Page MenuHomestyx hydra
Files F154525

No OneTemporary
Actions

View Options

diff --git a/src/applications/people/controller/PhabricatorPeopleApproveController.php b/src/applications/people/controller/PhabricatorPeopleApproveController.php
index 58cd2e2119..0e97ad6ee6 100644
--- a/src/applications/people/controller/PhabricatorPeopleApproveController.php
+++ b/src/applications/people/controller/PhabricatorPeopleApproveController.php
@@ -1,57 +1,64 @@
<?php
final class PhabricatorPeopleApproveController
extends PhabricatorPeopleController {
public function handleRequest(AphrontRequest $request) {
$viewer = $request->getViewer();
$user = id(new PhabricatorPeopleQuery())
->setViewer($viewer)
->withIDs(array($request->getURIData('id')))
->executeOne();
if (!$user) {
return new Aphront404Response();
}
$done_uri = $this->getApplicationURI('query/approval/');
+ if ($user->getIsApproved()) {
+ return $this->newDialog()
+ ->setTitle(pht('Already Approved'))
+ ->appendChild(pht('This user has already been approved.'))
+ ->addCancelButton($done_uri);
+ }
+
if ($request->isFormPost()) {
id(new PhabricatorUserEditor())
->setActor($viewer)
->approveUser($user, true);
$title = pht(
'Phabricator Account "%s" Approved',
$user->getUsername());
$body = sprintf(
"%s\n\n %s\n\n",
pht(
'Your Phabricator account (%s) has been approved by %s. You can '.
'login here:',
$user->getUsername(),
$viewer->getUsername()),
PhabricatorEnv::getProductionURI('/'));
$mail = id(new PhabricatorMetaMTAMail())
->addTos(array($user->getPHID()))
->addCCs(array($viewer->getPHID()))
->setSubject('[Phabricator] '.$title)
->setForceDelivery(true)
->setBody($body)
->saveAndSend();
return id(new AphrontRedirectResponse())->setURI($done_uri);
}
return $this->newDialog()
->setTitle(pht('Confirm Approval'))
->appendChild(
pht(
'Allow %s to access this Phabricator install?',
phutil_tag('strong', array(), $user->getUsername())))
->addCancelButton($done_uri)
->addSubmitButton(pht('Approve Account'));
}
}
diff --git a/src/applications/people/controller/PhabricatorPeopleDisableController.php b/src/applications/people/controller/PhabricatorPeopleDisableController.php
index f51f42047b..9f2718086b 100644
--- a/src/applications/people/controller/PhabricatorPeopleDisableController.php
+++ b/src/applications/people/controller/PhabricatorPeopleDisableController.php
@@ -1,88 +1,118 @@
<?php
final class PhabricatorPeopleDisableController
extends PhabricatorPeopleController {
+ public function shouldRequireAdmin() {
+ return false;
+ }
+
public function handleRequest(AphrontRequest $request) {
$viewer = $this->getViewer();
$id = $request->getURIData('id');
- $via = $request->getURIData('id');
+ $via = $request->getURIData('via');
$user = id(new PhabricatorPeopleQuery())
->setViewer($viewer)
->withIDs(array($id))
->executeOne();
if (!$user) {
return new Aphront404Response();
}
// NOTE: We reach this controller via the administrative "Disable User"
// on profiles and also via the "X" action on the approval queue. We do
// things slightly differently depending on the context the actor is in.
+ // In particular, disabling via "Disapprove" requires you be an
+ // administrator (and bypasses the "Can Disable Users" permission).
+ // Disabling via "Disable" requires the permission only.
+
$is_disapprove = ($via == 'disapprove');
if ($is_disapprove) {
$done_uri = $this->getApplicationURI('query/approval/');
+
+ if (!$viewer->getIsAdmin()) {
+ return $this->newDialog()
+ ->setTitle(pht('No Permission'))
+ ->appendParagraph(pht('Only administrators can disapprove users.'))
+ ->addCancelButton($done_uri);
+ }
+
+ if ($user->getIsApproved()) {
+ return $this->newDialog()
+ ->setTitle(pht('Already Approved'))
+ ->appendParagraph(pht('This user has already been approved.'))
+ ->addCancelButton($done_uri);
+ }
+
+ // On the "Disapprove" flow, bypass the "Can Disable Users" permission.
+ $actor = PhabricatorUser::getOmnipotentUser();
$should_disable = true;
} else {
+ $this->requireApplicationCapability(
+ PeopleDisableUsersCapability::CAPABILITY);
+
+ $actor = $viewer;
$done_uri = $this->getApplicationURI("manage/{$id}/");
$should_disable = !$user->getIsDisabled();
}
if ($viewer->getPHID() == $user->getPHID()) {
return $this->newDialog()
->setTitle(pht('Something Stays Your Hand'))
->appendParagraph(
pht(
'Try as you might, you find you can not disable your own account.'))
->addCancelButton($done_uri, pht('Curses!'));
}
if ($request->isFormPost()) {
$xactions = array();
$xactions[] = id(new PhabricatorUserTransaction())
->setTransactionType(PhabricatorUserDisableTransaction::TRANSACTIONTYPE)
->setNewValue($should_disable);
id(new PhabricatorUserTransactionEditor())
- ->setActor($viewer)
+ ->setActor($actor)
+ ->setActingAsPHID($viewer->getPHID())
->setContentSourceFromRequest($request)
->setContinueOnMissingFields(true)
->setContinueOnNoEffect(true)
->applyTransactions($user, $xactions);
return id(new AphrontRedirectResponse())->setURI($done_uri);
}
if ($should_disable) {
$title = pht('Disable User?');
$short_title = pht('Disable User');
$body = pht(
'Disable %s? They will no longer be able to access Phabricator or '.
'receive email.',
phutil_tag('strong', array(), $user->getUsername()));
$submit = pht('Disable User');
} else {
$title = pht('Enable User?');
$short_title = pht('Enable User');
$body = pht(
'Enable %s? They will be able to access Phabricator and receive '.
'email again.',
phutil_tag('strong', array(), $user->getUsername()));
$submit = pht('Enable User');
}
return $this->newDialog()
->setTitle($title)
->setShortTitle($short_title)
->appendParagraph($body)
->addCancelButton($done_uri)
->addSubmitButton($submit);
}
}
diff --git a/src/applications/people/controller/PhabricatorPeopleProfileManageController.php b/src/applications/people/controller/PhabricatorPeopleProfileManageController.php
index 2ac3e6de89..9759a375c7 100644
--- a/src/applications/people/controller/PhabricatorPeopleProfileManageController.php
+++ b/src/applications/people/controller/PhabricatorPeopleProfileManageController.php
@@ -1,175 +1,180 @@
<?php
final class PhabricatorPeopleProfileManageController
extends PhabricatorPeopleProfileController {
public function shouldAllowPublic() {
return true;
}
public function handleRequest(AphrontRequest $request) {
$viewer = $this->getViewer();
$id = $request->getURIData('id');
$user = id(new PhabricatorPeopleQuery())
->setViewer($viewer)
->withIDs(array($id))
->needProfile(true)
->needProfileImage(true)
->needAvailability(true)
->executeOne();
if (!$user) {
return new Aphront404Response();
}
$this->setUser($user);
$header = $this->buildProfileHeader();
$curtain = $this->buildCurtain($user);
$properties = $this->buildPropertyView($user);
$name = $user->getUsername();
$nav = $this->getProfileMenu();
$nav->selectFilter(PhabricatorPeopleProfileMenuEngine::ITEM_MANAGE);
$crumbs = $this->buildApplicationCrumbs();
$crumbs->addTextCrumb(pht('Manage'));
$crumbs->setBorder(true);
$manage = id(new PHUITwoColumnView())
->setHeader($header)
->addClass('project-view-home')
->addClass('project-view-people-home')
->setCurtain($curtain)
->addPropertySection(pht('Details'), $properties);
return $this->newPage()
->setTitle(
array(
pht('Manage User'),
$user->getUsername(),
))
->setNavigation($nav)
->setCrumbs($crumbs)
->appendChild(
array(
$manage,
));
}
private function buildPropertyView(PhabricatorUser $user) {
$viewer = $this->getRequest()->getUser();
$view = id(new PHUIPropertyListView())
->setUser($viewer)
->setObject($user);
$field_list = PhabricatorCustomField::getObjectFields(
$user,
PhabricatorCustomField::ROLE_VIEW);
$field_list->appendFieldsToPropertyList($user, $viewer, $view);
return $view;
}
private function buildCurtain(PhabricatorUser $user) {
$viewer = $this->getViewer();
+ $is_self = ($user->getPHID() === $viewer->getPHID());
+
$can_edit = PhabricatorPolicyFilter::hasCapability(
$viewer,
$user,
PhabricatorPolicyCapability::CAN_EDIT);
+ $is_admin = $viewer->getIsAdmin();
+ $can_admin = ($is_admin && !$is_self);
+
+ $has_disable = $this->hasApplicationCapability(
+ PeopleDisableUsersCapability::CAPABILITY);
+ $can_disable = ($has_disable && !$is_self);
+
+ $can_welcome = ($is_admin && $user->canEstablishWebSessions());
+
$curtain = $this->newCurtainView($user);
$curtain->addAction(
id(new PhabricatorActionView())
->setIcon('fa-pencil')
->setName(pht('Edit Profile'))
->setHref($this->getApplicationURI('editprofile/'.$user->getID().'/'))
->setDisabled(!$can_edit)
->setWorkflow(!$can_edit));
$curtain->addAction(
id(new PhabricatorActionView())
->setIcon('fa-picture-o')
->setName(pht('Edit Profile Picture'))
->setHref($this->getApplicationURI('picture/'.$user->getID().'/'))
->setDisabled(!$can_edit)
->setWorkflow(!$can_edit));
$curtain->addAction(
id(new PhabricatorActionView())
->setIcon('fa-wrench')
->setName(pht('Edit Settings'))
->setDisabled(!$can_edit)
->setWorkflow(!$can_edit)
->setHref('/settings/user/'.$user->getUsername().'/'));
if ($user->getIsAdmin()) {
$empower_icon = 'fa-arrow-circle-o-down';
$empower_name = pht('Remove Administrator');
} else {
$empower_icon = 'fa-arrow-circle-o-up';
$empower_name = pht('Make Administrator');
}
- $is_admin = $viewer->getIsAdmin();
- $is_self = ($user->getPHID() === $viewer->getPHID());
- $can_admin = ($is_admin && !$is_self);
-
$curtain->addAction(
id(new PhabricatorActionView())
->setIcon($empower_icon)
->setName($empower_name)
->setDisabled(!$can_admin)
->setWorkflow(true)
->setHref($this->getApplicationURI('empower/'.$user->getID().'/')));
$curtain->addAction(
id(new PhabricatorActionView())
->setIcon('fa-tag')
->setName(pht('Change Username'))
->setDisabled(!$is_admin)
->setWorkflow(true)
->setHref($this->getApplicationURI('rename/'.$user->getID().'/')));
if ($user->getIsDisabled()) {
$disable_icon = 'fa-check-circle-o';
$disable_name = pht('Enable User');
} else {
$disable_icon = 'fa-ban';
$disable_name = pht('Disable User');
}
$curtain->addAction(
id(new PhabricatorActionView())
->setIcon($disable_icon)
->setName($disable_name)
- ->setDisabled(!$can_admin)
+ ->setDisabled(!$can_disable)
->setWorkflow(true)
->setHref($this->getApplicationURI('disable/'.$user->getID().'/')));
$curtain->addAction(
id(new PhabricatorActionView())
->setIcon('fa-times')
->setName(pht('Delete User'))
->setDisabled(!$can_admin)
->setWorkflow(true)
->setHref($this->getApplicationURI('delete/'.$user->getID().'/')));
- $can_welcome = ($is_admin && $user->canEstablishWebSessions());
-
$curtain->addAction(
id(new PhabricatorActionView())
->setIcon('fa-envelope')
->setName(pht('Send Welcome Email'))
->setWorkflow(true)
->setDisabled(!$can_welcome)
->setHref($this->getApplicationURI('welcome/'.$user->getID().'/')));
return $curtain;
}
}

File Metadata

Mime Type
text/x-diff
Expires
Wed, May 21, 12:21 PM (1 d, 17 h)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
126257
Default Alt Text
(12 KB)

Event Timeline

styx copyright 2020 sirocyl / ellie (kymkdd) / ncommander / styx contributors
Use of other names and brands is not intended to reflect a claim of, or right to, use the name or brand.
styx is an operating system using the Linux kernel and components, and "styx Linux" as a phrase does not reflect the inclusion of the Linux brand or trademark in the styx project.
Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries.
Terms and Conditions (TODO: fix this!)