Update PhortunePaymentMethod for modern policy interfaces

Summary:
Depends on D20717. Ref T13366. Make PhortunePaymentMethod use an extended policy interface for consistency with modern approaches. Since Accounts have hard-coded policy behavior (and can't have object policies like "Subscribers") this should have no actual impact on program behavior.

This leaves one weird piece in the policy dialog UIs, see T13381.

Test Plan: Viewed and edited payment methods as a merchant and account member. Merchants can only view, not edit.

Maniphest Tasks: T13366

Differential Revision: https://secure.phabricator.com/D20718

src/__phutil_library_map__.php

@@ -5329,6 +5329,7 @@ phutil_register_library_map(array(
     'PhortunePaymentMethodDisableController' => 'applications/phortune/controller/payment/PhortunePaymentMethodDisableController.php',
     'PhortunePaymentMethodEditController' => 'applications/phortune/controller/payment/PhortunePaymentMethodEditController.php',
     'PhortunePaymentMethodPHIDType' => 'applications/phortune/phid/PhortunePaymentMethodPHIDType.php',
+    'PhortunePaymentMethodPolicyCodex' => 'applications/phortune/codex/PhortunePaymentMethodPolicyCodex.php',
     'PhortunePaymentMethodQuery' => 'applications/phortune/query/PhortunePaymentMethodQuery.php',
     'PhortunePaymentProvider' => 'applications/phortune/provider/PhortunePaymentProvider.php',
     'PhortunePaymentProviderConfig' => 'applications/phortune/storage/PhortunePaymentProviderConfig.php',
@@ -11893,11 +11894,14 @@ phutil_register_library_map(array(
     'PhortunePaymentMethod' => array(
       'PhortuneDAO',
       'PhabricatorPolicyInterface',
+      'PhabricatorExtendedPolicyInterface',
+      'PhabricatorPolicyCodexInterface',
     ),
     'PhortunePaymentMethodCreateController' => 'PhortuneController',
     'PhortunePaymentMethodDisableController' => 'PhortuneController',
     'PhortunePaymentMethodEditController' => 'PhortuneController',
     'PhortunePaymentMethodPHIDType' => 'PhabricatorPHIDType',
+    'PhortunePaymentMethodPolicyCodex' => 'PhabricatorPolicyCodex',
     'PhortunePaymentMethodQuery' => 'PhabricatorCursorPagedPolicyAwareQuery',
     'PhortunePaymentProvider' => 'Phobject',
     'PhortunePaymentProviderConfig' => array(

src/applications/phortune/codex/PhortunePaymentMethodPolicyCodex.php

@@ -0,0 +1,35 @@
+<?php
+
+final class PhortunePaymentMethodPolicyCodex
+  extends PhabricatorPolicyCodex {
+
+  public function getPolicySpecialRuleDescriptions() {
+    $object = $this->getObject();
+
+    $rules = array();
+
+    $rules[] = $this->newRule()
+      ->setCapabilities(
+        array(
+          PhabricatorPolicyCapability::CAN_VIEW,
+        ))
+      ->setIsActive(true)
+      ->setDescription(
+        pht(
+          'Account members may view and edit payment methods.'));
+
+    $rules[] = $this->newRule()
+      ->setCapabilities(
+        array(
+          PhabricatorPolicyCapability::CAN_VIEW,
+        ))
+      ->setIsActive(true)
+      ->setDescription(
+        pht(
+          'Merchants you have a relationship with may view associated '.
+          'payment methods.'));
+
+    return $rules;
+  }
+
+}

src/applications/phortune/controller/account/PhortuneAccountPaymentMethodsController.php

@@ -34,7 +34,6 @@ final class PhortuneAccountPaymentMethodsController
       ->setCrumbs($crumbs)
       ->setNavigation($navigation)
       ->appendChild($view);
-
   }
 
   private function buildPaymentMethodsSection(PhortuneAccount $account) {

src/applications/phortune/query/PhortunePaymentMethodQuery.php

@@ -53,6 +53,7 @@ final class PhortunePaymentMethodQuery
       $account = idx($accounts, $method->getAccountPHID());
       if (!$account) {
         unset($methods[$key]);
+        $this->didRejectResult($method);
         continue;
       }
       $method->attachAccount($account);
@@ -72,6 +73,7 @@ final class PhortunePaymentMethodQuery
       $merchant = idx($merchants, $method->getMerchantPHID());
       if (!$merchant) {
         unset($methods[$key]);
+        $this->didRejectResult($method);
         continue;
       }
       $method->attachMerchant($merchant);
@@ -91,6 +93,7 @@ final class PhortunePaymentMethodQuery
       $provider_config = idx($provider_configs, $method->getProviderPHID());
       if (!$provider_config) {
         unset($methods[$key]);
+        $this->didRejectResult($method);
         continue;
       }
       $method->attachProviderConfig($provider_config);

src/applications/phortune/storage/PhortunePaymentMethod.php

@@ -4,8 +4,12 @@
  * A payment method is a credit card; it is associated with an account and
  * charges can be made against it.
  */
-final class PhortunePaymentMethod extends PhortuneDAO
+final class PhortunePaymentMethod
-  implements PhabricatorPolicyInterface {
+  extends PhortuneDAO
+  implements
+    PhabricatorPolicyInterface,
+    PhabricatorExtendedPolicyInterface,
+    PhabricatorPolicyCodexInterface {
 
   const STATUS_ACTIVE     = 'payment:active';
   const STATUS_DISABLED   = 'payment:disabled';
@@ -148,18 +152,50 @@ final class PhortunePaymentMethod extends PhortuneDAO
   }
 
   public function getPolicy($capability) {
-    return $this->getAccount()->getPolicy($capability);
+    return PhabricatorPolicies::getMostOpenPolicy();
   }
 
   public function hasAutomaticCapability($capability, PhabricatorUser $viewer) {
-    return $this->getAccount()->hasAutomaticCapability(
+
-      $capability,
+    // See T13366. If you can edit the merchant associated with this payment
-      $viewer);
+    // method, you can view the payment method.
+    if ($capability === PhabricatorPolicyCapability::CAN_VIEW) {
+      $any_edit = PhortuneMerchantQuery::canViewersEditMerchants(
+        array($viewer->getPHID()),
+        array($this->getMerchantPHID()));
+      if ($any_edit) {
+        return true;
+      }
+    }
+
+    return false;
   }
 
-  public function describeAutomaticCapability($capability) {
+
-    return pht(
+/* -(  PhabricatorExtendedPolicyInterface  )--------------------------------- */
-      'Members of an account can always view and edit its payment methods.');
+
+
+  public function getExtendedPolicy($capability, PhabricatorUser $viewer) {
+    if ($this->hasAutomaticCapability($capability, $viewer)) {
+      return array();
+    }
+
+    // See T13366. For blanket view and edit permissions on all payment
+    // methods, you must be able to edit the associated account.
+    return array(
+      array(
+        $this->getAccount(),
+        PhabricatorPolicyCapability::CAN_EDIT,
+      ),
+    );
+  }
+
+
+/* -(  PhabricatorPolicyCodexInterface  )------------------------------------ */
+
+
+  public function newPolicyCodex() {
+    return new PhortunePaymentMethodPolicyCodex();
   }
 
 }

src/applications/policy/codex/PhabricatorPolicyCodex.php

@@ -44,16 +44,6 @@ abstract class PhabricatorPolicyCodex
     return null;
   }
 
-  final public function getPolicySpecialRuleForCapability($capability) {
-    foreach ($this->getPolicySpecialRuleDescriptions() as $rule) {
-      if (in_array($capability, $rule->getCapabilities())) {
-        return $rule;
-      }
-    }
-
-    return null;
-  }
-
   final protected function newRule() {
     return new PhabricatorPolicyCodexRuleDescription();
   }