Add a very simple bin/policy script for CLI policy administration

Summary:
Ref T603. I want to provide at least a basic CLI tool for fixing policy problems, since there are various ways users can lock themselves out of objects right now. Although I imagine we'll solve most of them in the application eventually, having a workaround in the meantime will probably make support a lot easier.

This implements `bin/policy show <object>`, which shows an object's policy settings. In a future diff, I'll implement something like `bin/policy set --capability view --policy users <object>`, although maybe just `bin/policy unlock <object>` (which sets view and edit to "all users") would be better for now. Whichever way we go, it will be some blanket answer to people showing up in IRC having locked themselves out of objects which unblocks them while we work on preventing the issue in the first place.

Test Plan: See screenshot.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D7171

Author: epriestley

bin/policy

@@ -0,0 +1 @@
+../scripts/setup/manage_policy.php

scripts/setup/manage_policy.php

@@ -0,0 +1,22 @@
+#!/usr/bin/env php
+<?php
+
+$root = dirname(dirname(dirname(__FILE__)));
+require_once $root.'/scripts/__init_script__.php';
+
+$args = new PhutilArgumentParser($argv);
+$args->setTagline('manage policies');
+$args->setSynopsis(<<<EOSYNOPSIS
+**policy** __command__ [__options__]
+    Administrative tool for reviewing and editing policies.
+
+EOSYNOPSIS
+  );
+$args->parseStandardArguments();
+
+$workflows = array(
+  new PhabricatorPolicyManagementShowWorkflow(),
+  new PhutilHelpArgumentWorkflow(),
+);
+
+$args->parseWorkflows($workflows);

src/__phutil_library_map__.php

@@ -1467,6 +1467,8 @@
     'PhabricatorPolicyExplainController' => 'applications/policy/controller/PhabricatorPolicyExplainController.php',
     'PhabricatorPolicyFilter' => 'applications/policy/filter/PhabricatorPolicyFilter.php',
     'PhabricatorPolicyInterface' => 'applications/policy/interface/PhabricatorPolicyInterface.php',
+    'PhabricatorPolicyManagementShowWorkflow' => 'applications/policy/management/PhabricatorPolicyManagementShowWorkflow.php',
+    'PhabricatorPolicyManagementWorkflow' => 'applications/policy/management/PhabricatorPolicyManagementWorkflow.php',
     'PhabricatorPolicyQuery' => 'applications/policy/query/PhabricatorPolicyQuery.php',
     'PhabricatorPolicyTestCase' => 'applications/policy/__tests__/PhabricatorPolicyTestCase.php',
     'PhabricatorPolicyTestObject' => 'applications/policy/__tests__/PhabricatorPolicyTestObject.php',
@@ -3622,6 +3624,8 @@
     'PhabricatorPolicyDataTestCase' => 'PhabricatorTestCase',
     'PhabricatorPolicyException' => 'Exception',
     'PhabricatorPolicyExplainController' => 'PhabricatorPolicyController',
+    'PhabricatorPolicyManagementShowWorkflow' => 'PhabricatorPolicyManagementWorkflow',
+    'PhabricatorPolicyManagementWorkflow' => 'PhutilArgumentWorkflow',
     'PhabricatorPolicyQuery' => 'PhabricatorQuery',
     'PhabricatorPolicyTestCase' => 'PhabricatorTestCase',
     'PhabricatorPolicyTestObject' => 'PhabricatorPolicyInterface',

src/applications/policy/management/PhabricatorPolicyManagementShowWorkflow.php

@@ -0,0 +1,81 @@
+<?php
+
+final class PhabricatorPolicyManagementShowWorkflow
+  extends PhabricatorPolicyManagementWorkflow {
+
+  protected function didConstruct() {
+    $this
+      ->setName('show')
+      ->setSynopsis('Show policy information about an object.')
+      ->setExamples(
+        "**show** D123")
+      ->setArguments(
+        array(
+          array(
+            'name'      => 'objects',
+            'wildcard'  => true,
+          ),
+        ));
+  }
+
+  public function execute(PhutilArgumentParser $args) {
+    $console = PhutilConsole::getConsole();
+    $viewer = PhabricatorUser::getOmnipotentUser();
+
+    $obj_names = $args->getArg('objects');
+    if (!$obj_names) {
+      throw new PhutilArgumentUsageException(
+        pht(
+          "Specify the name of an object to show policy information for."));
+    } else if (count($obj_names) > 1) {
+      throw new PhutilArgumentUsageException(
+        pht(
+          "Specify the name of exactly one object to show policy information ".
+          "for."));
+    }
+
+    $object = id(new PhabricatorObjectQuery())
+      ->setViewer($viewer)
+      ->withNames($obj_names)
+      ->executeOne();
+
+    if (!$object) {
+      $name = head($obj_names);
+      throw new PhutilArgumentUsageException(
+        pht(
+          "No such object '%s'!",
+          $name));
+    }
+
+    $handle = id(new PhabricatorHandleQuery())
+      ->setViewer($viewer)
+      ->withPHIDs(array($object->getPHID()))
+      ->executeOne();
+
+    $policies = PhabricatorPolicyQuery::loadPolicies(
+      $viewer,
+      $object);
+
+    $console->writeOut("__%s__\n\n", pht('OBJECT'));
+    $console->writeOut("  %s\n", $handle->getFullName());
+    $console->writeOut("\n");
+
+    $console->writeOut("__%s__\n\n", pht('CAPABILITIES'));
+    foreach ($policies as $capability => $policy) {
+      $console->writeOut("  **%s**\n", $capability);
+      $console->writeOut("    %s\n", $policy->renderDescription());
+      $console->writeOut("    %s\n", $policy->getExplanation($capability));
+      $console->writeOut("\n");
+
+      $more = (array)$object->describeAutomaticCapability($capability);
+      if ($more) {
+        foreach ($more as $line) {
+          $console->writeOut("    %s\n", $line);
+        }
+        $console->writeOut("\n");
+      }
+    }
+
+  }
+
+}

src/applications/policy/management/PhabricatorPolicyManagementWorkflow.php

@@ -0,0 +1,10 @@
+<?php
+
+abstract class PhabricatorPolicyManagementWorkflow
+  extends PhutilArgumentWorkflow {
+
+  final public function isExecutable() {
+    return true;
+  }
+
+}