Config - add an option to lock policy settings
Summary: Fixes T6947 Test Plan: locked people.create.user and noted the UI only showed a link to the existing policy with no way to edit it. tried to set the config to all the various bad things and saw helpful error messages telling me what I did wrong. Reviewers: epriestley Reviewed By: epriestley Subscribers: Korvin, epriestley Maniphest Tasks: T6947 Differential Revision: https://secure.phabricator.com/D11358
This commit is contained in:
Bob Trahan
@@ -3,23 +3,17 @@
|
||||
final class PhabricatorApplicationEditController
|
||||
extends PhabricatorApplicationsController {
|
||||
|
||||
private $application;
|
||||
|
||||
public function shouldRequireAdmin() {
|
||||
return true;
|
||||
}
|
||||
|
||||
public function willProcessRequest(array $data) {
|
||||
$this->application = $data['application'];
|
||||
}
|
||||
|
||||
public function processRequest() {
|
||||
$request = $this->getRequest();
|
||||
public function handleRequest(AphrontRequest $request) {
|
||||
$user = $request->getUser();
|
||||
$application = $request->getURIData('application');
|
||||
|
||||
$application = id(new PhabricatorApplicationQuery())
|
||||
->setViewer($user)
|
||||
->withClasses(array($this->application))
|
||||
->withClasses(array($application))
|
||||
->requireCapabilities(
|
||||
array(
|
||||
PhabricatorPolicyCapability::CAN_VIEW,
|
||||
@@ -107,7 +101,7 @@ final class PhabricatorApplicationEditController
|
||||
$user,
|
||||
$config_entry,
|
||||
$value,
|
||||
PhabricatorContentSource::newFromRequest($this->getRequest()));
|
||||
PhabricatorContentSource::newFromRequest($request));
|
||||
}
|
||||
|
||||
return id(new AphrontRedirectResponse())->setURI($view_uri);
|
||||
@@ -120,12 +114,15 @@ final class PhabricatorApplicationEditController
|
||||
$form = id(new AphrontFormView())
|
||||
->setUser($user);
|
||||
|
||||
$locked_policies = PhabricatorEnv::getEnvConfig('policy.locked');
|
||||
$locked_map = array_fill_keys($locked_policies, true);
|
||||
foreach ($application->getCapabilities() as $capability) {
|
||||
$label = $application->getCapabilityLabel($capability);
|
||||
$can_edit = $application->isCapabilityEditable($capability);
|
||||
$locked = idx($locked_map, $capability);
|
||||
$caption = $application->getCapabilityCaption($capability);
|
||||
|
||||
if (!$can_edit) {
|
||||
if (!$can_edit || $locked) {
|
||||
$form->appendChild(
|
||||
id(new AphrontFormStaticControl())
|
||||
->setLabel($label)
|
||||
@@ -135,6 +132,7 @@ final class PhabricatorApplicationEditController
|
||||
$form->appendChild(
|
||||
id(new AphrontFormPolicyControl())
|
||||
->setUser($user)
|
||||
->setDisabled(idx($locked_map, $capability))
|
||||
->setCapability($capability)
|
||||
->setPolicyObject($application)
|
||||
->setPolicies($policies)
|
||||
|
||||
Reference in New Issue
Block a user