forked from phacility/phabricator
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathPhabricatorPeopleDisableController.php
118 lines (95 loc) · 3.66 KB
/
PhabricatorPeopleDisableController.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
<?php
final class PhabricatorPeopleDisableController
extends PhabricatorPeopleController {
public function shouldRequireAdmin() {
return false;
}
public function handleRequest(AphrontRequest $request) {
$viewer = $this->getViewer();
$id = $request->getURIData('id');
$via = $request->getURIData('via');
$user = id(new PhabricatorPeopleQuery())
->setViewer($viewer)
->withIDs(array($id))
->executeOne();
if (!$user) {
return new Aphront404Response();
}
// NOTE: We reach this controller via the administrative "Disable User"
// on profiles and also via the "X" action on the approval queue. We do
// things slightly differently depending on the context the actor is in.
// In particular, disabling via "Disapprove" requires you be an
// administrator (and bypasses the "Can Disable Users" permission).
// Disabling via "Disable" requires the permission only.
$is_disapprove = ($via == 'disapprove');
if ($is_disapprove) {
$done_uri = $this->getApplicationURI('query/approval/');
if (!$viewer->getIsAdmin()) {
return $this->newDialog()
->setTitle(pht('No Permission'))
->appendParagraph(pht('Only administrators can disapprove users.'))
->addCancelButton($done_uri);
}
if ($user->getIsApproved()) {
return $this->newDialog()
->setTitle(pht('Already Approved'))
->appendParagraph(pht('This user has already been approved.'))
->addCancelButton($done_uri);
}
// On the "Disapprove" flow, bypass the "Can Disable Users" permission.
$actor = PhabricatorUser::getOmnipotentUser();
$should_disable = true;
} else {
$this->requireApplicationCapability(
PeopleDisableUsersCapability::CAPABILITY);
$actor = $viewer;
$done_uri = $this->getApplicationURI("manage/{$id}/");
$should_disable = !$user->getIsDisabled();
}
if ($viewer->getPHID() == $user->getPHID()) {
return $this->newDialog()
->setTitle(pht('Something Stays Your Hand'))
->appendParagraph(
pht(
'Try as you might, you find you can not disable your own account.'))
->addCancelButton($done_uri, pht('Curses!'));
}
if ($request->isFormPost()) {
$xactions = array();
$xactions[] = id(new PhabricatorUserTransaction())
->setTransactionType(PhabricatorUserDisableTransaction::TRANSACTIONTYPE)
->setNewValue($should_disable);
id(new PhabricatorUserTransactionEditor())
->setActor($actor)
->setActingAsPHID($viewer->getPHID())
->setContentSourceFromRequest($request)
->setContinueOnMissingFields(true)
->setContinueOnNoEffect(true)
->applyTransactions($user, $xactions);
return id(new AphrontRedirectResponse())->setURI($done_uri);
}
if ($should_disable) {
$title = pht('Disable User?');
$short_title = pht('Disable User');
$body = pht(
'Disable %s? They will no longer be able to access Phabricator or '.
'receive email.',
phutil_tag('strong', array(), $user->getUsername()));
$submit = pht('Disable User');
} else {
$title = pht('Enable User?');
$short_title = pht('Enable User');
$body = pht(
'Enable %s? They will be able to access Phabricator and receive '.
'email again.',
phutil_tag('strong', array(), $user->getUsername()));
$submit = pht('Enable User');
}
return $this->newDialog()
->setTitle($title)
->setShortTitle($short_title)
->appendParagraph($body)
->addCancelButton($done_uri)
->addSubmitButton($submit);
}
}