Make "Can Interact" and logged-out users interact more gracefully

epriestley · epriestley · commit d0c648dfa53b · 2017-03-09T08:50:57.000-08:00
Summary: Fixes T12378. Two minor issues here: - CAN_INTERACT on tasks uses "USER", but should just use the view policy, which may be more permissive ("PUBLIC"). - CAN_INTERACT is currently prevented from being "PUBLIC" by additional safeguards. Define an explicit capability object for the permission which returns `true` from `shouldAllowPublicPolicySetting()`. Test Plan: - Viewed an unlocked task as a logged-out user, saw "login to comment" instead of "locked". - Viewed a locked task as a logged-out user, saw "locked". Reviewers: chad Reviewed By: chad Maniphest Tasks: T12378 Differential Revision: https://secure.phabricator.com/D17485
diff --git a/src/__phutil_library_map__.php b/src/__phutil_library_map__.php
@@ -3445,6 +3445,7 @@
     'PhabricatorPolicyAwareQuery' => 'infrastructure/query/policy/PhabricatorPolicyAwareQuery.php',
     'PhabricatorPolicyAwareTestQuery' => 'applications/policy/__tests__/PhabricatorPolicyAwareTestQuery.php',
     'PhabricatorPolicyCanEditCapability' => 'applications/policy/capability/PhabricatorPolicyCanEditCapability.php',
+    'PhabricatorPolicyCanInteractCapability' => 'applications/policy/capability/PhabricatorPolicyCanInteractCapability.php',
     'PhabricatorPolicyCanJoinCapability' => 'applications/policy/capability/PhabricatorPolicyCanJoinCapability.php',
     'PhabricatorPolicyCanViewCapability' => 'applications/policy/capability/PhabricatorPolicyCanViewCapability.php',
     'PhabricatorPolicyCapability' => 'applications/policy/capability/PhabricatorPolicyCapability.php',
@@ -8654,6 +8655,7 @@
     'PhabricatorPolicyAwareQuery' => 'PhabricatorOffsetPagedQuery',
     'PhabricatorPolicyAwareTestQuery' => 'PhabricatorPolicyAwareQuery',
     'PhabricatorPolicyCanEditCapability' => 'PhabricatorPolicyCapability',
+    'PhabricatorPolicyCanInteractCapability' => 'PhabricatorPolicyCapability',
     'PhabricatorPolicyCanJoinCapability' => 'PhabricatorPolicyCapability',
     'PhabricatorPolicyCanViewCapability' => 'PhabricatorPolicyCapability',
     'PhabricatorPolicyCapability' => 'Phobject',
diff --git a/src/applications/maniphest/storage/ManiphestTask.php b/src/applications/maniphest/storage/ManiphestTask.php
@@ -361,7 +361,7 @@ public function getPolicy($capability) {
         if ($this->isLocked()) {
           return PhabricatorPolicies::POLICY_NOONE;
         } else {
-          return PhabricatorPolicies::POLICY_USER;
+          return $this->getViewPolicy();
         }
       case PhabricatorPolicyCapability::CAN_EDIT:
         return $this->getEditPolicy();
diff --git a/src/applications/policy/capability/PhabricatorPolicyCanInteractCapability.php b/src/applications/policy/capability/PhabricatorPolicyCanInteractCapability.php
@@ -0,0 +1,20 @@
+<?php
+
+final class PhabricatorPolicyCanInteractCapability
+  extends PhabricatorPolicyCapability {
+
+  const CAPABILITY = self::CAN_INTERACT;
+
+  public function getCapabilityName() {
+    return pht('Can Interact');
+  }
+
+  public function describeCapabilityRejection() {
+    return pht('You do not have permission to interact with this object.');
+  }
+
+  public function shouldAllowPublicPolicySetting() {
+    return true;
+  }
+
+}

Original file line number	Diff line number	Diff line change
`@@ -361,7 +361,7 @@ public function getPolicy($capability) {`
`361`	`361`	`if ($this->isLocked()) {`
`362`	`362`	`return PhabricatorPolicies::POLICY_NOONE;`
`363`	`363`	`} else {`
`364`		`- return PhabricatorPolicies::POLICY_USER;`
	`364`	`+ return $this->getViewPolicy();`
`365`	`365`	`}`
`366`	`366`	`case PhabricatorPolicyCapability::CAN_EDIT:`
`367`	`367`	`return $this->getEditPolicy();`