Make PhabricatorPolicyQuery a CursorPagedPolicyAwareQuery

Summary:
Ref T603. Make these actually implement policy interfaces, so shared infrastructure (like handle loading) works as expected. They don't actually have meaningful policies, and we short circuit all the checks.

(I don't plan to let you set policy controls on policies themselves)

Test Plan: Loaded handles for Policy objects via common infrastructure.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D7298

src/applications/policy/query/PhabricatorPolicyQuery.php

@@ -1,16 +1,11 @@
 <?php
 
-final class PhabricatorPolicyQuery extends PhabricatorQuery {
+final class PhabricatorPolicyQuery
+  extends PhabricatorCursorPagedPolicyAwareQuery {
 
-  private $viewer;
   private $object;
   private $phids;
 
-  public function setViewer(PhabricatorUser $viewer) {
-    $this->viewer = $viewer;
-    return $this;
-  }
-
   public function setObject(PhabricatorPolicyInterface $object) {
     $this->object = $object;
     return $this;
@@ -58,11 +53,7 @@ final class PhabricatorPolicyQuery extends PhabricatorQuery {
     return $policies;
   }
 
-  public function execute() {
-    if (!$this->viewer) {
-      throw new Exception('Call setViewer() before execute()!');
-    }
-
+  public function loadPage() {
     if ($this->object && $this->phids) {
       throw new Exception(
         "You can not issue a policy query with both setObject() and ".
@@ -102,7 +93,7 @@ final class PhabricatorPolicyQuery extends PhabricatorQuery {
 
       if ($handle_policies) {
         $handles = id(new PhabricatorHandleQuery())
-          ->setViewer($this->viewer)
+          ->setViewer($this->getViewer())
           ->withPHIDs($handle_policies)
           ->execute();
         foreach ($handle_policies as $phid) {
@@ -179,11 +170,12 @@ final class PhabricatorPolicyQuery extends PhabricatorQuery {
 
   private function loadObjectPolicyPHIDs() {
     $phids = array();
+    $viewer = $this->getViewer();
 
-    if ($this->viewer->getPHID()) {
+    if ($viewer->getPHID()) {
       $projects = id(new PhabricatorProjectQuery())
-        ->setViewer($this->viewer)
-        ->withMemberPHIDs(array($this->viewer->getPHID()))
+        ->setViewer($viewer)
+        ->withMemberPHIDs(array($viewer->getPHID()))
         ->execute();
       foreach ($projects as $project) {
         $phids[] = $project->getPHID();
@@ -215,5 +207,11 @@ final class PhabricatorPolicyQuery extends PhabricatorQuery {
     return $phids;
   }
 
+  protected function shouldDisablePolicyFiltering() {
+    // Policy filtering of policies is currently perilous and not required by
+    // the application.
+    return true;
+  }
+
 }
 

src/applications/policy/storage/PhabricatorPolicy.php

@@ -1,7 +1,8 @@
 <?php
 
 final class PhabricatorPolicy
-  extends PhabricatorPolicyDAO {
+  extends PhabricatorPolicyDAO
+  implements PhabricatorPolicyInterface {
 
   const ACTION_ALLOW = 'allow';
   const ACTION_DENY = 'deny';
@@ -300,4 +301,29 @@ final class PhabricatorPolicy
     return $this->assertAttached($this->ruleObjects);
   }
 
+
+/* -(  PhabricatorPolicyInterface  )----------------------------------------- */
+
+
+  public function getCapabilities() {
+    return array(
+      PhabricatorPolicyCapability::CAN_VIEW,
+    );
+  }
+
+  public function getPolicy($capability) {
+    // NOTE: We implement policies only so we can comply with the interface.
+    // The actual query skips them, as enforcing policies on policies seems
+    // perilous and isn't currently required by the application.
+    return PhabricatorPolicies::POLICY_PUBLIC;
+  }
+
+  public function hasAutomaticCapability($capability, PhabricatorUser $viewer) {
+    return false;
+  }
+
+  public function describeAutomaticCapability($capability) {
+    return null;
+  }
+
 }