Remove Join Policy from Phame

Summary: Drops Join Policy, uses Edit Policy where needed. Allows anyone with Blog Edit permissions to post and edit any post on that blog. Fixes T5371

Test Plan: Draft Post as chad, see post, log in with notchad, edit that post and publish it.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin

Maniphest Tasks: T5371

Differential Revision: https://secure.phabricator.com/D14444

Author: chadlittle

resources/sql/autopatches/20151108.phame.blog.joinpolicy.sql

@@ -0,0 +1,2 @@
+ALTER TABLE {$NAMESPACE}_phame.phame_blog
+  DROP joinPolicy;

src/applications/phame/conduit/PhameCreatePostConduitAPIMethod.php

@@ -73,7 +73,8 @@ protected function execute(ConduitAPIRequest $request) {
       ->withPHIDs(array($blog_phid))
       ->requireCapabilities(
         array(
-          PhabricatorPolicyCapability::CAN_JOIN,
+          PhabricatorPolicyCapability::CAN_VIEW,
+          PhabricatorPolicyCapability::CAN_EDIT,
         ))
       ->executeOne();
 

src/applications/phame/controller/blog/PhameBlogEditController.php

@@ -49,7 +49,6 @@ public function handleRequest(AphrontRequest $request) {
     $skin = $blog->getSkin();
     $can_view = $blog->getViewPolicy();
     $can_edit = $blog->getEditPolicy();
-    $can_join = $blog->getJoinPolicy();
 
     $e_name               = true;
     $e_custom_domain      = null;
@@ -62,7 +61,6 @@ public function handleRequest(AphrontRequest $request) {
       $skin = $request->getStr('skin');
       $can_view = $request->getStr('can_view');
       $can_edit = $request->getStr('can_edit');
-      $can_join = $request->getStr('can_join');
       $v_projects = $request->getArr('projects');
       $v_cc = $request->getArr('cc');
 
@@ -85,9 +83,6 @@ public function handleRequest(AphrontRequest $request) {
         id(new PhameBlogTransaction())
           ->setTransactionType(PhabricatorTransactions::TYPE_EDIT_POLICY)
           ->setNewValue($can_edit),
-        id(new PhameBlogTransaction())
-          ->setTransactionType(PhabricatorTransactions::TYPE_JOIN_POLICY)
-          ->setNewValue($can_join),
         id(new PhameBlogTransaction())
           ->setTransactionType(PhabricatorTransactions::TYPE_SUBSCRIBERS)
           ->setNewValue(array('=' => $v_cc)),
@@ -170,14 +165,6 @@ public function handleRequest(AphrontRequest $request) {
           ->setPolicies($policies)
           ->setValue($can_edit)
           ->setName('can_edit'))
-      ->appendChild(
-        id(new AphrontFormPolicyControl())
-          ->setUser($viewer)
-          ->setCapability(PhabricatorPolicyCapability::CAN_JOIN)
-          ->setPolicyObject($blog)
-          ->setPolicies($policies)
-          ->setValue($can_join)
-          ->setName('can_join'))
       ->appendControl(
         id(new AphrontFormTokenizerControl())
           ->setLabel(pht('Projects'))

src/applications/phame/controller/blog/PhameBlogViewController.php

@@ -100,10 +100,6 @@ private function renderProperties(
       pht('Editable By'),
       $descriptions[PhabricatorPolicyCapability::CAN_EDIT]);
 
-    $properties->addProperty(
-      pht('Joinable By'),
-      $descriptions[PhabricatorPolicyCapability::CAN_JOIN]);
-
     $engine = id(new PhabricatorMarkupEngine())
       ->setViewer($viewer)
       ->addObject($blog, PhameBlog::MARKUP_FIELD_DESCRIPTION)
@@ -136,18 +132,13 @@ private function renderActions(PhameBlog $blog, PhabricatorUser $viewer) {
       $blog,
       PhabricatorPolicyCapability::CAN_EDIT);
 
-    $can_join = PhabricatorPolicyFilter::hasCapability(
-      $viewer,
-      $blog,
-      PhabricatorPolicyCapability::CAN_JOIN);
-
     $actions->addAction(
       id(new PhabricatorActionView())
         ->setIcon('fa-plus')
         ->setHref($this->getApplicationURI('post/edit/?blog='.$blog->getID()))
         ->setName(pht('Write Post'))
-        ->setDisabled(!$can_join)
-        ->setWorkflow(!$can_join));
+        ->setDisabled(!$can_edit)
+        ->setWorkflow(!$can_edit));
 
     $actions->addAction(
       id(new PhabricatorActionView())

src/applications/phame/controller/post/PhamePostEditController.php

@@ -36,7 +36,7 @@ public function handleRequest(AphrontRequest $request) {
         ->requireCapabilities(
           array(
             PhabricatorPolicyCapability::CAN_VIEW,
-            PhabricatorPolicyCapability::CAN_JOIN,
+            PhabricatorPolicyCapability::CAN_EDIT,
           ))
         ->executeOne();
       if (!$blog) {

src/applications/phame/controller/post/PhamePostNewController.php

@@ -30,7 +30,7 @@ public function handleRequest(AphrontRequest $request) {
           ->withIDs(array($request->getInt('blog')))
           ->requireCapabilities(
             array(
-              PhabricatorPolicyCapability::CAN_JOIN,
+              PhabricatorPolicyCapability::CAN_EDIT,
             ))
           ->executeOne();
 
@@ -52,7 +52,7 @@ public function handleRequest(AphrontRequest $request) {
       ->setViewer($viewer)
       ->requireCapabilities(
         array(
-          PhabricatorPolicyCapability::CAN_JOIN,
+          PhabricatorPolicyCapability::CAN_EDIT,
         ))
       ->execute();
 
@@ -65,7 +65,7 @@ public function handleRequest(AphrontRequest $request) {
       $notification = id(new PHUIInfoView())
         ->setSeverity(PHUIInfoView::SEVERITY_NODATA)
         ->appendChild(
-          pht('You do not have permission to join any blogs. Create a blog '.
+          pht('You do not have permission to post to any blogs. Create a blog '.
               'first, then you can post to it.'));
 
     } else {

src/applications/phame/controller/post/PhamePostViewController.php

@@ -123,13 +123,15 @@ private function renderActions(
         id(new PhabricatorActionView())
           ->setIcon('fa-eye')
           ->setHref($this->getApplicationURI('post/publish/'.$id.'/'))
+          ->setDisabled(!$can_edit)
           ->setName(pht('Preview / Publish')));
     } else {
       $actions->addAction(
         id(new PhabricatorActionView())
           ->setIcon('fa-eye-slash')
           ->setHref($this->getApplicationURI('post/unpublish/'.$id.'/'))
           ->setName(pht('Unpublish'))
+          ->setDisabled(!$can_edit)
           ->setWorkflow(true));
     }
 

src/applications/phame/editor/PhameBlogEditor.php

@@ -20,7 +20,6 @@ public function getTransactionTypes() {
     $types[] = PhameBlogTransaction::TYPE_SKIN;
     $types[] = PhabricatorTransactions::TYPE_VIEW_POLICY;
     $types[] = PhabricatorTransactions::TYPE_EDIT_POLICY;
-    $types[] = PhabricatorTransactions::TYPE_JOIN_POLICY;
 
     return $types;
   }

src/applications/phame/storage/PhameBlog.php

@@ -20,7 +20,6 @@ final class PhameBlog extends PhameDAO
   protected $creatorPHID;
   protected $viewPolicy;
   protected $editPolicy;
-  protected $joinPolicy;
   protected $mailKey;
 
   private static $requestBlog;
@@ -39,7 +38,6 @@ protected function getConfiguration() {
 
         // T6203/NULLABILITY
         // These policies should always be non-null.
-        'joinPolicy' => 'policy?',
         'editPolicy' => 'policy?',
         'viewPolicy' => 'policy?',
       ),
@@ -73,8 +71,7 @@ public static function initializeNewBlog(PhabricatorUser $actor) {
     $blog = id(new PhameBlog())
       ->setCreatorPHID($actor->getPHID())
       ->setViewPolicy(PhabricatorPolicies::getMostOpenPolicy())
-      ->setEditPolicy(PhabricatorPolicies::POLICY_USER)
-      ->setJoinPolicy(PhabricatorPolicies::POLICY_USER);
+      ->setEditPolicy(PhabricatorPolicies::POLICY_USER);
     return $blog;
   }
 
@@ -236,7 +233,6 @@ public function getCapabilities() {
     return array(
       PhabricatorPolicyCapability::CAN_VIEW,
       PhabricatorPolicyCapability::CAN_EDIT,
-      PhabricatorPolicyCapability::CAN_JOIN,
     );
   }
 
@@ -247,30 +243,18 @@ public function getPolicy($capability) {
         return $this->getViewPolicy();
       case PhabricatorPolicyCapability::CAN_EDIT:
         return $this->getEditPolicy();
-      case PhabricatorPolicyCapability::CAN_JOIN:
-        return $this->getJoinPolicy();
     }
   }
 
   public function hasAutomaticCapability($capability, PhabricatorUser $user) {
     $can_edit = PhabricatorPolicyCapability::CAN_EDIT;
-    $can_join = PhabricatorPolicyCapability::CAN_JOIN;
 
     switch ($capability) {
       case PhabricatorPolicyCapability::CAN_VIEW:
         // Users who can edit or post to a blog can always view it.
         if (PhabricatorPolicyFilter::hasCapability($user, $this, $can_edit)) {
           return true;
         }
-        if (PhabricatorPolicyFilter::hasCapability($user, $this, $can_join)) {
-          return true;
-        }
-        break;
-      case PhabricatorPolicyCapability::CAN_JOIN:
-        // Users who can edit a blog can always post to it.
-        if (PhabricatorPolicyFilter::hasCapability($user, $this, $can_edit)) {
-          return true;
-        }
         break;
     }
 
@@ -282,10 +266,7 @@ public function describeAutomaticCapability($capability) {
     switch ($capability) {
       case PhabricatorPolicyCapability::CAN_VIEW:
         return pht(
-          'Users who can edit or post on a blog can always view it.');
-      case PhabricatorPolicyCapability::CAN_JOIN:
-        return pht(
-          'Users who can edit a blog can always post on it.');
+          'Users who can edit a blog can always view it.');
     }
 
     return null;

src/applications/phame/storage/PhamePost.php

@@ -198,18 +198,21 @@ public function getPolicy($capability) {
       case PhabricatorPolicyCapability::CAN_VIEW:
         if (!$this->isDraft() && $this->getBlog()) {
           return $this->getBlog()->getViewPolicy();
-        } else {
-          return PhabricatorPolicies::POLICY_NOONE;
+        } else if ($this->getBlog()) {
+          return $this->getBlog()->getEditPolicy();
         }
         break;
       case PhabricatorPolicyCapability::CAN_EDIT:
-        return PhabricatorPolicies::POLICY_NOONE;
+        if ($this->getBlog()) {
+          return $this->getBlog()->getEditPolicy();
+        } else {
+          return PhabricatorPolicies::POLICY_NOONE;
+        }
     }
   }
 
   public function hasAutomaticCapability($capability, PhabricatorUser $user) {
-    // A blog post's author can always view it, and is the only user allowed
-    // to edit it.
+    // A blog post's author can always view it.
 
     switch ($capability) {
       case PhabricatorPolicyCapability::CAN_VIEW: