Allow device-to-device SSH to establish SSH sessions

Summary:
In D16167 I required users to be logged in to be "activated", but this logic doesn't account for that properly when the user is an Almanac device (a cluster host connecting to another cluster host).

Don't do this check for device connections, they can always establish sessions.

Test Plan: Will push.

Reviewers: chad

Reviewed By: chad

Differential Revision: https://secure.phabricator.com/D16170

Author: epriestley

scripts/ssh/ssh-exec.php

@@ -190,12 +190,14 @@
       'P' => $user->getPHID(),
     ));
 
-  if (!$user->canEstablishSSHSessions()) {
-    throw new Exception(
-      pht(
-        'Your account ("%s") does not have permission to establish SSH '.
-        'sessions. Visit the web interface for more information.',
-        $user_name));
+  if (!$device) {
+    if (!$user->canEstablishSSHSessions()) {
+      throw new Exception(
+        pht(
+          'Your account ("%s") does not have permission to establish SSH '.
+          'sessions. Visit the web interface for more information.',
+          $user_name));
+    }
   }
 
   $workflows = id(new PhutilClassMapQuery())