From d5ba30c777f4f8c918d0fcf4540a076522fe692e Mon Sep 17 00:00:00 2001
From: epriestley <git@epriestley.com>
Date: Tue, 5 Sep 2017 11:33:22 -0700
Subject: [PATCH] Fix credential control logic for restricted credentials

Summary: Fixes T12975. This logic didn't deal with PolicyException correctly.

Test Plan: {F5167549}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T12975

Differential Revision: https://secure.phabricator.com/D18537
---
 .../view/PassphraseCredentialControl.php      | 34 +++++++++++--------
 1 file changed, 20 insertions(+), 14 deletions(-)

diff --git a/src/applications/passphrase/view/PassphraseCredentialControl.php b/src/applications/passphrase/view/PassphraseCredentialControl.php
index 1c189e30e7..9c9706fe3f 100644
--- a/src/applications/passphrase/view/PassphraseCredentialControl.php
+++ b/src/applications/passphrase/view/PassphraseCredentialControl.php
@@ -53,13 +53,22 @@ final class PassphraseCredentialControl extends AphrontFormControl {
     if (strlen($current_phid) && empty($options_map[$current_phid])) {
       $viewer = $this->getViewer();
 
-      $user_credential = id(new PassphraseCredentialQuery())
-        ->setViewer($viewer)
-        ->withPHIDs(array($current_phid))
-        ->executeOne();
-      if (!$user_credential) {
+      $current_name = null;
+      try {
+        $user_credential = id(new PassphraseCredentialQuery())
+          ->setViewer($viewer)
+          ->withPHIDs(array($current_phid))
+          ->executeOne();
+
+        if ($user_credential) {
+          $current_name = pht(
+            '%s %s',
+            $user_credential->getMonogram(),
+            $user_credential->getName());
+        }
+      } catch (PhabricatorPolicyException $policy_exception) {
         // Pull the credential with the ominipotent viewer so we can look up
-        // the ID and tell if it's restricted or invalid.
+        // the ID and provide the monogram.
         $omnipotent_credential = id(new PassphraseCredentialQuery())
           ->setViewer(PhabricatorUser::getOmnipotentUser())
           ->withPHIDs(array($current_phid))
@@ -68,16 +77,13 @@ final class PassphraseCredentialControl extends AphrontFormControl {
           $current_name = pht(
             '%s (Restricted Credential)',
             $omnipotent_credential->getMonogram());
-        } else {
-          $current_name = pht(
-            'Invalid Credential ("%s")',
-            $current_phid);
         }
-      } else {
+      }
+
+      if ($current_name === null) {
         $current_name = pht(
-          '%s %s',
-          $user_credential->getMonogram(),
-          $user_credential->getName());
+          'Invalid Credential ("%s")',
+          $current_phid);
       }
 
       $options_map = array(