Path: blob/master/src/applications/people/controller/PhabricatorPeopleDisableController.php
12256 views
<?php12final class PhabricatorPeopleDisableController3extends PhabricatorPeopleController {45public function shouldRequireAdmin() {6return false;7}89public function handleRequest(AphrontRequest $request) {10$viewer = $this->getViewer();11$id = $request->getURIData('id');12$via = $request->getURIData('via');1314$user = id(new PhabricatorPeopleQuery())15->setViewer($viewer)16->withIDs(array($id))17->executeOne();18if (!$user) {19return new Aphront404Response();20}2122// NOTE: We reach this controller via the administrative "Disable User"23// on profiles and also via the "X" action on the approval queue. We do24// things slightly differently depending on the context the actor is in.2526// In particular, disabling via "Disapprove" requires you be an27// administrator (and bypasses the "Can Disable Users" permission).28// Disabling via "Disable" requires the permission only.2930$is_disapprove = ($via == 'disapprove');31if ($is_disapprove) {32$done_uri = $this->getApplicationURI('query/approval/');3334if (!$viewer->getIsAdmin()) {35return $this->newDialog()36->setTitle(pht('No Permission'))37->appendParagraph(pht('Only administrators can disapprove users.'))38->addCancelButton($done_uri);39}4041if ($user->getIsApproved()) {42return $this->newDialog()43->setTitle(pht('Already Approved'))44->appendParagraph(pht('This user has already been approved.'))45->addCancelButton($done_uri);46}4748// On the "Disapprove" flow, bypass the "Can Disable Users" permission.49$actor = PhabricatorUser::getOmnipotentUser();50$should_disable = true;51} else {52$this->requireApplicationCapability(53PeopleDisableUsersCapability::CAPABILITY);5455$actor = $viewer;56$done_uri = $this->getApplicationURI("manage/{$id}/");57$should_disable = !$user->getIsDisabled();58}5960if ($viewer->getPHID() == $user->getPHID()) {61return $this->newDialog()62->setTitle(pht('Something Stays Your Hand'))63->appendParagraph(64pht(65'Try as you might, you find you can not disable your own account.'))66->addCancelButton($done_uri, pht('Curses!'));67}6869if ($request->isFormPost()) {70$xactions = array();7172$xactions[] = id(new PhabricatorUserTransaction())73->setTransactionType(PhabricatorUserDisableTransaction::TRANSACTIONTYPE)74->setNewValue($should_disable);7576id(new PhabricatorUserTransactionEditor())77->setActor($actor)78->setActingAsPHID($viewer->getPHID())79->setContentSourceFromRequest($request)80->setContinueOnMissingFields(true)81->setContinueOnNoEffect(true)82->applyTransactions($user, $xactions);8384return id(new AphrontRedirectResponse())->setURI($done_uri);85}8687if ($should_disable) {88$title = pht('Disable User?');89$short_title = pht('Disable User');9091$body = pht(92'Disable %s? They will no longer be able to access this server or '.93'receive email.',94phutil_tag('strong', array(), $user->getUsername()));9596$submit = pht('Disable User');97} else {98$title = pht('Enable User?');99$short_title = pht('Enable User');100101$body = pht(102'Enable %s? They will be able to access this server and receive '.103'email again.',104phutil_tag('strong', array(), $user->getUsername()));105106$submit = pht('Enable User');107}108109return $this->newDialog()110->setTitle($title)111->setShortTitle($short_title)112->appendParagraph($body)113->addCancelButton($done_uri)114->addSubmitButton($submit);115}116117}118119120