Implement "USER" policy

Summary: I thought I'd already implemented this, but hadn't. Implement a "USER" policy -- a USER phid means only that user has the capability.

Test Plan: Looked at macros as a user other than the comment owner.

Reviewers: btrahan, vrana

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D4155

src/applications/policy/filter/PhabricatorPolicyFilter.php

@@ -205,6 +205,12 @@ final class PhabricatorPolicyFilter {
           } else {
             $this->rejectObject($object, $policy, $capability);
           }
+        } else if ($type == PhabricatorPHIDConstants::PHID_TYPE_USER) {
+          if ($viewer->getPHID() == $policy) {
+            return true;
+          } else {
+            $this->rejectObject($object, $policy, $capability);
+          }
         } else {
           throw new Exception("Object has unknown policy '{$policy}'!");
         }
@@ -253,13 +259,16 @@ final class PhabricatorPolicyFilter {
         $who = "No one can {$verb} this object.";
         break;
       default:
+        $handle = PhabricatorObjectHandleData::loadOneHandle(
+          $policy,
+          $this->viewer);
+
         $type = phid_get_type($policy);
         if ($type == PhabricatorPHIDConstants::PHID_TYPE_PROJ) {
-          $handle = PhabricatorObjectHandleData::loadOneHandle(
-            $policy,
-            $this->viewer);
           $who = "To {$verb} this object, you must be a member of project ".
                  "'".$handle->getFullName()."'.";
+        } else if ($type == PhabricatorPHIDConstants::PHID_TYPE_USER) {
+          $who = "Only '".$handle->getFullName()."' can {$verb} this object.";
         } else {
           $who = "It is unclear who can {$verb} this object.";
         }