From 0ceb53bfae28c42b1c961dec4d09f4ce96a74db1 Mon Sep 17 00:00:00 2001
From: James Rhodes <jrhodes@redpointsoftware.com.au>
Date: Mon, 4 Nov 2013 07:29:21 -0800
Subject: [PATCH] Fix issue where Git authentication would always 403 on
 non-public install.

Summary: This fixes an issue where Git authentication would always fail on an install with `policy.allow-public` set to false.  This is because when public access is allowed, anonymous users can query the user list.  However, when public access is not allowed, you have to be authenticated before you can read any of the user objects.

Test Plan:
Prior to this fix, I get:

```
james@james-laptop:~/git/8> git clone http://phabricator.local/diffusion/TEST/
Cloning into 'TEST'...
fatal: unable to access 'http://phabricator.local/diffusion/TEST/': The requested URL returned error: 403
```

when `policy.allow-public` is false.  After this fix I get:

```
james@james-laptop:~/git/8> git clone http://phabricator.local/diffusion/TEST/
Cloning into 'TEST'...
remote: Counting objects: 102, done.
remote: Compressing objects: 100% (71/71), done.
remote: Total 102 (delta 6), reused 0 (delta 0)
Receiving objects: 100% (102/102), 9.89 KiB | 0 bytes/s, done.
Resolving deltas: 100% (6/6), done.
Checking connectivity... done
```

Reviewers: epriestley, #blessed_reviewers

Reviewed By: epriestley

CC: Korvin, epriestley, aran

Maniphest Tasks: T4049

Differential Revision: https://secure.phabricator.com/D7489
---
 src/applications/diffusion/controller/DiffusionController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/applications/diffusion/controller/DiffusionController.php b/src/applications/diffusion/controller/DiffusionController.php
index d80efd1c23..262fea776a 100644
--- a/src/applications/diffusion/controller/DiffusionController.php
+++ b/src/applications/diffusion/controller/DiffusionController.php
@@ -537,7 +537,7 @@ abstract class DiffusionController extends PhabricatorController {
     }
 
     $user = id(new PhabricatorPeopleQuery())
-      ->setViewer(new PhabricatorUser())
+      ->setViewer(PhabricatorUser::getOmnipotentUser())
       ->withUsernames(array($username))
       ->executeOne();
     if (!$user) {