Add bin/policy unlock

Summary: Ref T603. We might need a fine-grained CLI tool later on, but here's a bat we can bludgeon things with.

Test Plan:
  - Ran `bin/policy unlock D12` (adjusted policies).
  - Ran `bin/policy unlock rPca85c457ebcb` (got "not mutable" stuff).

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D7189

Author: epriestley

scripts/setup/manage_policy.php

@@ -16,6 +16,7 @@
 
 $workflows = array(
   new PhabricatorPolicyManagementShowWorkflow(),
+  new PhabricatorPolicyManagementUnlockWorkflow(),
   new PhutilHelpArgumentWorkflow(),
 );
 

src/__phutil_library_map__.php

@@ -1469,6 +1469,7 @@
     'PhabricatorPolicyFilter' => 'applications/policy/filter/PhabricatorPolicyFilter.php',
     'PhabricatorPolicyInterface' => 'applications/policy/interface/PhabricatorPolicyInterface.php',
     'PhabricatorPolicyManagementShowWorkflow' => 'applications/policy/management/PhabricatorPolicyManagementShowWorkflow.php',
+    'PhabricatorPolicyManagementUnlockWorkflow' => 'applications/policy/management/PhabricatorPolicyManagementUnlockWorkflow.php',
     'PhabricatorPolicyManagementWorkflow' => 'applications/policy/management/PhabricatorPolicyManagementWorkflow.php',
     'PhabricatorPolicyQuery' => 'applications/policy/query/PhabricatorPolicyQuery.php',
     'PhabricatorPolicyTestCase' => 'applications/policy/__tests__/PhabricatorPolicyTestCase.php',
@@ -3627,6 +3628,7 @@
     'PhabricatorPolicyException' => 'Exception',
     'PhabricatorPolicyExplainController' => 'PhabricatorPolicyController',
     'PhabricatorPolicyManagementShowWorkflow' => 'PhabricatorPolicyManagementWorkflow',
+    'PhabricatorPolicyManagementUnlockWorkflow' => 'PhabricatorPolicyManagementWorkflow',
     'PhabricatorPolicyManagementWorkflow' => 'PhutilArgumentWorkflow',
     'PhabricatorPolicyQuery' => 'PhabricatorQuery',
     'PhabricatorPolicyTestCase' => 'PhabricatorTestCase',

src/applications/policy/management/PhabricatorPolicyManagementUnlockWorkflow.php

@@ -0,0 +1,104 @@
+<?php
+
+final class PhabricatorPolicyManagementUnlockWorkflow
+  extends PhabricatorPolicyManagementWorkflow {
+
+  protected function didConstruct() {
+    $this
+      ->setName('unlock')
+      ->setSynopsis(
+        'Unlock an object by setting its policies to allow anyone to view '.
+        'and edit it.')
+      ->setExamples(
+        "**unlock** D123")
+      ->setArguments(
+        array(
+          array(
+            'name'      => 'objects',
+            'wildcard'  => true,
+          ),
+        ));
+  }
+
+  public function execute(PhutilArgumentParser $args) {
+    $console = PhutilConsole::getConsole();
+    $viewer = PhabricatorUser::getOmnipotentUser();
+
+    $obj_names = $args->getArg('objects');
+    if (!$obj_names) {
+      throw new PhutilArgumentUsageException(
+        pht(
+          "Specify the name of an object to unlock."));
+    } else if (count($obj_names) > 1) {
+      throw new PhutilArgumentUsageException(
+        pht(
+          "Specify the name of exactly one object to unlock."));
+    }
+
+    $object = id(new PhabricatorObjectQuery())
+      ->setViewer($viewer)
+      ->withNames($obj_names)
+      ->executeOne();
+
+    if (!$object) {
+      $name = head($obj_names);
+      throw new PhutilArgumentUsageException(
+        pht(
+          "No such object '%s'!",
+          $name));
+    }
+
+    $handle = id(new PhabricatorHandleQuery())
+      ->setViewer($viewer)
+      ->withPHIDs(array($object->getPHID()))
+      ->executeOne();
+
+    $console->writeOut("%s\n", pht('Unlocking: %s', $handle->getFullName()));
+
+    $updated = false;
+    foreach ($object->getCapabilities() as $capability) {
+      switch ($capability) {
+        case PhabricatorPolicyCapability::CAN_VIEW:
+          try {
+            $object->setViewPolicy(PhabricatorPolicies::POLICY_USER);
+            $console->writeOut("%s\n", pht('Unlocked view policy.'));
+            $updated = true;
+          } catch (Exception $ex) {
+            $console->writeOut("%s\n", pht('View policy is not mutable.'));
+          }
+          break;
+        case PhabricatorPolicyCapability::CAN_EDIT:
+          try {
+            $object->setEditPolicy(PhabricatorPolicies::POLICY_USER);
+            $console->writeOut("%s\n", pht('Unlocked edit policy.'));
+            $updated = true;
+          } catch (Exception $ex) {
+            $console->writeOut("%s\n", pht('Edit policy is not mutable.'));
+          }
+          break;
+        case PhabricatorPolicyCapability::CAN_JOIN:
+          try {
+            $object->setJoinPolicy(PhabricatorPolicies::POLICY_USER);
+            $console->writeOut("%s\n", pht('Unlocked join policy.'));
+            $updated = true;
+          } catch (Exception $ex) {
+            $console->writeOut("%s\n", pht('Join policy is not mutable.'));
+          }
+          break;
+      }
+    }
+
+    if ($updated) {
+      $object->save();
+      $console->writeOut("%s\n", pht('Saved object.'));
+    } else {
+      $console->writeOut(
+        "%s\n",
+        pht(
+          'Object has no mutable policies. Try unlocking parent/container '.
+          'object instead. For example, to gain access to a commit, unlock '.
+          'the repository it belongs to.'));
+    }
+  }
+
+}