Move Herald application capabilities to newer infrastructure

Summary: Ref T603. Use the new hotness.

Test Plan: Edited Herald in Applications, tried to create rules / global rules without capabilities, got reasonable error messages.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D7263

src/__phutil_library_map__.php

@@ -625,6 +625,8 @@ phutil_register_library_map(array(
     'HeraldAction' => 'applications/herald/storage/HeraldAction.php',
     'HeraldAdapter' => 'applications/herald/adapter/HeraldAdapter.php',
     'HeraldApplyTranscript' => 'applications/herald/storage/transcript/HeraldApplyTranscript.php',
+    'HeraldCapabilityCreateRules' => 'applications/herald/capability/HeraldCapabilityCreateRules.php',
+    'HeraldCapabilityManageGlobalRules' => 'applications/herald/capability/HeraldCapabilityManageGlobalRules.php',
     'HeraldCommitAdapter' => 'applications/herald/adapter/HeraldCommitAdapter.php',
     'HeraldCondition' => 'applications/herald/storage/HeraldCondition.php',
     'HeraldConditionTranscript' => 'applications/herald/storage/transcript/HeraldConditionTranscript.php',
@@ -2723,6 +2725,8 @@ phutil_register_library_map(array(
     'HarbormasterScratchTable' => 'HarbormasterDAO',
     'HeraldAction' => 'HeraldDAO',
     'HeraldApplyTranscript' => 'HeraldDAO',
+    'HeraldCapabilityCreateRules' => 'PhabricatorPolicyCapability',
+    'HeraldCapabilityManageGlobalRules' => 'PhabricatorPolicyCapability',
     'HeraldCommitAdapter' => 'HeraldAdapter',
     'HeraldCondition' => 'HeraldDAO',
     'HeraldController' => 'PhabricatorController',

src/applications/base/PhabricatorApplication.php

@@ -400,21 +400,26 @@ abstract class PhabricatorApplication
 
   private function getCustomCapabilitySpecification($capability) {
     $custom = $this->getCustomCapabilities();
-    if (empty($custom[$capability])) {
+    if (!isset($custom[$capability])) {
       throw new Exception("Unknown capability '{$capability}'!");
     }
     return $custom[$capability];
   }
 
   public function getCapabilityLabel($capability) {
-    $map = array(
-      PhabricatorPolicyCapability::CAN_VIEW => pht('Can Use Application'),
-      PhabricatorPolicyCapability::CAN_EDIT => pht('Can Configure Application'),
-    );
+    switch ($capability) {
+      case PhabricatorPolicyCapability::CAN_VIEW:
+        return pht('Can Use Application');
+      case PhabricatorPolicyCapability::CAN_EDIT:
+        return pht('Can Configure Application');
+    }
 
-    $map += ipull($this->getCustomCapabilities(), 'label');
+    $capobj = PhabricatorPolicyCapability::getCapabilityByKey($capability);
+    if ($capobj) {
+      return $capobj->getCapabilityName();
+    }
 
-    return idx($map, $capability);
+    return null;
   }
 
   public function isCapabilityEditable($capability) {

src/applications/herald/application/PhabricatorApplicationHerald.php

@@ -2,9 +2,6 @@
 
 final class PhabricatorApplicationHerald extends PhabricatorApplication {
 
-  const CAN_CREATE_RULE = 'herald.create';
-  const CAN_CREATE_GLOBAL_RULE = 'herald.global';
-
   public function getBaseURI() {
     return '/herald/';
   }
@@ -54,11 +51,9 @@ final class PhabricatorApplicationHerald extends PhabricatorApplication {
 
   protected function getCustomCapabilities() {
     return array(
-      self::CAN_CREATE_RULE => array(
-        'label' => pht('Can Create Rules'),
+      HeraldCapabilityCreateRules::CAPABILITY => array(
       ),
-      self::CAN_CREATE_GLOBAL_RULE => array(
-        'label' => pht('Can Create Global Rules'),
+      HeraldCapabilityManageGlobalRules::CAPABILITY => array(
         'caption' => pht('Global rules can bypass access controls.'),
         'default' => PhabricatorPolicies::POLICY_ADMIN,
       ),

src/applications/herald/capability/HeraldCapabilityCreateRules.php

@@ -0,0 +1,20 @@
+<?php
+
+final class HeraldCapabilityCreateRules
+  extends PhabricatorPolicyCapability {
+
+  const CAPABILITY = 'herald.create';
+
+  public function getCapabilityKey() {
+    return self::CAPABILITY;
+  }
+
+  public function getCapabilityName() {
+    return pht('Can Create Rules');
+  }
+
+  public function describeCapabilityRejection() {
+    return pht('You do not have permission to create new Herald rules.');
+  }
+
+}

src/applications/herald/capability/HeraldCapabilityManageGlobalRules.php

@@ -0,0 +1,20 @@
+<?php
+
+final class HeraldCapabilityManageGlobalRules
+  extends PhabricatorPolicyCapability {
+
+  const CAPABILITY = 'herald.global';
+
+  public function getCapabilityKey() {
+    return self::CAPABILITY;
+  }
+
+  public function getCapabilityName() {
+    return pht('Can Manage Global Rules');
+  }
+
+  public function describeCapabilityRejection() {
+    return pht('You do not have permission to manage global Herald rules.');
+  }
+
+}

src/applications/herald/controller/HeraldController.php

@@ -24,7 +24,7 @@ abstract class HeraldController extends PhabricatorController {
     $crumbs = parent::buildApplicationCrumbs();
 
     $can_create = $this->hasApplicationCapability(
-      PhabricatorApplicationHerald::CAN_CREATE_RULE);
+      HeraldCapabilityCreateRules::CAPABILITY);
 
     $crumbs->addAction(
       id(new PHUIListItemView())

src/applications/herald/controller/HeraldDisableController.php

@@ -30,7 +30,7 @@ final class HeraldDisableController extends HeraldController {
 
     if ($rule->getRuleType() == HeraldRuleTypeConfig::RULE_TYPE_GLOBAL) {
       $this->requireApplicationCapability(
-        PhabricatorApplicationHerald::CAN_CREATE_GLOBAL_RULE);
+        HeraldCapabilityManageGlobalRules::CAPABILITY);
     }
 
     $view_uri = $this->getApplicationURI("rule/{$id}/");

src/applications/herald/controller/HeraldNewController.php

@@ -15,10 +15,10 @@ final class HeraldNewController extends HeraldController {
     $user = $request->getUser();
 
     $this->requireApplicationCapability(
-      PhabricatorApplicationHerald::CAN_CREATE_RULE);
+      HeraldCapabilityCreateRules::CAPABILITY);
 
     $can_global = $this->hasApplicationCapability(
-      PhabricatorApplicationHerald::CAN_CREATE_GLOBAL_RULE);
+      HeraldCapabilityManageGlobalRules::CAPABILITY);
 
     $content_type_map = HeraldAdapter::getEnabledAdapterMap($user);
     if (empty($content_type_map[$this->contentType])) {
@@ -39,7 +39,7 @@ final class HeraldNewController extends HeraldController {
 
     if (!$can_global) {
       $global_link = $this->explainApplicationCapability(
-        PhabricatorApplicationHerald::CAN_CREATE_GLOBAL_RULE,
+        HeraldCapabilityManageGlobalRules::CAPABILITY,
         pht('You do not have permission to create or manage global rules.'));
     } else {
       $global_link = null;

src/applications/herald/controller/HeraldRuleController.php

@@ -49,12 +49,12 @@ final class HeraldRuleController extends HeraldController {
       $cancel_uri = $this->getApplicationURI();
 
       $this->requireApplicationCapability(
-        PhabricatorApplicationHerald::CAN_CREATE_RULE);
+        HeraldCapabilityCreateRules::CAPABILITY);
     }
 
     if ($rule->getRuleType() == HeraldRuleTypeConfig::RULE_TYPE_GLOBAL) {
       $this->requireApplicationCapability(
-        PhabricatorApplicationHerald::CAN_CREATE_GLOBAL_RULE);
+        HeraldCapabilityManageGlobalRules::CAPABILITY);
     }
 
     $adapter = HeraldAdapter::getAdapterForContentType($rule->getContentType());

src/applications/herald/storage/HeraldRule.php

@@ -205,7 +205,7 @@ final class HeraldRule extends HeraldDAO
         case PhabricatorPolicyCapability::CAN_EDIT:
           $app = 'PhabricatorApplicationHerald';
           $herald = PhabricatorApplication::getByClass($app);
-          $global = PhabricatorApplicationHerald::CAN_CREATE_GLOBAL_RULE;
+          $global = HeraldCapabilityManageGlobalRules::CAPABILITY;
           return $herald->getPolicy($global);
       }
     } else {