Allow projects to be set as policies

Summary:
  - Renames `PhabricatorPolicyQuery` to `PhabricatorPolicyAwareQuery` (a query which respects policy settings).
  - Introduces `PhabricatorPolicyQuery`, which loads available policies (e.g., "member of project X").
  - Introduces `PhabricatorPolicy`, which describes a policy.
  - Allows projects to be set as policies.
  - Allows Paste policies to be edited.
  - Covers crazy cases where you make projects depend on themselves or each other because you are a dastardly villan.

Test Plan: Set paste and project policies, including crazy policies like A -> B -> A, A -> A, etc.

Reviewers: vrana, btrahan

Reviewed By: vrana

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D3476

Author: epriestley

src/__phutil_library_map__.php

@@ -626,7 +626,7 @@
     'PhabricatorCountdownEditController' => 'applications/countdown/controller/PhabricatorCountdownEditController.php',
     'PhabricatorCountdownListController' => 'applications/countdown/controller/PhabricatorCountdownListController.php',
     'PhabricatorCountdownViewController' => 'applications/countdown/controller/PhabricatorCountdownViewController.php',
-    'PhabricatorCursorPagedPolicyQuery' => 'infrastructure/query/policy/PhabricatorCursorPagedPolicyQuery.php',
+    'PhabricatorCursorPagedPolicyAwareQuery' => 'infrastructure/query/policy/PhabricatorCursorPagedPolicyAwareQuery.php',
     'PhabricatorDaemon' => 'infrastructure/daemon/PhabricatorDaemon.php',
     'PhabricatorDaemonCombinedLogController' => 'applications/daemon/controller/PhabricatorDaemonCombinedLogController.php',
     'PhabricatorDaemonConsoleController' => 'applications/daemon/controller/PhabricatorDaemonConsoleController.php',
@@ -909,15 +909,18 @@
     'PhabricatorPeopleProfileController' => 'applications/people/controller/PhabricatorPeopleProfileController.php',
     'PhabricatorPeopleQuery' => 'applications/people/PhabricatorPeopleQuery.php',
     'PhabricatorPolicies' => 'applications/policy/constants/PhabricatorPolicies.php',
+    'PhabricatorPolicy' => 'applications/policy/filter/PhabricatorPolicy.php',
+    'PhabricatorPolicyAwareQuery' => 'infrastructure/query/policy/PhabricatorPolicyAwareQuery.php',
+    'PhabricatorPolicyAwareTestQuery' => 'applications/policy/__tests__/PhabricatorPolicyAwareTestQuery.php',
     'PhabricatorPolicyCapability' => 'applications/policy/constants/PhabricatorPolicyCapability.php',
     'PhabricatorPolicyConstants' => 'applications/policy/constants/PhabricatorPolicyConstants.php',
     'PhabricatorPolicyException' => 'applications/policy/exception/PhabricatorPolicyException.php',
     'PhabricatorPolicyFilter' => 'applications/policy/filter/PhabricatorPolicyFilter.php',
     'PhabricatorPolicyInterface' => 'applications/policy/interface/PhabricatorPolicyInterface.php',
-    'PhabricatorPolicyQuery' => 'infrastructure/query/policy/PhabricatorPolicyQuery.php',
+    'PhabricatorPolicyQuery' => 'applications/policy/query/PhabricatorPolicyQuery.php',
     'PhabricatorPolicyTestCase' => 'applications/policy/__tests__/PhabricatorPolicyTestCase.php',
     'PhabricatorPolicyTestObject' => 'applications/policy/__tests__/PhabricatorPolicyTestObject.php',
-    'PhabricatorPolicyTestQuery' => 'applications/policy/__tests__/PhabricatorPolicyTestQuery.php',
+    'PhabricatorPolicyType' => 'applications/policy/constants/PhabricatorPolicyType.php',
     'PhabricatorProfileHeaderView' => 'view/layout/PhabricatorProfileHeaderView.php',
     'PhabricatorProject' => 'applications/project/storage/PhabricatorProject.php',
     'PhabricatorProjectConstants' => 'applications/project/constants/PhabricatorProjectConstants.php',
@@ -1753,7 +1756,7 @@
       1 => 'PhabricatorPolicyInterface',
     ),
     'PhabricatorChatLogEventType' => 'PhabricatorChatLogConstants',
-    'PhabricatorChatLogQuery' => 'PhabricatorCursorPagedPolicyQuery',
+    'PhabricatorChatLogQuery' => 'PhabricatorCursorPagedPolicyAwareQuery',
     'PhabricatorConduitAPIController' => 'PhabricatorConduitController',
     'PhabricatorConduitCertificateToken' => 'PhabricatorConduitDAO',
     'PhabricatorConduitConnectionLog' => 'PhabricatorConduitDAO',
@@ -1772,7 +1775,7 @@
     'PhabricatorCountdownEditController' => 'PhabricatorCountdownController',
     'PhabricatorCountdownListController' => 'PhabricatorCountdownController',
     'PhabricatorCountdownViewController' => 'PhabricatorCountdownController',
-    'PhabricatorCursorPagedPolicyQuery' => 'PhabricatorPolicyQuery',
+    'PhabricatorCursorPagedPolicyAwareQuery' => 'PhabricatorPolicyAwareQuery',
     'PhabricatorDaemon' => 'PhutilDaemon',
     'PhabricatorDaemonCombinedLogController' => 'PhabricatorDaemonController',
     'PhabricatorDaemonConsoleController' => 'PhabricatorDaemonController',
@@ -1828,7 +1831,7 @@
     'PhabricatorFeedController' => 'PhabricatorController',
     'PhabricatorFeedDAO' => 'PhabricatorLiskDAO',
     'PhabricatorFeedPublicStreamController' => 'PhabricatorFeedController',
-    'PhabricatorFeedQuery' => 'PhabricatorCursorPagedPolicyQuery',
+    'PhabricatorFeedQuery' => 'PhabricatorCursorPagedPolicyAwareQuery',
     'PhabricatorFeedStory' => 'PhabricatorPolicyInterface',
     'PhabricatorFeedStoryAggregate' => 'PhabricatorFeedStory',
     'PhabricatorFeedStoryAudit' => 'PhabricatorFeedStory',
@@ -1996,7 +1999,7 @@
       0 => 'PhabricatorOwnersDAO',
       1 => 'PhabricatorPolicyInterface',
     ),
-    'PhabricatorOwnersPackageQuery' => 'PhabricatorCursorPagedPolicyQuery',
+    'PhabricatorOwnersPackageQuery' => 'PhabricatorCursorPagedPolicyAwareQuery',
     'PhabricatorOwnersPath' => 'PhabricatorOwnersDAO',
     'PhabricatorPHIDController' => 'PhabricatorController',
     'PhabricatorPHIDLookupController' => 'PhabricatorPHIDController',
@@ -2009,7 +2012,7 @@
     'PhabricatorPasteDAO' => 'PhabricatorLiskDAO',
     'PhabricatorPasteEditController' => 'PhabricatorPasteController',
     'PhabricatorPasteListController' => 'PhabricatorPasteController',
-    'PhabricatorPasteQuery' => 'PhabricatorCursorPagedPolicyQuery',
+    'PhabricatorPasteQuery' => 'PhabricatorCursorPagedPolicyAwareQuery',
     'PhabricatorPasteViewController' => 'PhabricatorPasteController',
     'PhabricatorPeopleController' => 'PhabricatorController',
     'PhabricatorPeopleEditController' => 'PhabricatorPeopleController',
@@ -2019,12 +2022,14 @@
     'PhabricatorPeopleProfileController' => 'PhabricatorPeopleController',
     'PhabricatorPeopleQuery' => 'PhabricatorOffsetPagedQuery',
     'PhabricatorPolicies' => 'PhabricatorPolicyConstants',
+    'PhabricatorPolicyAwareQuery' => 'PhabricatorOffsetPagedQuery',
+    'PhabricatorPolicyAwareTestQuery' => 'PhabricatorPolicyAwareQuery',
     'PhabricatorPolicyCapability' => 'PhabricatorPolicyConstants',
     'PhabricatorPolicyException' => 'Exception',
-    'PhabricatorPolicyQuery' => 'PhabricatorOffsetPagedQuery',
+    'PhabricatorPolicyQuery' => 'PhabricatorQuery',
     'PhabricatorPolicyTestCase' => 'PhabricatorTestCase',
     'PhabricatorPolicyTestObject' => 'PhabricatorPolicyInterface',
-    'PhabricatorPolicyTestQuery' => 'PhabricatorPolicyQuery',
+    'PhabricatorPolicyType' => 'PhabricatorPolicyConstants',
     'PhabricatorProfileHeaderView' => 'AphrontView',
     'PhabricatorProject' =>
     array(
@@ -2041,7 +2046,7 @@
     'PhabricatorProjectProfile' => 'PhabricatorProjectDAO',
     'PhabricatorProjectProfileController' => 'PhabricatorProjectController',
     'PhabricatorProjectProfileEditController' => 'PhabricatorProjectController',
-    'PhabricatorProjectQuery' => 'PhabricatorCursorPagedPolicyQuery',
+    'PhabricatorProjectQuery' => 'PhabricatorCursorPagedPolicyAwareQuery',
     'PhabricatorProjectTransaction' => 'PhabricatorProjectDAO',
     'PhabricatorProjectTransactionType' => 'PhabricatorProjectConstants',
     'PhabricatorProjectUpdateController' => 'PhabricatorProjectController',

src/applications/chatlog/PhabricatorChatLogQuery.php

@@ -16,7 +16,8 @@
  * limitations under the License.
  */
 
-final class PhabricatorChatLogQuery extends PhabricatorCursorPagedPolicyQuery {
+final class PhabricatorChatLogQuery
+  extends PhabricatorCursorPagedPolicyAwareQuery {
 
   private $channels;
   private $maximumEpoch;

src/applications/chatlog/storage/PhabricatorChatLogEvent.php

@@ -35,7 +35,7 @@ public function getCapabilities() {
 
   public function getPolicy($capability) {
     // TODO: This is sort of silly and mostly just so that we can use
-    // CursorPagedPolicyQuery; once we implement Channel objects we should
+    // CursorPagedPolicyAwareQuery; once we implement Channel objects we should
     // just delegate policy to them.
     return PhabricatorPolicies::POLICY_PUBLIC;
   }

src/applications/feed/PhabricatorFeedQuery.php

@@ -16,7 +16,8 @@
  * limitations under the License.
  */
 
-final class PhabricatorFeedQuery extends PhabricatorCursorPagedPolicyQuery {
+final class PhabricatorFeedQuery
+  extends PhabricatorCursorPagedPolicyAwareQuery {
 
   private $filterPHIDs;
 

src/applications/owners/query/PhabricatorOwnersPackageQuery.php

@@ -17,7 +17,7 @@
  */
 
 final class PhabricatorOwnersPackageQuery
-  extends PhabricatorCursorPagedPolicyQuery {
+  extends PhabricatorCursorPagedPolicyAwareQuery {
 
   private $ownerPHIDs;
 

src/applications/paste/controller/PhabricatorPasteEditController.php

@@ -87,6 +87,10 @@ public function processRequest() {
 
       $paste->setTitle($request->getStr('title'));
       $paste->setLanguage($request->getStr('language'));
+      $paste->setViewPolicy($request->getStr('can_view'));
+
+      // NOTE: The author is the only editor and can always view the paste,
+      // so it's impossible for them to choose an invalid policy.
 
       if (!$errors) {
         if ($is_create) {
@@ -139,6 +143,19 @@ public function processRequest() {
           ->setValue($paste->getLanguage())
           ->setOptions($langs));
 
+    $policies = id(new PhabricatorPolicyQuery())
+      ->setViewer($user)
+      ->setObject($paste)
+      ->execute();
+
+    $form->appendChild(
+      id(new AphrontFormPolicyControl())
+        ->setUser($user)
+        ->setCapability(PhabricatorPolicyCapability::CAN_VIEW)
+        ->setPolicyObject($paste)
+        ->setPolicies($policies)
+        ->setName('can_view'));
+
     if ($is_create) {
       $form
         ->appendChild(
@@ -151,16 +168,6 @@ public function processRequest() {
             ->setName('text'));
     }
 
-    /* TODO: Doesn't have any useful options yet.
-      ->appendChild(
-        id(new AphrontFormPolicyControl())
-          ->setLabel('Visible To')
-          ->setUser($user)
-          ->setValue(
-            $new_paste->getPolicy(PhabricatorPolicyCapability::CAN_VIEW))
-          ->setName('policy'))
-    */
-
     $submit = new AphrontFormSubmitControl();
 
     if (!$is_create) {

src/applications/paste/controller/PhabricatorPasteViewController.php

@@ -147,6 +147,14 @@ private function buildPropertyView(
         $this->renderHandlesForPHIDs($child_phids));
     }
 
+    $descriptions = PhabricatorPolicyQuery::renderPolicyDescriptions(
+      $user,
+      $paste);
+
+    $properties->addProperty(
+      pht('Visible To'),
+      $descriptions[PhabricatorPolicyCapability::CAN_VIEW]);
+
     return $properties;
   }
 

src/applications/paste/query/PhabricatorPasteQuery.php

@@ -16,7 +16,8 @@
  * limitations under the License.
  */
 
-final class PhabricatorPasteQuery extends PhabricatorCursorPagedPolicyQuery {
+final class PhabricatorPasteQuery
+  extends PhabricatorCursorPagedPolicyAwareQuery {
 
   private $ids;
   private $phids;

src/applications/phid/handle/PhabricatorObjectHandleData.php

@@ -345,7 +345,15 @@ public function loadHandles() {
         case PhabricatorPHIDConstants::PHID_TYPE_PROJ:
           $object = new PhabricatorProject();
 
-          $projects = $object->loadAllWhere('phid IN (%Ls)', $phids);
+          if ($this->viewer) {
+            $projects = id(new PhabricatorProjectQuery())
+              ->setViewer($this->viewer)
+              ->withPHIDs($phids)
+              ->execute();
+          } else {
+            $projects = $object->loadAllWhere('phid IN (%Ls)', $phids);
+          }
+
           $projects = mpull($projects, null, 'getPHID');
 
           foreach ($phids as $phid) {

…__tests__/PhabricatorPolicyTestQuery.php …ts__/PhabricatorPolicyAwareTestQuery.phpsrc/applications/policy/__tests__/PhabricatorPolicyTestQuery.php renamed to src/applications/policy/__tests__/PhabricatorPolicyAwareTestQuery.php src/applications/policy/__tests__/PhabricatorPolicyTestQuery.php renamed to src/applications/policy/__tests__/PhabricatorPolicyAwareTestQuery.php

@@ -19,8 +19,8 @@
 /**
  * Configurable test query for implementing Policy unit tests.
  */
-final class PhabricatorPolicyTestQuery
-  extends PhabricatorPolicyQuery {
+final class PhabricatorPolicyAwareTestQuery
+  extends PhabricatorPolicyAwareQuery {
 
   private $results;
   private $offset = 0;