HomePhabricator
Diffusion Phabricator 058952e72ecf

Add a "Can Disable Users" capability to the "People" application
058952e72ecf
Actions

Description

Add a "Can Disable Users" capability to the "People" application

Summary:
Depends on D19605. Ref T13189. See PHI642. This adds a separate "Can Disable Users" capability, and makes the underlying transaction use it.

This doesn't actually let you weaken the permission, since all pathways need more permissions:

  • user.edit needs CAN_EDIT.
  • user.disable/enable need admin.
  • Web UI workflow needs admin.

Upcoming changes will update these pathways.

Without additional changes, this does let you strengthen the permission.

This also fixes the inability to disable non-bot users via the web UI.

Test Plan:

  • Set permission to "No One", tried to disable users. Got a tailored policy error.
  • Set permission to "All Users", disabled/enabled a non-bot user.

Reviewers: amckinley

Maniphest Tasks: T13189

Differential Revision: https://secure.phabricator.com/D19606

Details

Provenance
epriestleyAuthored on Aug 14 2018, 3:50 PM
epriestleyPushed on Aug 27 2018, 3:01 PM
Differential Revision
D19606: Add a "Can Disable Users" capability to the "People" application
Parents
rP8cf56913d8ef: Deprecate "user.enable" and "user.disable" API methods, redefine them in terms…
Branches
Unknown
Tags
Unknown
Tasks
T13189: Plans: 2018 Week 35 Bonus Content
Build Status
Buildable 20681
Build 28108: Run Core Tests

Changes (4)

PathSize
src/
applications/
people/
application/
capability/
xaction/

rP058952e72ecf

View Options

src/__phutil_library_map__.php

Loading...
View Options

src/applications/people/application/PhabricatorPeopleApplication.php

Loading...
View Options

src/applications/people/capability/PeopleDisableUsersCapability.php

Loading...
View Options

src/applications/people/xaction/PhabricatorUserDisableTransaction.php

Loading...
Phabricator · Built by Phacility