Projects - add "lock membership", which prevents people from leaving

Summary:
Fixes T5603. Puts the toggling of locking membership into the editor so we get exceptions and all that.

I think the dialogue when you try to leave a project that is locked could be a little better maybe? Right now it just says "You can't leave" and "The membership is locked" more or less; should I surface a link to the policy stuff there too?

Test Plan:
 - made a project, toggled the "lock" setting, observed stickiness and good transactions being made
 - locked a project and tried to leave as a non-editor - got a dialogue letting me know i couldn't
 - locked a project and tried to leave as an editor - left successfully

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T5603

Differential Revision: https://secure.phabricator.com/D10508
This commit is contained in:
Bob Trahan
2014-09-18 11:00:50 -07:00
parent 9b63f84ff9
commit 3238f1e091
9 changed files with 106 additions and 6 deletions

View File

@@ -0,0 +1,2 @@
ALTER TABLE {$NAMESPACE}_project.project
ADD isMembershipLocked TINYINT(1) NOT NULL DEFAULT 0 AFTER joinPolicy;

View File

@@ -2682,6 +2682,7 @@ phutil_register_library_map(array(
'PonderVoteEditor' => 'applications/ponder/editor/PonderVoteEditor.php',
'PonderVoteSaveController' => 'applications/ponder/controller/PonderVoteSaveController.php',
'ProjectBoardTaskCard' => 'applications/project/view/ProjectBoardTaskCard.php',
'ProjectCanLockProjectsCapability' => 'applications/project/capability/ProjectCanLockProjectsCapability.php',
'ProjectConduitAPIMethod' => 'applications/project/conduit/ProjectConduitAPIMethod.php',
'ProjectCreateConduitAPIMethod' => 'applications/project/conduit/ProjectCreateConduitAPIMethod.php',
'ProjectCreateProjectsCapability' => 'applications/project/capability/ProjectCreateProjectsCapability.php',
@@ -5722,6 +5723,7 @@ phutil_register_library_map(array(
'PonderVote' => 'PonderConstants',
'PonderVoteEditor' => 'PhabricatorEditor',
'PonderVoteSaveController' => 'PonderController',
'ProjectCanLockProjectsCapability' => 'PhabricatorPolicyCapability',
'ProjectConduitAPIMethod' => 'ConduitAPIMethod',
'ProjectCreateConduitAPIMethod' => 'ProjectConduitAPIMethod',
'ProjectCreateProjectsCapability' => 'PhabricatorPolicyCapability',

View File

@@ -93,6 +93,9 @@ final class PhabricatorProjectApplication extends PhabricatorApplication {
protected function getCustomCapabilities() {
return array(
ProjectCreateProjectsCapability::CAPABILITY => array(),
ProjectCanLockProjectsCapability::CAPABILITY => array(
'default' => PhabricatorPolicies::POLICY_ADMIN,
),
);
}

View File

@@ -0,0 +1,16 @@
<?php
final class ProjectCanLockProjectsCapability
extends PhabricatorPolicyCapability {
const CAPABILITY = 'project.can.lock';
public function getCapabilityName() {
return pht('Can Lock Project Membership');
}
public function describeCapabilityRejection() {
return pht('You do not have permission to lock project membership.');
}
}

View File

@@ -49,6 +49,7 @@ final class PhabricatorProjectEditDetailsController
$v_slugs = $project_slugs;
$v_color = $project->getColor();
$v_icon = $project->getIcon();
$v_locked = $project->getIsMembershipLocked();
$validation_exception = null;
@@ -63,6 +64,7 @@ final class PhabricatorProjectEditDetailsController
$v_join = $request->getStr('can_join');
$v_color = $request->getStr('color');
$v_icon = $request->getStr('icon');
$v_locked = $request->getInt('is_membership_locked', 0);
$xactions = $field_list->buildFieldTransactionsFromRequest(
new PhabricatorProjectTransaction(),
@@ -73,6 +75,7 @@ final class PhabricatorProjectEditDetailsController
$type_edit = PhabricatorTransactions::TYPE_EDIT_POLICY;
$type_icon = PhabricatorProjectTransaction::TYPE_ICON;
$type_color = PhabricatorProjectTransaction::TYPE_COLOR;
$type_locked = PhabricatorProjectTransaction::TYPE_LOCKED;
$xactions[] = id(new PhabricatorProjectTransaction())
->setTransactionType($type_name)
@@ -102,6 +105,10 @@ final class PhabricatorProjectEditDetailsController
->setTransactionType($type_color)
->setNewValue($v_color);
$xactions[] = id(new PhabricatorProjectTransaction())
->setTransactionType($type_locked)
->setNewValue($v_locked);
$editor = id(new PhabricatorProjectTransactionEditor())
->setActor($viewer)
->setContentSourceFromRequest($request)
@@ -148,6 +155,10 @@ final class PhabricatorProjectEditDetailsController
$icon_uri = $this->getApplicationURI('icon/'.$project->getID().'/');
$icon_display = PhabricatorProjectIcon::renderIconForChooser($v_icon);
list($can_lock, $lock_message) = $this->explainApplicationCapability(
ProjectCanLockProjectsCapability::CAPABILITY,
pht('You can update the Lock Project setting.'),
pht('You can not update the Lock Project setting.'));
$form
->appendChild(
@@ -201,6 +212,16 @@ final class PhabricatorProjectEditDetailsController
->setPolicyObject($project)
->setPolicies($policies)
->setCapability(PhabricatorPolicyCapability::CAN_JOIN))
->appendChild(
id(new AphrontFormCheckboxControl())
->setLabel(pht('Lock Project'))
->setDisabled(!$can_lock)
->addCheckbox(
'is_membership_locked',
1,
pht('Prevent members from leaving this project.'),
$v_locked)
->setCaption($lock_message))
->appendChild(
id(new AphrontFormSubmitControl())
->addCancelButton($edit_uri)

View File

@@ -82,12 +82,18 @@ final class PhabricatorProjectUpdateController
case 'leave':
$dialog = new AphrontDialogView();
$dialog->setUser($user);
if ($this->userCannotLeave($project)) {
$dialog->setTitle(pht('You can not leave this project.'));
$body = pht('The membership is locked for this project.');
} else {
$dialog->setTitle(pht('Really leave project?'));
$dialog->appendChild(phutil_tag('p', array(), pht(
$body = pht(
'Your tremendous contributions to this project will be sorely '.
'missed. Are you sure you want to leave?')));
$dialog->addCancelButton($project_uri);
'missed. Are you sure you want to leave?');
$dialog->addSubmitButton(pht('Leave Project'));
}
$dialog->appendParagraph($body);
$dialog->addCancelButton($project_uri);
break;
default:
return new Aphront404Response();
@@ -96,4 +102,18 @@ final class PhabricatorProjectUpdateController
return id(new AphrontDialogResponse())->setDialog($dialog);
}
/**
* This is enforced in @{class:PhabricatorProjectTransactionEditor}. We use
* this logic to render a better form for users hitting this case.
*/
private function userCannotLeave(PhabricatorProject $project) {
$user = $this->getRequest()->getUser();
return
$project->getIsMembershipLocked() &&
!PhabricatorPolicyFilter::hasCapability(
$user,
$project,
PhabricatorPolicyCapability::CAN_EDIT);
}
}

View File

@@ -25,6 +25,7 @@ final class PhabricatorProjectTransactionEditor
$types[] = PhabricatorProjectTransaction::TYPE_IMAGE;
$types[] = PhabricatorProjectTransaction::TYPE_ICON;
$types[] = PhabricatorProjectTransaction::TYPE_COLOR;
$types[] = PhabricatorProjectTransaction::TYPE_LOCKED;
return $types;
}
@@ -49,6 +50,8 @@ final class PhabricatorProjectTransactionEditor
return $object->getIcon();
case PhabricatorProjectTransaction::TYPE_COLOR:
return $object->getColor();
case PhabricatorProjectTransaction::TYPE_LOCKED:
return (int) $object->getIsMembershipLocked();
}
return parent::getCustomTransactionOldValue($object, $xaction);
@@ -65,6 +68,7 @@ final class PhabricatorProjectTransactionEditor
case PhabricatorProjectTransaction::TYPE_IMAGE:
case PhabricatorProjectTransaction::TYPE_ICON:
case PhabricatorProjectTransaction::TYPE_COLOR:
case PhabricatorProjectTransaction::TYPE_LOCKED:
return $xaction->getNewValue();
}
@@ -94,6 +98,9 @@ final class PhabricatorProjectTransactionEditor
case PhabricatorProjectTransaction::TYPE_COLOR:
$object->setColor($xaction->getNewValue());
return;
case PhabricatorProjectTransaction::TYPE_LOCKED:
$object->setIsMembershipLocked($xaction->getNewValue());
return;
case PhabricatorTransactions::TYPE_EDGE:
return;
case PhabricatorTransactions::TYPE_VIEW_POLICY:
@@ -199,6 +206,7 @@ final class PhabricatorProjectTransactionEditor
case PhabricatorProjectTransaction::TYPE_IMAGE:
case PhabricatorProjectTransaction::TYPE_ICON:
case PhabricatorProjectTransaction::TYPE_COLOR:
case PhabricatorProjectTransaction::TYPE_LOCKED:
return;
case PhabricatorTransactions::TYPE_EDGE:
$edge_type = $xaction->getMetadataValue('edge:type');
@@ -360,6 +368,7 @@ final class PhabricatorProjectTransactionEditor
}
break;
}
return $errors;
@@ -381,6 +390,12 @@ final class PhabricatorProjectTransactionEditor
$object,
PhabricatorPolicyCapability::CAN_EDIT);
return;
case PhabricatorProjectTransaction::TYPE_LOCKED:
PhabricatorPolicyFilter::requireCapability(
$this->requireActor(),
newv($this->getEditorApplicationClass(), array()),
ProjectCanLockProjectsCapability::CAPABILITY);
return;
case PhabricatorTransactions::TYPE_EDGE:
switch ($xaction->getMetadataValue('edge:type')) {
case PhabricatorEdgeConfig::TYPE_PROJ_MEMBER:
@@ -402,7 +417,14 @@ final class PhabricatorProjectTransactionEditor
$object,
PhabricatorPolicyCapability::CAN_JOIN);
} else if ($is_leave) {
// You don't need any capabilities to leave a project.
// You usually don't need any capabilities to leave a project.
if ($object->getIsMembershipLocked()) {
// you must be able to edit though to leave locked projects
PhabricatorPolicyFilter::requireCapability(
$this->requireActor(),
$object,
PhabricatorPolicyCapability::CAN_EDIT);
}
} else {
// You need CAN_EDIT to change members other than yourself.
PhabricatorPolicyFilter::requireCapability(

View File

@@ -20,6 +20,7 @@ final class PhabricatorProject extends PhabricatorProjectDAO
protected $viewPolicy;
protected $editPolicy;
protected $joinPolicy;
protected $isMembershipLocked;
private $memberPHIDs = self::ATTACHABLE;
private $watcherPHIDs = self::ATTACHABLE;
@@ -43,6 +44,7 @@ final class PhabricatorProject extends PhabricatorProjectDAO
->setViewPolicy(PhabricatorPolicies::POLICY_USER)
->setEditPolicy(PhabricatorPolicies::POLICY_USER)
->setJoinPolicy(PhabricatorPolicies::POLICY_USER)
->setIsMembershipLocked(0)
->attachMemberPHIDs(array());
}

View File

@@ -9,6 +9,7 @@ final class PhabricatorProjectTransaction
const TYPE_IMAGE = 'project:image';
const TYPE_ICON = 'project:icon';
const TYPE_COLOR = 'project:color';
const TYPE_LOCKED = 'project:locked';
// NOTE: This is deprecated, members are just a normal edge now.
const TYPE_MEMBERS = 'project:members';
@@ -100,6 +101,17 @@ final class PhabricatorProjectTransaction
$author_handle,
PHUITagView::getShadeName($new));
case PhabricatorProjectTransaction::TYPE_LOCKED:
if ($new) {
return pht(
'%s locked this project\'s membership.',
$author_handle);
} else {
return pht(
'%s unlocked this project\'s membership.',
$author_handle);
}
case PhabricatorProjectTransaction::TYPE_SLUGS:
$add = array_diff($new, $old);
$rem = array_diff($old, $new);