Changeset View
Changeset View
Standalone View
Standalone View
src/applications/base/controller/PhabricatorController.php
| Show First 20 Lines • Show All 131 Lines • ▼ Show 20 Lines | foreach ($restricted as $parameter) { | ||||
| 'attack.', | 'attack.', | ||||
| $parameter, | $parameter, | ||||
| get_class($this))); | get_class($this))); | ||||
| } | } | ||||
| } | } | ||||
| } | } | ||||
| if ($this->shouldRequireEnabledUser()) { | if ($this->shouldRequireEnabledUser()) { | ||||
| if ($user->isLoggedIn() && !$user->getIsApproved()) { | |||||
| $controller = new PhabricatorAuthNeedsApprovalController(); | |||||
| return $this->delegateToController($controller); | |||||
| } | |||||
| if ($user->getIsDisabled()) { | if ($user->getIsDisabled()) { | ||||
| $controller = new PhabricatorDisabledUserController(); | $controller = new PhabricatorDisabledUserController(); | ||||
| return $this->delegateToController($controller); | return $this->delegateToController($controller); | ||||
| } | } | ||||
| } | } | ||||
| $auth_class = 'PhabricatorAuthApplication'; | $auth_class = 'PhabricatorAuthApplication'; | ||||
| $auth_application = PhabricatorApplication::getByClass($auth_class); | $auth_application = PhabricatorApplication::getByClass($auth_class); | ||||
| ▲ Show 20 Lines • Show All 76 Lines • ▼ Show 20 Lines | if ($this->shouldRequireLogin()) { | ||||
| // a policy exception if the viewer doesn't have permission. | // a policy exception if the viewer doesn't have permission. | ||||
| $application = $this->getCurrentApplication(); | $application = $this->getCurrentApplication(); | ||||
| if ($application) { | if ($application) { | ||||
| id(new PhabricatorApplicationQuery()) | id(new PhabricatorApplicationQuery()) | ||||
| ->setViewer($user) | ->setViewer($user) | ||||
| ->withPHIDs(array($application->getPHID())) | ->withPHIDs(array($application->getPHID())) | ||||
| ->executeOne(); | ->executeOne(); | ||||
| } | } | ||||
| // If users need approval, require they wait here. We do this near the | |||||
| // end so they can take other actions (like verifying email, signing | |||||
| // documents, and enrolling in MFA) while waiting for an admin to take a | |||||
| // look at things. See T13024 for more discussion. | |||||
| if ($this->shouldRequireEnabledUser()) { | |||||
| if ($user->isLoggedIn() && !$user->getIsApproved()) { | |||||
| $controller = new PhabricatorAuthNeedsApprovalController(); | |||||
| return $this->delegateToController($controller); | |||||
| } | |||||
| } | |||||
| } | } | ||||
| // NOTE: We do this last so that users get a login page instead of a 403 | // NOTE: We do this last so that users get a login page instead of a 403 | ||||
| // if they need to login. | // if they need to login. | ||||
| if ($this->shouldRequireAdmin() && !$user->getIsAdmin()) { | if ($this->shouldRequireAdmin() && !$user->getIsAdmin()) { | ||||
| return new Aphront403Response(); | return new Aphront403Response(); | ||||
| } | } | ||||
| } | } | ||||
| ▲ Show 20 Lines • Show All 381 Lines • Show Last 20 Lines | |||||