From 9ccef52d6c3faa5fec23c9a5b9aadeb3cbefc49a Mon Sep 17 00:00:00 2001
From: epriestley <git@epriestley.com>
Date: Sat, 4 Mar 2017 08:05:42 -0800
Subject: [PATCH] Prevent awarding/revoking tokens when a task is locked

Summary: Ref T12335. Allows you to lock tasks to keep your precious tokens.

Test Plan:
  - Awarded tokens to an unlocked task.
  - Locked the task.
  - Could no longer award/rescind tokens.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T12335

Differential Revision: https://secure.phabricator.com/D17461
---
 .../PhabricatorTokenGiveController.php         | 18 ++++++++++++++++++
 .../event/PhabricatorTokenUIEventListener.php  |  9 +++++++--
 2 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/src/applications/tokens/controller/PhabricatorTokenGiveController.php b/src/applications/tokens/controller/PhabricatorTokenGiveController.php
index c5d172ee64..c7c47c41f3 100644
--- a/src/applications/tokens/controller/PhabricatorTokenGiveController.php
+++ b/src/applications/tokens/controller/PhabricatorTokenGiveController.php
@@ -14,6 +14,24 @@ final class PhabricatorTokenGiveController extends PhabricatorTokenController {
       return new Aphront404Response();
     }
 
+    $object = id(new PhabricatorObjectQuery())
+      ->setViewer($viewer)
+      ->withPHIDs(array($phid))
+      ->executeOne();
+
+    if (!($object instanceof PhabricatorTokenReceiverInterface)) {
+      return new Aphront400Response();
+    }
+
+    if (!PhabricatorPolicyFilter::canInteract($viewer, $object)) {
+      $lock = PhabricatorEditEngineLock::newForObject($viewer, $object);
+
+      $dialog = $this->newDialog()
+        ->addCancelButton($handle->getURI());
+
+      return $lock->willBlockUserInteractionWithDialog($dialog);
+    }
+
     $current = id(new PhabricatorTokenGivenQuery())
       ->setViewer($viewer)
       ->withAuthorPHIDs(array($viewer->getPHID()))
diff --git a/src/applications/tokens/event/PhabricatorTokenUIEventListener.php b/src/applications/tokens/event/PhabricatorTokenUIEventListener.php
index 8a3ecc4396..bbf3438b62 100644
--- a/src/applications/tokens/event/PhabricatorTokenUIEventListener.php
+++ b/src/applications/tokens/event/PhabricatorTokenUIEventListener.php
@@ -37,6 +37,8 @@ final class PhabricatorTokenUIEventListener
       return null;
     }
 
+    $can_interact = PhabricatorPolicyFilter::canInteract($user, $object);
+
     $current = id(new PhabricatorTokenGivenQuery())
       ->setViewer($user)
       ->withAuthorPHIDs(array($user->getPHID()))
@@ -48,14 +50,17 @@ final class PhabricatorTokenUIEventListener
         ->setWorkflow(true)
         ->setHref('/token/give/'.$object->getPHID().'/')
         ->setName(pht('Award Token'))
-        ->setIcon('fa-trophy');
+        ->setIcon('fa-trophy')
+        ->setDisabled(!$can_interact);
     } else {
       $token_action = id(new PhabricatorActionView())
         ->setWorkflow(true)
         ->setHref('/token/give/'.$object->getPHID().'/')
         ->setName(pht('Rescind Token'))
-        ->setIcon('fa-trophy');
+        ->setIcon('fa-trophy')
+        ->setDisabled(!$can_interact);
     }
+
     if (!$user->isLoggedIn()) {
       $token_action->setDisabled(true);
     }