Make "Can Interact" and logged-out users interact more gracefully

Summary:
Fixes T12378. Two minor issues here:

  - CAN_INTERACT on tasks uses "USER", but should just use the view policy, which may be more permissive ("PUBLIC").
  - CAN_INTERACT is currently prevented from being "PUBLIC" by additional safeguards. Define an explicit capability object for the permission which returns `true` from `shouldAllowPublicPolicySetting()`.

Test Plan:
  - Viewed an unlocked task as a logged-out user, saw "login to comment" instead of "locked".
  - Viewed a locked task as a logged-out user, saw "locked".

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T12378

Differential Revision: https://secure.phabricator.com/D17485

src/__phutil_library_map__.php

@@ -3445,6 +3445,7 @@ phutil_register_library_map(array(
     'PhabricatorPolicyAwareQuery' => 'infrastructure/query/policy/PhabricatorPolicyAwareQuery.php',
     'PhabricatorPolicyAwareTestQuery' => 'applications/policy/__tests__/PhabricatorPolicyAwareTestQuery.php',
     'PhabricatorPolicyCanEditCapability' => 'applications/policy/capability/PhabricatorPolicyCanEditCapability.php',
+    'PhabricatorPolicyCanInteractCapability' => 'applications/policy/capability/PhabricatorPolicyCanInteractCapability.php',
     'PhabricatorPolicyCanJoinCapability' => 'applications/policy/capability/PhabricatorPolicyCanJoinCapability.php',
     'PhabricatorPolicyCanViewCapability' => 'applications/policy/capability/PhabricatorPolicyCanViewCapability.php',
     'PhabricatorPolicyCapability' => 'applications/policy/capability/PhabricatorPolicyCapability.php',
@@ -8654,6 +8655,7 @@ phutil_register_library_map(array(
     'PhabricatorPolicyAwareQuery' => 'PhabricatorOffsetPagedQuery',
     'PhabricatorPolicyAwareTestQuery' => 'PhabricatorPolicyAwareQuery',
     'PhabricatorPolicyCanEditCapability' => 'PhabricatorPolicyCapability',
+    'PhabricatorPolicyCanInteractCapability' => 'PhabricatorPolicyCapability',
     'PhabricatorPolicyCanJoinCapability' => 'PhabricatorPolicyCapability',
     'PhabricatorPolicyCanViewCapability' => 'PhabricatorPolicyCapability',
     'PhabricatorPolicyCapability' => 'Phobject',

src/applications/maniphest/storage/ManiphestTask.php

@@ -361,7 +361,7 @@ final class ManiphestTask extends ManiphestDAO
         if ($this->isLocked()) {
           return PhabricatorPolicies::POLICY_NOONE;
         } else {
-          return PhabricatorPolicies::POLICY_USER;
+          return $this->getViewPolicy();
         }
       case PhabricatorPolicyCapability::CAN_EDIT:
         return $this->getEditPolicy();

src/applications/policy/capability/PhabricatorPolicyCanInteractCapability.php

@@ -0,0 +1,20 @@
+<?php
+
+final class PhabricatorPolicyCanInteractCapability
+  extends PhabricatorPolicyCapability {
+
+  const CAPABILITY = self::CAN_INTERACT;
+
+  public function getCapabilityName() {
+    return pht('Can Interact');
+  }
+
+  public function describeCapabilityRejection() {
+    return pht('You do not have permission to interact with this object.');
+  }
+
+  public function shouldAllowPublicPolicySetting() {
+    return true;
+  }
+
+}