Page MenuHomePhabricator
Create Task
Maniphest T7508

"Create New User" should be shown to all users
Closed, WontfixPublic
Actions

Description

It seems that the "Create New User" button is hidden unless the user has the necessary permissions. This is inconsistent with other applications in which these actions are visible, but greyed out.

Event Timeline

joshuaspence created this task.Mar 8 2015, 4:38 AM
joshuaspence raised the priority of this task from to Needs Triage.
joshuaspence updated the task description. (Show Details)
joshuaspence added a project: People.
joshuaspence added a subscriber: joshuaspence.

Specifically, PhabricatorPeopleListController has this code:

if ($can_create) {
  $crumbs->addAction(
    id(new PHUIListItemView())
    ->setName(pht('Create New User'))
    ->setHref($this->getApplicationURI('create/'))
    ->setIcon('fa-plus-square'));
}
chad closed this task as Wontfix.Mar 8 2015, 5:50 AM
chad claimed this task.
chad added a subscriber: chad.

We don't intend to pursue this direction with crumbs, most create actions will get moved elsewhere.

qgil added a subscriber: qgil.Mar 8 2015, 8:57 AM

... and in any case there are many instances where we don't show users what they don't have permissions to do anything with. I think this approach is correct, since it shows simpler and cleaner UIs to the majority of new/plain users.

joshuaspence added a comment.Mar 8 2015, 9:05 AM

It just seems inconsistent to sometimes hide the button and show a grayed-out button in other places.

epriestley added a subscriber: epriestley.Mar 8 2015, 10:59 AM

In a lot of cases, a user will have permission on some objects but not on others. For example, you can often "Edit Project" on some projects, but not on others. In these cases, the intended behavior is to always to show the action, but show it with a disabled style if it isn't available on that particular object. This makes the UI more consistent (the same actions are always available, and the actions are always in the same positions) and more discoverable (you can see that the action is available) and more comprehensible (you can click the action to figure out why you aren't allowed to take it).

In some other cases, a user is missing a more fundamental permission (usually "admin" or a similar permission). In some of these cases, we won't show that the action is available. The intent here is usually to simplify interfaces where there's no consistency issue and little value in making the feature discoverable or comprehensible. For example, we remove the "Disable User" and "Make Administrator" options on profiles if you aren't an administrator, because showing that these options exist doesn't seem very useful.

Between these two extremes, there is a spectrum of cases where the behavior is arguable, and we may not have all of these right.

In this case, the value of discovery seems low (it's obvious/intuitive that administrators probably have a way to create users somehow, so specifically knowing where the feature is as a non-administrator doesn't seem very useful) and it doesn't seem to aid in understanding the feature (it's similarly obvious/intuitive that this is a power reserved for administrators).

chad added a comment.Mar 8 2015, 3:47 PM

I probably have a slight preference for:

  • Anything truly "admin only" just disappears for regular users.
  • Anything "no permissions" is just grey.

But I don't think we've done that explicitly yet.

epriestley added a comment.Mar 8 2015, 5:33 PM

I think we're nearly consistent about that, although @joshuaspence caught at least a few other cases where we're missing the disabled style and there are probably a few cases that are arguable or ambiguous (for instance, user creation is no longer necessarily admin-only, it's just admin-only by default and at-most-admin-only in all reasonable setups we're aware of in the wild).

Phabricator · Built by Phacility