Prevent administrators from locking themselves out of applications

Summary: Ref T603. This could be a nicer UX, but limit the amount of foot-shooting that users can possibly do. You can still manage if you're really tricky ("Members of project X", then leave the project) but this should make it hard to make a mistake. It seems very unlikely any user ever intends to lock themselves out of an application.

Test Plan: Set an application's view policy to permissive ("Administrators") and nonpermissive ("No One") values. The former were accepted, the latter rejected.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D7218

Author: epriestley

src/applications/meta/controller/PhabricatorApplicationEditController.php

@@ -75,6 +75,19 @@ public function processRequest() {
 
         $value[$phid]['policy'] = $result + $value[$phid]['policy'];
 
+        // Don't allow users to make policy edits which would lock them out of
+        // applications, since they would be unable to undo those actions.
+        PhabricatorEnv::overrideConfig($key, $value);
+        PhabricatorPolicyFilter::mustRetainCapability(
+          $user,
+          $application,
+          PhabricatorPolicyCapability::CAN_VIEW);
+
+        PhabricatorPolicyFilter::mustRetainCapability(
+          $user,
+          $application,
+          PhabricatorPolicyCapability::CAN_EDIT);
+
         PhabricatorConfigEditor::storeNewValue(
           $config_entry,
           $value,