Page MenuHomePhabricator
Differential D19607 Diff 46877 src/applications/people/controller/PhabricatorPeopleDisableController.php

Changeset View

Standalone View

View Options

src/applications/people/controller/PhabricatorPeopleDisableController.php

<?php <?php
final class PhabricatorPeopleDisableController final class PhabricatorPeopleDisableController
extends PhabricatorPeopleController { extends PhabricatorPeopleController {
public function shouldRequireAdmin() {
return false;
}
public function handleRequest(AphrontRequest $request) { public function handleRequest(AphrontRequest $request) {
$viewer = $this->getViewer(); $viewer = $this->getViewer();
$id = $request->getURIData('id'); $id = $request->getURIData('id');
$via = $request->getURIData('id'); $via = $request->getURIData('via');
$user = id(new PhabricatorPeopleQuery()) $user = id(new PhabricatorPeopleQuery())
->setViewer($viewer) ->setViewer($viewer)
->withIDs(array($id)) ->withIDs(array($id))
->executeOne(); ->executeOne();
if (!$user) { if (!$user) {
return new Aphront404Response(); return new Aphront404Response();
} }
// NOTE: We reach this controller via the administrative "Disable User" // NOTE: We reach this controller via the administrative "Disable User"
// on profiles and also via the "X" action on the approval queue. We do // on profiles and also via the "X" action on the approval queue. We do
// things slightly differently depending on the context the actor is in. // things slightly differently depending on the context the actor is in.
// In particular, disabling via "Disapprove" requires you be an
// administrator (and bypasses the "Can Disable Users" permission).
// Disabling via "Disable" requires the permission only.
$is_disapprove = ($via == 'disapprove'); $is_disapprove = ($via == 'disapprove');
if ($is_disapprove) { if ($is_disapprove) {
$done_uri = $this->getApplicationURI('query/approval/'); $done_uri = $this->getApplicationURI('query/approval/');
if (!$viewer->getIsAdmin()) {
return $this->newDialog()
->setTitle(pht('No Permission'))
->appendParagraph(pht('Only administrators can disapprove users.'))
->addCancelButton($done_uri);
}
if ($user->getIsApproved()) {
return $this->newDialog()
->setTitle(pht('Already Approved'))
->appendParagraph(pht('This user has already been approved.'))
->addCancelButton($done_uri);
}
// On the "Disapprove" flow, bypass the "Can Disable Users" permission.
$actor = PhabricatorUser::getOmnipotentUser();
$should_disable = true; $should_disable = true;
} else { } else {
$this->requireApplicationCapability(
PeopleDisableUsersCapability::CAPABILITY);
$actor = $viewer;
$done_uri = $this->getApplicationURI("manage/{$id}/"); $done_uri = $this->getApplicationURI("manage/{$id}/");
$should_disable = !$user->getIsDisabled(); $should_disable = !$user->getIsDisabled();
} }
if ($viewer->getPHID() == $user->getPHID()) { if ($viewer->getPHID() == $user->getPHID()) {
return $this->newDialog() return $this->newDialog()
->setTitle(pht('Something Stays Your Hand')) ->setTitle(pht('Something Stays Your Hand'))
->appendParagraph( ->appendParagraph(
pht( pht(
'Try as you might, you find you can not disable your own account.')) 'Try as you might, you find you can not disable your own account.'))
->addCancelButton($done_uri, pht('Curses!')); ->addCancelButton($done_uri, pht('Curses!'));
} }
if ($request->isFormPost()) { if ($request->isFormPost()) {
$xactions = array(); $xactions = array();
$xactions[] = id(new PhabricatorUserTransaction()) $xactions[] = id(new PhabricatorUserTransaction())
->setTransactionType(PhabricatorUserDisableTransaction::TRANSACTIONTYPE) ->setTransactionType(PhabricatorUserDisableTransaction::TRANSACTIONTYPE)
->setNewValue($should_disable); ->setNewValue($should_disable);
id(new PhabricatorUserTransactionEditor()) id(new PhabricatorUserTransactionEditor())
->setActor($viewer) ->setActor($actor)
->setActingAsPHID($viewer->getPHID())
->setContentSourceFromRequest($request) ->setContentSourceFromRequest($request)
->setContinueOnMissingFields(true) ->setContinueOnMissingFields(true)
->setContinueOnNoEffect(true) ->setContinueOnNoEffect(true)
->applyTransactions($user, $xactions); ->applyTransactions($user, $xactions);
return id(new AphrontRedirectResponse())->setURI($done_uri); return id(new AphrontRedirectResponse())->setURI($done_uri);
} }
Show All 31 Lines
Phabricator · Built by Phacility