Allow application policies to be edited

Summary:
Ref T603. Enables:

  - Application policies can be edited.
  - Applications can define custom policies (this will be used for setting defaults, like "what is the default visibiltiy of new tasks", and meta-policies, like "who can create a task?").

Test Plan: Edited application policies. A future diff does more with custom policies.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D7205

Author: epriestley

src/__phutil_library_map__.php

@@ -828,6 +828,7 @@
     'PhabricatorApplicationDiviner' => 'applications/diviner/application/PhabricatorApplicationDiviner.php',
     'PhabricatorApplicationDoorkeeper' => 'applications/doorkeeper/application/PhabricatorApplicationDoorkeeper.php',
     'PhabricatorApplicationDrydock' => 'applications/drydock/application/PhabricatorApplicationDrydock.php',
+    'PhabricatorApplicationEditController' => 'applications/meta/controller/PhabricatorApplicationEditController.php',
     'PhabricatorApplicationFact' => 'applications/fact/application/PhabricatorApplicationFact.php',
     'PhabricatorApplicationFeed' => 'applications/feed/application/PhabricatorApplicationFeed.php',
     'PhabricatorApplicationFiles' => 'applications/files/application/PhabricatorApplicationFiles.php',
@@ -2937,6 +2938,7 @@
     'PhabricatorApplicationDiviner' => 'PhabricatorApplication',
     'PhabricatorApplicationDoorkeeper' => 'PhabricatorApplication',
     'PhabricatorApplicationDrydock' => 'PhabricatorApplication',
+    'PhabricatorApplicationEditController' => 'PhabricatorApplicationsController',
     'PhabricatorApplicationFact' => 'PhabricatorApplication',
     'PhabricatorApplicationFeed' => 'PhabricatorApplication',
     'PhabricatorApplicationFiles' => 'PhabricatorApplication',

src/applications/base/PhabricatorApplication.php

@@ -321,18 +321,32 @@ public static function getAllInstalledApplications() {
 
 
   public function getCapabilities() {
-    return array(
-      PhabricatorPolicyCapability::CAN_VIEW,
-      PhabricatorPolicyCapability::CAN_EDIT,
-    );
+    return array_merge(
+      array(
+        PhabricatorPolicyCapability::CAN_VIEW,
+        PhabricatorPolicyCapability::CAN_EDIT,
+      ),
+      array_keys($this->getCustomCapabilities()));
   }
 
   public function getPolicy($capability) {
+    $default = $this->getCustomPolicySetting($capability);
+    if ($default) {
+      return $default;
+    }
+
     switch ($capability) {
       case PhabricatorPolicyCapability::CAN_VIEW:
-        return PhabricatorPolicies::POLICY_USER;
+        if (PhabricatorEnv::getEnvConfig('policy.allow-public')) {
+          return PhabricatorPolicies::POLICY_PUBLIC;
+        } else {
+          return PhabricatorPolicies::POLICY_USER;
+        }
       case PhabricatorPolicyCapability::CAN_EDIT:
         return PhabricatorPolicies::POLICY_ADMIN;
+      default:
+        $spec = $this->getCustomCapabilitySpecification($capability);
+        return idx($spec, 'default', PhabricatorPolicies::POLICY_USER);
     }
   }
 
@@ -345,4 +359,80 @@ public function describeAutomaticCapability($capability) {
   }
 
 
+/* -(  Policies  )----------------------------------------------------------- */
+
+  protected function getCustomCapabilities() {
+    return array();
+  }
+
+  private function getCustomPolicySetting($capability) {
+    if (!$this->isCapabilityEditable($capability)) {
+      return null;
+    }
+
+    $config = PhabricatorEnv::getEnvConfig('phabricator.application-settings');
+
+    $app = idx($config, $this->getPHID());
+    if (!$app) {
+      return null;
+    }
+
+    $policy = idx($app, 'policy');
+    if (!$policy) {
+      return null;
+    }
+
+    return idx($policy, $capability);
+  }
+
+
+  private function getCustomCapabilitySpecification($capability) {
+    $custom = $this->getCustomCapabilities();
+    if (empty($custom[$capability])) {
+      throw new Exception("Unknown capability '{$capability}'!");
+    }
+    return $custom[$capability];
+  }
+
+  public function getCapabilityLabel($capability) {
+    $map = array(
+      PhabricatorPolicyCapability::CAN_VIEW => pht('Can Use Application'),
+      PhabricatorPolicyCapability::CAN_EDIT => pht('Can Configure Application'),
+    );
+
+    $map += ipull($this->getCustomCapabilities(), 'label');
+
+    return idx($map, $capability);
+  }
+
+  public function isCapabilityEditable($capability) {
+    switch ($capability) {
+      case PhabricatorPolicyCapability::CAN_VIEW:
+        return $this->canUninstall();
+      case PhabricatorPolicyCapability::CAN_EDIT:
+        return false;
+      default:
+        $spec = $this->getCustomCapabilitySpecification($capability);
+        return idx($spec, 'edit', true);
+    }
+  }
+
+  public function getCapabilityCaption($capability) {
+    switch ($capability) {
+      case PhabricatorPolicyCapability::CAN_VIEW:
+        if (!$this->canUninstall()) {
+          return pht(
+            'This application is required for Phabricator to operate, so all '.
+            'users must have access to it.');
+        } else {
+          return null;
+        }
+      case PhabricatorPolicyCapability::CAN_EDIT:
+        return null;
+      default:
+        $spec = $this->getCustomCapabilitySpecification($capability);
+        return idx($spec, 'caption');
+    }
+  }
+
 }

src/applications/meta/application/PhabricatorApplicationApplications.php

@@ -33,6 +33,8 @@ public function getRoutes() {
           'PhabricatorApplicationsListController',
         'view/(?P<application>\w+)/' =>
           'PhabricatorApplicationDetailViewController',
+        'edit/(?P<application>\w+)/' =>
+          'PhabricatorApplicationEditController',
         '(?P<application>\w+)/(?P<action>install|uninstall)/' =>
           'PhabricatorApplicationUninstallController',
         ),

src/applications/meta/controller/PhabricatorApplicationDetailViewController.php

@@ -13,8 +13,10 @@ public function processRequest() {
     $request = $this->getRequest();
     $user = $request->getUser();
 
-    $selected = PhabricatorApplication::getByClass($this->application);
-
+    $selected = id(new PhabricatorApplicationQuery())
+      ->setViewer($user)
+      ->withClasses(array($this->application))
+      ->executeOne();
     if (!$selected) {
       return new Aphront404Response();
     }
@@ -24,8 +26,7 @@ public function processRequest() {
     $crumbs = $this->buildApplicationCrumbs();
     $crumbs->addCrumb(
       id(new PhabricatorCrumbView())
-        ->setName(pht('Applications'))
-        ->setHref($this->getApplicationURI()));
+        ->setName($selected->getName()));
 
     $header = id(new PHUIHeaderView())
       ->setHeader($title);
@@ -70,37 +71,68 @@ public function processRequest() {
       ));
   }
 
-  private function buildPropertyView(PhabricatorApplication $selected) {
+  private function buildPropertyView(PhabricatorApplication $application) {
+    $viewer = $this->getRequest()->getUser();
+
     $properties = id(new PhabricatorPropertyListView())
-              ->addProperty(
-                pht('Description'), $selected->getShortDescription());
+      ->addProperty(pht('Description'), $application->getShortDescription());
+
+    $descriptions = PhabricatorPolicyQuery::renderPolicyDescriptions(
+      $viewer,
+      $application);
+
+    $properties->addSectionHeader(pht('Policies'));
+
+    foreach ($application->getCapabilities() as $capability) {
+      $properties->addProperty(
+        $application->getCapabilityLabel($capability),
+        idx($descriptions, $capability));
+    }
 
     return $properties;
   }
 
   private function buildActionView(
-    PhabricatorUser $user, PhabricatorApplication $selected) {
+    PhabricatorUser $user,
+    PhabricatorApplication $selected) {
 
     $view = id(new PhabricatorActionListView())
       ->setUser($user)
       ->setObjectURI($this->getRequest()->getRequestURI());
 
+    $can_edit = PhabricatorPolicyFilter::hasCapability(
+      $user,
+      $selected,
+      PhabricatorPolicyCapability::CAN_EDIT);
+
+    $edit_uri = $this->getApplicationURI('edit/'.get_class($selected).'/');
+
+    $view->addAction(
+      id(new PhabricatorActionView())
+        ->setName(pht('Edit Policies'))
+        ->setIcon('edit')
+        ->setDisabled(!$can_edit)
+        ->setWorkflow(!$can_edit)
+        ->setHref($edit_uri));
+
     if ($selected->canUninstall()) {
       if ($selected->isInstalled()) {
         $view->addAction(
-               id(new PhabricatorActionView())
-               ->setName(pht('Uninstall'))
-               ->setIcon('delete')
-               ->setWorkflow(true)
-               ->setHref(
-                $this->getApplicationURI(get_class($selected).'/uninstall/')));
+          id(new PhabricatorActionView())
+            ->setName(pht('Uninstall'))
+            ->setIcon('delete')
+            ->setDisabled(!$can_edit)
+            ->setWorkflow(true)
+            ->setHref(
+              $this->getApplicationURI(get_class($selected).'/uninstall/')));
       } else {
         $action = id(new PhabricatorActionView())
           ->setName(pht('Install'))
           ->setIcon('new')
+          ->setDisabled(!$can_edit)
           ->setWorkflow(true)
           ->setHref(
-           $this->getApplicationURI(get_class($selected).'/install/'));
+             $this->getApplicationURI(get_class($selected).'/install/'));
 
         $beta_enabled = PhabricatorEnv::getEnvConfig(
           'phabricator.show-beta-applications');
@@ -112,14 +144,15 @@ private function buildActionView(
       }
     } else {
       $view->addAction(
-             id(new PhabricatorActionView())
-             ->setName(pht('Uninstall'))
-             ->setIcon('delete')
-             ->setWorkflow(true)
-             ->setDisabled(true)
-             ->setHref(
-               $this->getApplicationURI(get_class($selected).'/uninstall/')));
+        id(new PhabricatorActionView())
+          ->setName(pht('Uninstall'))
+          ->setIcon('delete')
+          ->setWorkflow(true)
+          ->setDisabled(true)
+          ->setHref(
+            $this->getApplicationURI(get_class($selected).'/uninstall/')));
     }
+
     return $view;
   }