricatorPeopleApproveController.php',
'PhabricatorPeopleController' => 'applications/people/controller/PhabricatorPeopleController.php',
+ 'PhabricatorPeopleDisableController' => 'applications/people/controller/PhabricatorPeopleDisableController.php',
'PhabricatorPeopleEditController' => 'applications/people/controller/PhabricatorPeopleEditController.php',
'PhabricatorPeopleHovercardEventListener' => 'applications/people/event/PhabricatorPeopleHovercardEventListener.php',
'PhabricatorPeopleLdapController' => 'applications/people/controller/PhabricatorPeopleLdapController.php',
@@ -3445,6 +3448,7 @@
'PhabricatorAuthManagementRecoverWorkflow' => 'PhabricatorAuthManagementWorkflow',
'PhabricatorAuthManagementRefreshWorkflow' => 'PhabricatorAuthManagementWorkflow',
'PhabricatorAuthManagementWorkflow' => 'PhutilArgumentWorkflow',
+ 'PhabricatorAuthNeedsApprovalController' => 'PhabricatorAuthController',
'PhabricatorAuthNewController' => 'PhabricatorAuthProviderConfigController',
'PhabricatorAuthOldOAuthRedirectController' => 'PhabricatorAuthController',
'PhabricatorAuthProviderConfig' =>
@@ -4011,7 +4015,9 @@
'PhabricatorPasteTransactionComment' => 'PhabricatorApplicationTransactionComment',
'PhabricatorPasteTransactionQuery' => 'PhabricatorApplicationTransactionQuery',
'PhabricatorPasteViewController' => 'PhabricatorPasteController',
+ 'PhabricatorPeopleApproveController' => 'PhabricatorPeopleController',
'PhabricatorPeopleController' => 'PhabricatorController',
+ 'PhabricatorPeopleDisableController' => 'PhabricatorPeopleController',
'PhabricatorPeopleEditController' => 'PhabricatorPeopleController',
'PhabricatorPeopleHovercardEventListener' => 'PhabricatorEventListener',
'PhabricatorPeopleLdapController' => 'PhabricatorPeopleController',
diff --git a/src/applications/auth/controller/PhabricatorAuthNeedsApprovalController.php b/src/applications/auth/controller/PhabricatorAuthNeedsApprovalController.php
new file mode 100644
--- /dev/null
+++ b/src/applications/auth/controller/PhabricatorAuthNeedsApprovalController.php
@@ -0,0 +1,36 @@
+<?php
+
+final class PhabricatorAuthNeedsApprovalController
+ extends PhabricatorAuthController {
+
+ public function shouldRequireLogin() {
+ return false;
+ }
+
+ public function shouldRequireEmailVerification() {
+ return false;
+ }
+
+ public function processRequest() {
+ $request = $this->getRequest();
+ $user = $request->getUser();
+
+ $wait_for_approval = pht(
+ "Your account has been created, but needs to be approved by an ".
+ "administrator. You'll receive an email once your account is approved.");
+
+ $dialog = id(new AphrontDialogView())
+ ->setUser($user)
+ ->setTitle(pht('Wait for Approval'))
+ ->appendChild($wait_for_approval)
+ ->addCancelButton('/', pht('Wait Patiently'));
+
+ return $this->buildApplicationPage(
+ $dialog,
+ array(
+ 'title' => pht('Wait For Approval'),
+ 'device' => true,
+ ));
+ }
+
+}
diff --git a/src/applications/base/controller/PhabricatorController.php b/src/applications/base/controller/PhabricatorController.php
--- a/src/applications/base/controller/PhabricatorController.php
+++ b/src/applications/base/controller/PhabricatorController.php
@@ -120,6 +120,11 @@
return $this->delegateToController($controller);
}
}
+ if (!$user->getIsApproved()) {
+ $controller = new PhabricatorAuthNeedsApprovalController($request);
+ $this->setCurrentApplication($auth_application);
+ return $this->delegateToController($controller);
+ }
}
// If the user doesn't have access to the application, don't let them use
diff --git a/src/applications/people/application/PhabricatorApplicationPeople.php b/src/applications/people/application/PhabricatorApplicationPeople.php
--- a/src/applications/people/application/PhabricatorApplicationPeople.php
+++ b/src/applications/people/application/PhabricatorApplicationPeople.php
@@ -41,6 +41,8 @@
'/people/' => array(
'(query/(?P<key>[^/]+)/)?' => 'PhabricatorPeopleListController',
'logs/' => 'PhabricatorPeopleLogsController',
+ 'approve/(?P<id>[1-9]\d*)/' => 'PhabricatorPeopleApproveController',
+ 'disable/(?P<id>[1-9]\d*)/' => 'PhabricatorPeopleDisableController',
'edit/(?:(?P<id>[1-9]\d*)/(?:(?P<view>\w+)/)?)?'
=> 'PhabricatorPeopleEditController',
'ldap/' => 'PhabricatorPeopleLdapController',
diff --git a/src/applications/people/controller/PhabricatorPeopleApproveController.php b/src/applications/people/controller/PhabricatorPeopleApproveController.php
new file mode 100644
--- /dev/null
+++ b/src/applications/people/controller/PhabricatorPeopleApproveController.php
@@ -0,0 +1,66 @@
+<?php
+
+final class PhabricatorPeopleApproveController
+ extends PhabricatorPeopleController {
+
+ private $id;
+
+ public function willProcessRequest(array $data) {
+ $this->id = idx($data, 'id');
+ }
+
+ public function processRequest() {
+
+ $request = $this->getRequest();
+ $admin = $request->getUser();
+
+ $user = id(new PhabricatorPeopleQuery())
+ ->setViewer($admin)
+ ->withIDs(array($this->id))
+ ->executeOne();
+ if (!$user) {
+ return new Aphront404Response();
+ }
+
+ $done_uri = $this->getApplicationURI('query/approval/');
+
+ if ($request->isFormPost()) {
+ id(new PhabricatorUserEditor())
+ ->setActor($admin)
+ ->approveUser($user, true);
+
+ $title = pht(
+ 'Phabricator Account "%s" Approved',
+ $user->getUsername(),
+ $admin->getUsername());
+
+ $body = pht(
+ "Your Phabricator account (%s) has been approved by %s. You can ".
+ "login here:\n\n %s\n\n",
+ $user->getUsername(),
+ $admin->getUsername(),
+ PhabricatorEnv::getProductionURI('/'));
+
+ $mail = id(new PhabricatorMetaMTAMail())
+ ->addTos(array($user->getPHID()))
+ ->addCCs(array($admin->getPHID()))
+ ->setSubject('[Phabricator] '.$title)
+ ->setBody($body)
+ ->saveAndSend();
+
+ return id(new AphrontRedirectResponse())->setURI($done_uri);
+ }
+
+ $dialog = id(new AphrontDialogView())
+ ->setUser($admin)
+ ->setTitle(pht('Confirm Approval'))
+ ->appendChild(
+ pht(
+ 'Allow %s to access this Phabricator install?',
+ phutil_tag('strong', array(), $user->getUsername())))
+ ->addCancelButton($done_uri)
+ ->addSubmitButton(pht('Approve Account'));
+
+ return id(new AphrontDialogResponse())->setDialog($dialog);
+ }
+}
diff --git a/src/applications/people/controller/PhabricatorPeopleDisableController.php b/src/applications/people/controller/PhabricatorPeopleDisableController.php
new file mode 100644
--- /dev/null
+++ b/src/applications/people/controller/PhabricatorPeopleDisableController.php
@@ -0,0 +1,48 @@
+<?php
+
+final class PhabricatorPeopleDisableController
+ extends PhabricatorPeopleController {
+
+ private $id;
+
+ public function willProcessRequest(array $data) {
+ $this->id = idx($data, 'id');
+ }
+
+ public function processRequest() {
+
+ $request = $this->getRequest();
+ $admin = $request->getUser();
+
+ $user = id(new PhabricatorPeopleQuery())
+ ->setViewer($admin)
+ ->withIDs(array($this->id))
+ ->executeOne();
+ if (!$user) {
+ return new Aphront404Response();
+ }
+
+ $done_uri = $this->getApplicationURI('query/approval/');
+
+ if ($request->isFormPost()) {
+ id(new PhabricatorUserEditor())
+ ->setActor($admin)
+ ->disableUser($user, true);
+
+ return id(new AphrontRedirectResponse())->setURI($done_uri);
+ }
+
+ $dialog = id(new AphrontDialogView())
+ ->setUser($admin)
+ ->setTitle(pht('Confirm Disable'))
+ ->appendChild(
+ pht(
+ 'Disable %s? They will no longer be able to access Phabricator or '.
+ 'receive email.',
+ phutil_tag('strong', array(), $user->getUsername())))
+ ->addCancelButton($done_uri)
+ ->addSubmitButton(pht('Disable Account'));
+
+ return id(new AphrontDialogResponse())->setDialog($dialog);
+ }
+}
diff --git a/src/applications/people/controller/PhabricatorPeopleListController.php b/src/applications/people/controller/PhabricatorPeopleListController.php
--- a/src/applications/people/controller/PhabricatorPeopleListController.php
+++ b/src/applications/people/controller/PhabricatorPeopleListController.php
@@ -38,6 +38,8 @@
$list = new PHUIObjectItemListView();
+ $is_approval = ($query->getQueryKey() == 'approval');
+
foreach ($users as $user) {
$primary_email = $user->loadPrimaryEmail();
if ($primary_email && $primary_email->getIsVerified()) {
@@ -61,8 +63,10 @@
$item->addIcon('disable', pht('Disabled'));
}
- if (!$user->getIsApproved()) {
- $item->addIcon('raise-priority', pht('Not Approved'));
+ if (!$is_approval) {
+ if (!$user->getIsApproved()) {
+ $item->addIcon('perflab-grey', pht('Needs Approval'));
+ }
}
if ($user->getIsAdmin()) {
@@ -74,11 +78,26 @@
}
if ($viewer->getIsAdmin()) {
- $uid = $user->getID();
- $item->addAction(
- id(new PHUIListItemView())
- ->setIcon('edit')
- ->setHref($this->getApplicationURI('edit/'.$uid.'/')));
+ $user_id = $user->getID();
+ if ($is_approval) {
+ $item->addAction(
+ id(new PHUIListItemView())
+ ->setIcon('disable')
+ ->setName(pht('Disable'))
+ ->setWorkflow(true)
+ ->setHref($this->getApplicationURI('disable/'.$user_id.'/')));
+ $item->addAction(
+ id(new PHUIListItemView())
+ ->setIcon('like')
+ ->setName(pht('Approve'))
+ ->setWorkflow(true)
+ ->setHref($this->getApplicationURI('approve/'.$user_id.'/')));
+ } else {
+ $item->addAction(
+ id(new PHUIListItemView())
+ ->setIcon('edit')
+ ->setHref($this->getApplicationURI('edit/'.$user_id.'/')));
+ }
}
$list->addItem($item);
diff --git a/src/applications/people/editor/PhabricatorUserEditor.php b/src/applications/people/editor/PhabricatorUserEditor.php
--- a/src/applications/people/editor/PhabricatorUserEditor.php
+++ b/src/applications/people/editor/PhabricatorUserEditor.php
@@ -297,6 +297,44 @@
/**
* @task role
*/
+ public function approveUser(PhabricatorUser $user, $approve) {
+ $actor = $this->requireActor();
+
+ if (!$user->getID()) {
+ throw new Exception("User has not been created yet!");
+ }
+
+ $user->openTransaction();
+ $user->beginWriteLocking();
+
+ $user->reload();
+ if ($user->getIsApproved() == $approve) {
+ $user->endWriteLocking();
+ $user->killTransaction();
+ return $this;
+ }
+
+ $log = PhabricatorUserLog::newLog(
+ $actor,
+ $user,
+ PhabricatorUserLog::ACTION_APPROVE);
+ $log->setOldValue($user->getIsApproved());
+ $log->setNewValue($approve);
+
+ $user->setIsApproved($approve);
+ $user->save();
+
+ $log->save();
+
+ $user->endWriteLocking();
+ $user->saveTransaction();
+
+ return $this;
+ }
+
+ /**
+ * @task role
+ */
public function deleteUser(PhabricatorUser $user, $disable) {
$actor = $this->requireActor();
diff --git a/src/applications/people/query/PhabricatorPeopleQuery.php b/src/applications/people/query/PhabricatorPeopleQuery.php
--- a/src/applications/people/query/PhabricatorPeopleQuery.php
+++ b/src/applications/people/query/PhabricatorPeopleQuery.php
@@ -13,6 +13,7 @@
private $isAdmin;
private $isSystemAgent;
private $isDisabled;
+ private $isApproved;
private $nameLike;
private $needPrimaryEmail;
@@ -70,6 +71,11 @@
return $this;
}
+ public function withIsApproved($approved) {
+ $this->isApproved = $approved;
+ return $this;
+ }
+
public function withNameLike($like) {
$this->nameLike = $like;
return $this;
@@ -249,10 +255,18 @@
'user.isAdmin = 1');
}
- if ($this->isDisabled) {
+ if ($this->isDisabled !== null) {
+ $where[] = qsprintf(
+ $conn_r,
+ 'user.isDisabled = %d',
+ (int)$this->isDisabled);
+ }
+
+ if ($this->isApproved !== null) {
$where[] = qsprintf(
$conn_r,
- 'user.isDisabled = 1');
+ 'user.isApproved = %d',
+ (int)$this->isApproved);
}
if ($this->isSystemAgent) {
diff --git a/src/applications/people/query/PhabricatorPeopleSearchEngine.php b/src/applications/people/query/PhabricatorPeopleSearchEngine.php
--- a/src/applications/people/query/PhabricatorPeopleSearchEngine.php
+++ b/src/applications/people/query/PhabricatorPeopleSearchEngine.php
@@ -15,6 +15,7 @@
$saved->setParameter('isAdmin', $request->getStr('isAdmin'));
$saved->setParameter('isDisabled', $request->getStr('isDisabled'));
$saved->setParameter('isSystemAgent', $request->getStr('isSystemAgent'));
+ $saved->setParameter('needsApproval', $request->getStr('needsApproval'));
$saved->setParameter('createdStart', $request->getStr('createdStart'));
$saved->setParameter('createdEnd', $request->getStr('createdEnd'));
@@ -40,19 +41,27 @@
$is_admin = $saved->getParameter('isAdmin');
$is_disabled = $saved->getParameter('isDisabled');
$is_system_agent = $saved->getParameter('isSystemAgent');
+ $needs_approval = $saved->getParameter('needsApproval');
+ $no_disabled = $saved->getParameter('noDisabled');
if ($is_admin) {
$query->withIsAdmin(true);
}
if ($is_disabled) {
$query->withIsDisabled(true);
+ } else if ($no_disabled) {
+ $query->withIsDisabled(false);
}
if ($is_system_agent) {
$query->withIsSystemAgent(true);
}
+ if ($needs_approval) {
+ $query->withIsApproved(false);
+ }
+
$start = $this->parseDateTime($saved->getParameter('createdStart'));
$end = $this->parseDateTime($saved->getParameter('createdEnd'));
@@ -79,6 +88,7 @@
$is_admin = $saved->getParameter('isAdmin');
$is_disabled = $saved->getParameter('isDisabled');
$is_system_agent = $saved->getParameter('isSystemAgent');
+ $needs_approval = $saved->getParameter('needsApproval');
$form
->appendChild(
@@ -108,7 +118,12 @@
'isSystemAgent',
1,
pht('Show only System Agents.'),
- $is_system_agent));
+ $is_system_agent)
+ ->addCheckbox(
+ 'needsApproval',
+ 1,
+ pht('Show only users who need approval.'),
+ $needs_approval));
$this->appendCustomFieldsToForm($form, $saved);
@@ -130,6 +145,11 @@
'all' => pht('All'),
);
+ $viewer = $this->requireViewer();
+ if ($viewer->getIsAdmin()) {
+ $names['approval'] = pht('Approval Queue');
+ }
+
return $names;
}
@@ -140,6 +160,10 @@
switch ($query_key) {
case 'all':
return $query;
+ case 'approval':
+ return $query
+ ->setParameter('needsApproval', true)
+ ->setParameter('noDisabled', true);
}
return parent::buildSavedQueryFromBuiltin($query_key);
diff --git a/src/applications/people/storage/PhabricatorUserLog.php b/src/applications/people/storage/PhabricatorUserLog.php
--- a/src/applications/people/storage/PhabricatorUserLog.php
+++ b/src/applications/people/storage/PhabricatorUserLog.php
@@ -13,6 +13,7 @@
const ACTION_ADMIN = 'admin';
const ACTION_SYSTEM_AGENT = 'system-agent';
const ACTION_DISABLE = 'disable';
+ const ACTION_APPROVE = 'approve';
const ACTION_DELETE = 'delete';
const ACTION_CONDUIT_CERTIFICATE = 'conduit-cert';

File Metadata

Mime Type
text/x-diff
Storage Engine
amazon-s3
Storage Format
Raw Data
Storage Handle
phabricator/cn/xy/t3sftjscmnb5z5hi
Default Alt Text
D7573.diff (17 KB)

Event Timeline