Make Maniphest list page react to viewer capabilities

Summary:
Ref T603. Basically:

  - Hide "Reports".
  - Hide "batch edit" and "export to excel".
  - Hide reprioritization controls.
  - I left the edit controls, they show a "login to continue" dialog when hit.
  - Allow tokenizer results to fill for public users.
  - Fix a bug where membership in projects was computed incorrectly in certain cases.
  - Add a unit test covering the project membership bug.

Test Plan: Viewed /maniphest/ when logged out, and while logged in.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D7126

src/__phutil_library_map__.php

@@ -1453,6 +1453,7 @@ phutil_register_library_map(array(
     'PhabricatorPolicyCapability' => 'applications/policy/constants/PhabricatorPolicyCapability.php',
     'PhabricatorPolicyConfigOptions' => 'applications/config/option/PhabricatorPolicyConfigOptions.php',
     'PhabricatorPolicyConstants' => 'applications/policy/constants/PhabricatorPolicyConstants.php',
+    'PhabricatorPolicyDataTestCase' => 'applications/policy/__tests__/PhabricatorPolicyDataTestCase.php',
     'PhabricatorPolicyException' => 'applications/policy/exception/PhabricatorPolicyException.php',
     'PhabricatorPolicyFilter' => 'applications/policy/filter/PhabricatorPolicyFilter.php',
     'PhabricatorPolicyInterface' => 'applications/policy/interface/PhabricatorPolicyInterface.php',
@@ -3599,6 +3600,7 @@ phutil_register_library_map(array(
     'PhabricatorPolicyAwareTestQuery' => 'PhabricatorPolicyAwareQuery',
     'PhabricatorPolicyCapability' => 'PhabricatorPolicyConstants',
     'PhabricatorPolicyConfigOptions' => 'PhabricatorApplicationConfigOptions',
+    'PhabricatorPolicyDataTestCase' => 'PhabricatorTestCase',
     'PhabricatorPolicyException' => 'Exception',
     'PhabricatorPolicyQuery' => 'PhabricatorQuery',
     'PhabricatorPolicyTestCase' => 'PhabricatorTestCase',

src/applications/maniphest/controller/ManiphestController.php

@@ -20,8 +20,11 @@ abstract class ManiphestController extends PhabricatorController {
       ->setViewer($user)
       ->addNavigationItems($nav->getMenu());
 
-    $nav->addLabel(pht('Reports'));
+    if ($user->isLoggedIn()) {
-    $nav->addFilter('report', pht('Reports'));
+      // For now, don't give logged-out users access to reports.
+      $nav->addLabel(pht('Reports'));
+      $nav->addFilter('report', pht('Reports'));
+    }
 
     $nav->selectFilter(null);
 

src/applications/maniphest/controller/ManiphestTaskListController.php

@@ -49,6 +49,13 @@ final class ManiphestTaskListController
     $can_drag = ($order_parameter == 'priority') &&
                 ($group_parameter == 'none' || $group_parameter == 'priority');
 
+    if (!$viewer->isLoggedIn()) {
+      // TODO: (T603) Eventually, we conceivably need to make each task
+      // draggable individually, since the user may be able to edit some but
+      // not others.
+      $can_drag = false;
+    }
+
     $result = array();
 
     $lists = array();
@@ -184,6 +191,12 @@ final class ManiphestTaskListController
   private function renderBatchEditor(PhabricatorSavedQuery $saved_query) {
     $user = $this->getRequest()->getUser();
 
+    if (!$user->isLoggedIn()) {
+      // Don't show the batch editor or excel export for logged-out users.
+      // Technically we //could// let them export, but ehh.
+      return null;
+    }
+
     Javelin::initBehavior(
       'maniphest-batch-selector',
       array(

src/applications/policy/__tests__/PhabricatorPolicyDataTestCase.php

@@ -0,0 +1,34 @@
+<?php
+
+final class PhabricatorPolicyDataTestCase extends PhabricatorTestCase {
+
+  protected function getPhabricatorTestCaseConfiguration() {
+    return array(
+      self::PHABRICATOR_TESTCONFIG_BUILD_STORAGE_FIXTURES => true,
+    );
+  }
+
+  public function testProjectPolicyMembership() {
+    $author = $this->generateNewTestUser();
+
+    $proj_a = id(new PhabricatorProject())
+      ->setName('A')
+      ->setAuthorPHID($author->getPHID())
+      ->save();
+    $proj_b = id(new PhabricatorProject())
+      ->setName('B')
+      ->setAuthorPHID($author->getPHID())
+      ->save();
+
+    $proj_a->setViewPolicy($proj_b->getPHID())->save();
+    $proj_b->setViewPolicy($proj_a->getPHID())->save();
+
+    $user = new PhabricatorUser();
+
+    $results = id(new PhabricatorProjectQuery())
+      ->setViewer($user)
+      ->execute();
+
+    $this->assertEqual(0, count($results));
+  }
+}

src/applications/policy/filter/PhabricatorPolicyFilter.php

@@ -213,7 +213,7 @@ final class PhabricatorPolicyFilter {
       default:
         $type = phid_get_type($policy);
         if ($type == PhabricatorProjectPHIDTypeProject::TYPECONST) {
-          if (isset($this->userProjects[$viewer->getPHID()][$policy])) {
+          if (!empty($this->userProjects[$viewer->getPHID()][$policy])) {
             return true;
           } else {
             $this->rejectObject($object, $policy, $capability);

src/applications/typeahead/controller/PhabricatorTypeaheadCommonDatasourceController.php

@@ -5,6 +5,10 @@ final class PhabricatorTypeaheadCommonDatasourceController
 
   private $type;
 
+  public function shouldAllowPublic() {
+    return true;
+  }
+
   public function willProcessRequest(array $data) {
     $this->type = $data['type'];
   }
@@ -230,7 +234,9 @@ final class PhabricatorTypeaheadCommonDatasourceController
     }
 
     if ($need_repos) {
-      $repos = id(new PhabricatorRepository())->loadAll();
+      $repos = id(new PhabricatorRepositoryQuery())
+        ->setViewer($viewer)
+        ->execute();
       foreach ($repos as $repo) {
         $results[] = id(new PhabricatorTypeaheadResult())
           ->setName('r'.$repo->getCallsign().' ('.$repo->getName().')')