Commit 0583f6dc authored by Austin McKinley's avatar Austin McKinley
Browse files

Some formatting changes for showing auth provider config guidance

Summary:
Ref T7667. On the road to locking the auth config, also clean up some minor UI issues:

* Only show the warning about not Phacility instance auth if the user isn't a manager (see next diff).
* When rendering more than one warning in the guidance, add bullets.
* I didn't like the text in the `auth.config-lock` config setting.

Test Plan: Loaded the page, saw more reasonable-looking guidance: {F6369405}

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T7667

Differential Revision: https://secure.phabricator.com/D20400
parent e7a31832
......@@ -9,7 +9,7 @@ return array(
'names' => array(
'conpherence.pkg.css' => '3c8a0668',
'conpherence.pkg.js' => '020aebcf',
'core.pkg.css' => '77c4f199',
'core.pkg.css' => '20f3fea5',
'core.pkg.js' => '69247edd',
'differential.pkg.css' => '8d8360fb',
'differential.pkg.js' => '67e02996',
......@@ -160,7 +160,7 @@ return array(
'rsrc/css/phui/phui-icon-set-selector.css' => '7aa5f3ec',
'rsrc/css/phui/phui-icon.css' => '4cbc684a',
'rsrc/css/phui/phui-image-mask.css' => '62c7f4d2',
'rsrc/css/phui/phui-info-view.css' => '37b8d9ce',
'rsrc/css/phui/phui-info-view.css' => 'a10a909b',
'rsrc/css/phui/phui-invisible-character-view.css' => 'c694c4a4',
'rsrc/css/phui/phui-left-right.css' => '68513c34',
'rsrc/css/phui/phui-lightbox.css' => '4ebf22da',
......@@ -842,7 +842,7 @@ return array(
'phui-icon-set-selector-css' => '7aa5f3ec',
'phui-icon-view-css' => '4cbc684a',
'phui-image-mask-css' => '62c7f4d2',
'phui-info-view-css' => '37b8d9ce',
'phui-info-view-css' => 'a10a909b',
'phui-inline-comment-view-css' => '48acce5b',
'phui-invisible-character-view-css' => 'c694c4a4',
'phui-left-right-css' => '68513c34',
......
......@@ -13,6 +13,7 @@ final class PhabricatorAuthListController
$list = new PHUIObjectItemListView();
$can_manage = $this->hasApplicationCapability(
AuthManageProvidersCapability::CAPABILITY);
$is_locked = PhabricatorEnv::getEnvConfig('auth.lock-config');
foreach ($configs as $config) {
$item = new PHUIObjectItemView();
......@@ -69,7 +70,8 @@ final class PhabricatorAuthListController
$crumbs->addTextCrumb(pht('Login and Registration'));
$crumbs->setBorder(true);
$guidance_context = new PhabricatorAuthProvidersGuidanceContext();
$guidance_context = id(new PhabricatorAuthProvidersGuidanceContext())
->setCanManage($can_manage);
$guidance = id(new PhabricatorGuidanceEngine())
->setViewer($viewer)
......@@ -81,7 +83,7 @@ final class PhabricatorAuthListController
->setButtonType(PHUIButtonView::BUTTONTYPE_SIMPLE)
->setHref($this->getApplicationURI('config/new/'))
->setIcon('fa-plus')
->setDisabled(!$can_manage)
->setDisabled(!$can_manage || $is_locked)
->setText(pht('Add Provider'));
$list->setFlush(true);
......
<?php
final class PhabricatorAuthProvidersGuidanceContext
extends PhabricatorGuidanceContext {}
extends PhabricatorGuidanceContext {
private $canManage = false;
public function setCanManage($can_manage) {
$this->canManage = $can_manage;
return $this;
}
public function getCanManage() {
return $this->canManage;
}
}
......@@ -92,6 +92,25 @@ final class PhabricatorAuthProvidersGuidanceEngineExtension
->setMessage($message);
}
$locked_config_key = 'auth.lock-config';
$is_locked = PhabricatorEnv::getEnvConfig($locked_config_key);
if ($is_locked) {
$message = pht(
'Authentication provider configuration is locked, and can not be '.
'changed without being unlocked. See the configuration setting %s '.
'for details.',
phutil_tag(
'a',
array(
'href' => '/config/edit/'.$locked_config_key,
),
$locked_config_key));
$results[] = $this->newWarning('auth.locked-config')
->setPriority(500)
->setMessage($message);
}
return $results;
}
......
......@@ -85,13 +85,13 @@ final class PhabricatorAuthenticationConfigOptions
'configuration from the CLI before it can be edited.'))
->setDescription(
pht(
'Normally, administrators configure authentication providers only '.
'once, immediately after instance creation. To further secure '.
'your instance, you can set this configuration option to `true`, '.
'which will require an adminstrator with CLI access to run '.
'`bin/auth unlock` to make any later changes to authentication '.
"provider configuration.\n\nAfter changing the config, you should ".
'run `bin/auth lock` again from the CLI.'))
'When set to `true`, the authentication provider configuration '.
'for this instance can not be modified without first running '.
'`bin/auth unlock` from the command line. This is to reduce '.
'the security impact of a compromised administrator account. '.
"\n\n".
'After running `bin/auth unlock` and making your changes to the '.
'authentication provider config, you should run `bin/auth lock`.'))
->setLocked(true),
$this->newOption('account.editable', 'bool', true)
->setBoolOptions(
......
......@@ -74,8 +74,8 @@ h1.phui-info-view-head {
}
.phui-info-view-list {
margin: 0;
list-style: none;
margin-left: 30px;
list-style: disc;
line-height: 1.6em;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment