Differential D19607 Diff 46877 src/applications/people/controller/PhabricatorPeopleDisableController.php
Changeset View
Changeset View
Standalone View
Standalone View
src/applications/people/controller/PhabricatorPeopleDisableController.php
<?php | <?php | ||||
final class PhabricatorPeopleDisableController | final class PhabricatorPeopleDisableController | ||||
extends PhabricatorPeopleController { | extends PhabricatorPeopleController { | ||||
public function shouldRequireAdmin() { | |||||
return false; | |||||
} | |||||
public function handleRequest(AphrontRequest $request) { | public function handleRequest(AphrontRequest $request) { | ||||
$viewer = $this->getViewer(); | $viewer = $this->getViewer(); | ||||
$id = $request->getURIData('id'); | $id = $request->getURIData('id'); | ||||
$via = $request->getURIData('id'); | $via = $request->getURIData('via'); | ||||
$user = id(new PhabricatorPeopleQuery()) | $user = id(new PhabricatorPeopleQuery()) | ||||
->setViewer($viewer) | ->setViewer($viewer) | ||||
->withIDs(array($id)) | ->withIDs(array($id)) | ||||
->executeOne(); | ->executeOne(); | ||||
if (!$user) { | if (!$user) { | ||||
return new Aphront404Response(); | return new Aphront404Response(); | ||||
} | } | ||||
// NOTE: We reach this controller via the administrative "Disable User" | // NOTE: We reach this controller via the administrative "Disable User" | ||||
// on profiles and also via the "X" action on the approval queue. We do | // on profiles and also via the "X" action on the approval queue. We do | ||||
// things slightly differently depending on the context the actor is in. | // things slightly differently depending on the context the actor is in. | ||||
// In particular, disabling via "Disapprove" requires you be an | |||||
// administrator (and bypasses the "Can Disable Users" permission). | |||||
// Disabling via "Disable" requires the permission only. | |||||
$is_disapprove = ($via == 'disapprove'); | $is_disapprove = ($via == 'disapprove'); | ||||
if ($is_disapprove) { | if ($is_disapprove) { | ||||
$done_uri = $this->getApplicationURI('query/approval/'); | $done_uri = $this->getApplicationURI('query/approval/'); | ||||
if (!$viewer->getIsAdmin()) { | |||||
return $this->newDialog() | |||||
->setTitle(pht('No Permission')) | |||||
->appendParagraph(pht('Only administrators can disapprove users.')) | |||||
->addCancelButton($done_uri); | |||||
} | |||||
if ($user->getIsApproved()) { | |||||
return $this->newDialog() | |||||
->setTitle(pht('Already Approved')) | |||||
->appendParagraph(pht('This user has already been approved.')) | |||||
->addCancelButton($done_uri); | |||||
} | |||||
// On the "Disapprove" flow, bypass the "Can Disable Users" permission. | |||||
$actor = PhabricatorUser::getOmnipotentUser(); | |||||
$should_disable = true; | $should_disable = true; | ||||
} else { | } else { | ||||
$this->requireApplicationCapability( | |||||
PeopleDisableUsersCapability::CAPABILITY); | |||||
$actor = $viewer; | |||||
$done_uri = $this->getApplicationURI("manage/{$id}/"); | $done_uri = $this->getApplicationURI("manage/{$id}/"); | ||||
$should_disable = !$user->getIsDisabled(); | $should_disable = !$user->getIsDisabled(); | ||||
} | } | ||||
if ($viewer->getPHID() == $user->getPHID()) { | if ($viewer->getPHID() == $user->getPHID()) { | ||||
return $this->newDialog() | return $this->newDialog() | ||||
->setTitle(pht('Something Stays Your Hand')) | ->setTitle(pht('Something Stays Your Hand')) | ||||
->appendParagraph( | ->appendParagraph( | ||||
pht( | pht( | ||||
'Try as you might, you find you can not disable your own account.')) | 'Try as you might, you find you can not disable your own account.')) | ||||
->addCancelButton($done_uri, pht('Curses!')); | ->addCancelButton($done_uri, pht('Curses!')); | ||||
} | } | ||||
if ($request->isFormPost()) { | if ($request->isFormPost()) { | ||||
$xactions = array(); | $xactions = array(); | ||||
$xactions[] = id(new PhabricatorUserTransaction()) | $xactions[] = id(new PhabricatorUserTransaction()) | ||||
->setTransactionType(PhabricatorUserDisableTransaction::TRANSACTIONTYPE) | ->setTransactionType(PhabricatorUserDisableTransaction::TRANSACTIONTYPE) | ||||
->setNewValue($should_disable); | ->setNewValue($should_disable); | ||||
id(new PhabricatorUserTransactionEditor()) | id(new PhabricatorUserTransactionEditor()) | ||||
->setActor($viewer) | ->setActor($actor) | ||||
->setActingAsPHID($viewer->getPHID()) | |||||
->setContentSourceFromRequest($request) | ->setContentSourceFromRequest($request) | ||||
->setContinueOnMissingFields(true) | ->setContinueOnMissingFields(true) | ||||
->setContinueOnNoEffect(true) | ->setContinueOnNoEffect(true) | ||||
->applyTransactions($user, $xactions); | ->applyTransactions($user, $xactions); | ||||
return id(new AphrontRedirectResponse())->setURI($done_uri); | return id(new AphrontRedirectResponse())->setURI($done_uri); | ||||
} | } | ||||
Show All 31 Lines |