Lockdown tool directory editing to administrators

Summary: Someone has "defaced" secure.phabricator.com with a helpful suggestion that I actually do this; fair enough. :P Test Plan: Logged in as myself, unable to edit directory information. Logged out, logged in as admin, was able to edit directory information. I need to fix some more CSS stuff since some of these tabs render out hideous in the admin background, but I can followup with that. Reviewed By: tuomaspelkonen Reviewers: aran, jungejason, tuomaspelkonen Commenters: aran CC: aran, tuomaspelkonen, epriestley Differential Revision: 296
2011-05-17 10:59:26 -07:00
parent 84731e8f00
commit f72c1acc63
7 changed files with 134 additions and 68 deletions
--- a/src/applications/repository/controller/base/PhabricatorRepositoryController.php
+++ b/src/applications/repository/controller/base/PhabricatorRepositoryController.php
@@ -18,6 +18,11 @@

 abstract class PhabricatorRepositoryController extends PhabricatorController {

+  public function shouldRequireAdmin() {
+    // Most of these controllers are admin-only.
+    return true;
+  }
+
  public function buildStandardPageResponse($view, array $data) {
    $page = $this->buildStandardPageView();

--- a/src/applications/repository/controller/github-post-receive/PhabricatorRepositoryGitHubPostReceiveController.php
+++ b/src/applications/repository/controller/github-post-receive/PhabricatorRepositoryGitHubPostReceiveController.php
@@ -20,6 +20,10 @@
 class PhabricatorRepositoryGitHubPostReceiveController
  extends PhabricatorRepositoryController {

+  public function shouldRequireAdmin() {
+    return false;
+  }
+
  public function shouldRequireLogin() {
    return false;
  }
--- a/src/applications/repository/controller/list/PhabricatorRepositoryListController.php
+++ b/src/applications/repository/controller/list/PhabricatorRepositoryListController.php
@@ -19,9 +19,16 @@
 class PhabricatorRepositoryListController
  extends PhabricatorRepositoryController {

+  public function shouldRequireAdmin() {
+    return false;
+  }

  public function processRequest() {

+    $request = $this->getRequest();
+    $user = $request->getUser();
+    $is_admin = $user->getIsAdmin();
+
    $repos = id(new PhabricatorRepository())->loadAll();

    $rows = array();
@@ -82,9 +89,21 @@ class PhabricatorRepositoryListController
        'action',
      ));

+    $table->setColumnVisibility(
+      array(
+        true,
+        true,
+        true,
+        true,
+        $is_admin,
+        $is_admin,
+      ));
+
    $panel = new AphrontPanelView();
    $panel->setHeader('Repositories');
-    $panel->setCreateButton('Create New Repository', '/repository/create/');
+    if ($is_admin) {
+      $panel->setCreateButton('Create New Repository', '/repository/create/');
+    }
    $panel->appendChild($table);

    $projects = id(new PhabricatorRepositoryArcanistProject())->loadAll();
@@ -125,6 +144,13 @@ class PhabricatorRepositoryListController
        'action',
      ));

+    $project_table->setColumnVisibility(
+      array(
+        true,
+        true,
+        $is_admin,
+      ));
+
    $project_panel = new AphrontPanelView();
    $project_panel->setHeader('Arcanist Projects');
    $project_panel->appendChild($project_table);