From e2ed52735387e366eb6adb99927275246689161b Mon Sep 17 00:00:00 2001
From: epriestley <git@epriestley.com>
Date: Sun, 29 Sep 2013 09:06:41 -0700
Subject: [PATCH] Add a very simple `bin/policy` script for CLI policy
 administration

Summary:
Ref T603. I want to provide at least a basic CLI tool for fixing policy problems, since there are various ways users can lock themselves out of objects right now. Although I imagine we'll solve most of them in the application eventually, having a workaround in the meantime will probably make support a lot easier.

This implements `bin/policy show <object>`, which shows an object's policy settings. In a future diff, I'll implement something like `bin/policy set --capability view --policy users <object>`, although maybe just `bin/policy unlock <object>` (which sets view and edit to "all users") would be better for now. Whichever way we go, it will be some blanket answer to people showing up in IRC having locked themselves out of objects which unblocks them while we work on preventing the issue in the first place.

Test Plan: See screenshot.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D7171
---
 bin/policy                                    |  1 +
 scripts/setup/manage_policy.php               | 22 +++++
 src/__phutil_library_map__.php                |  4 +
 ...habricatorPolicyManagementShowWorkflow.php | 81 +++++++++++++++++++
 .../PhabricatorPolicyManagementWorkflow.php   | 10 +++
 5 files changed, 118 insertions(+)
 create mode 120000 bin/policy
 create mode 100755 scripts/setup/manage_policy.php
 create mode 100644 src/applications/policy/management/PhabricatorPolicyManagementShowWorkflow.php
 create mode 100644 src/applications/policy/management/PhabricatorPolicyManagementWorkflow.php

diff --git a/bin/policy b/bin/policy
new file mode 120000
index 0000000000..ffb2bac562
--- /dev/null
+++ b/bin/policy
@@ -0,0 +1 @@
+../scripts/setup/manage_policy.php
\ No newline at end of file
diff --git a/scripts/setup/manage_policy.php b/scripts/setup/manage_policy.php
new file mode 100755
index 0000000000..ee209334af
--- /dev/null
+++ b/scripts/setup/manage_policy.php
@@ -0,0 +1,22 @@
+#!/usr/bin/env php
+<?php
+
+$root = dirname(dirname(dirname(__FILE__)));
+require_once $root.'/scripts/__init_script__.php';
+
+$args = new PhutilArgumentParser($argv);
+$args->setTagline('manage policies');
+$args->setSynopsis(<<<EOSYNOPSIS
+**policy** __command__ [__options__]
+    Administrative tool for reviewing and editing policies.
+
+EOSYNOPSIS
+  );
+$args->parseStandardArguments();
+
+$workflows = array(
+  new PhabricatorPolicyManagementShowWorkflow(),
+  new PhutilHelpArgumentWorkflow(),
+);
+
+$args->parseWorkflows($workflows);
diff --git a/src/__phutil_library_map__.php b/src/__phutil_library_map__.php
index 884a23f75a..10b4450e65 100644
--- a/src/__phutil_library_map__.php
+++ b/src/__phutil_library_map__.php
@@ -1467,6 +1467,8 @@ phutil_register_library_map(array(
     'PhabricatorPolicyExplainController' => 'applications/policy/controller/PhabricatorPolicyExplainController.php',
     'PhabricatorPolicyFilter' => 'applications/policy/filter/PhabricatorPolicyFilter.php',
     'PhabricatorPolicyInterface' => 'applications/policy/interface/PhabricatorPolicyInterface.php',
+    'PhabricatorPolicyManagementShowWorkflow' => 'applications/policy/management/PhabricatorPolicyManagementShowWorkflow.php',
+    'PhabricatorPolicyManagementWorkflow' => 'applications/policy/management/PhabricatorPolicyManagementWorkflow.php',
     'PhabricatorPolicyQuery' => 'applications/policy/query/PhabricatorPolicyQuery.php',
     'PhabricatorPolicyTestCase' => 'applications/policy/__tests__/PhabricatorPolicyTestCase.php',
     'PhabricatorPolicyTestObject' => 'applications/policy/__tests__/PhabricatorPolicyTestObject.php',
@@ -3622,6 +3624,8 @@ phutil_register_library_map(array(
     'PhabricatorPolicyDataTestCase' => 'PhabricatorTestCase',
     'PhabricatorPolicyException' => 'Exception',
     'PhabricatorPolicyExplainController' => 'PhabricatorPolicyController',
+    'PhabricatorPolicyManagementShowWorkflow' => 'PhabricatorPolicyManagementWorkflow',
+    'PhabricatorPolicyManagementWorkflow' => 'PhutilArgumentWorkflow',
     'PhabricatorPolicyQuery' => 'PhabricatorQuery',
     'PhabricatorPolicyTestCase' => 'PhabricatorTestCase',
     'PhabricatorPolicyTestObject' => 'PhabricatorPolicyInterface',
diff --git a/src/applications/policy/management/PhabricatorPolicyManagementShowWorkflow.php b/src/applications/policy/management/PhabricatorPolicyManagementShowWorkflow.php
new file mode 100644
index 0000000000..ca6c6754a2
--- /dev/null
+++ b/src/applications/policy/management/PhabricatorPolicyManagementShowWorkflow.php
@@ -0,0 +1,81 @@
+<?php
+
+final class PhabricatorPolicyManagementShowWorkflow
+  extends PhabricatorPolicyManagementWorkflow {
+
+  protected function didConstruct() {
+    $this
+      ->setName('show')
+      ->setSynopsis('Show policy information about an object.')
+      ->setExamples(
+        "**show** D123")
+      ->setArguments(
+        array(
+          array(
+            'name'      => 'objects',
+            'wildcard'  => true,
+          ),
+        ));
+  }
+
+  public function execute(PhutilArgumentParser $args) {
+    $console = PhutilConsole::getConsole();
+    $viewer = PhabricatorUser::getOmnipotentUser();
+
+    $obj_names = $args->getArg('objects');
+    if (!$obj_names) {
+      throw new PhutilArgumentUsageException(
+        pht(
+          "Specify the name of an object to show policy information for."));
+    } else if (count($obj_names) > 1) {
+      throw new PhutilArgumentUsageException(
+        pht(
+          "Specify the name of exactly one object to show policy information ".
+          "for."));
+    }
+
+    $object = id(new PhabricatorObjectQuery())
+      ->setViewer($viewer)
+      ->withNames($obj_names)
+      ->executeOne();
+
+    if (!$object) {
+      $name = head($obj_names);
+      throw new PhutilArgumentUsageException(
+        pht(
+          "No such object '%s'!",
+          $name));
+    }
+
+    $handle = id(new PhabricatorHandleQuery())
+      ->setViewer($viewer)
+      ->withPHIDs(array($object->getPHID()))
+      ->executeOne();
+
+    $policies = PhabricatorPolicyQuery::loadPolicies(
+      $viewer,
+      $object);
+
+    $console->writeOut("__%s__\n\n", pht('OBJECT'));
+    $console->writeOut("  %s\n", $handle->getFullName());
+    $console->writeOut("\n");
+
+    $console->writeOut("__%s__\n\n", pht('CAPABILITIES'));
+    foreach ($policies as $capability => $policy) {
+      $console->writeOut("  **%s**\n", $capability);
+      $console->writeOut("    %s\n", $policy->renderDescription());
+      $console->writeOut("    %s\n", $policy->getExplanation($capability));
+      $console->writeOut("\n");
+
+      $more = (array)$object->describeAutomaticCapability($capability);
+      if ($more) {
+        foreach ($more as $line) {
+          $console->writeOut("    %s\n", $line);
+        }
+        $console->writeOut("\n");
+      }
+    }
+
+  }
+
+}
diff --git a/src/applications/policy/management/PhabricatorPolicyManagementWorkflow.php b/src/applications/policy/management/PhabricatorPolicyManagementWorkflow.php
new file mode 100644
index 0000000000..85d1fe7b3e
--- /dev/null
+++ b/src/applications/policy/management/PhabricatorPolicyManagementWorkflow.php
@@ -0,0 +1,10 @@
+<?php
+
+abstract class PhabricatorPolicyManagementWorkflow
+  extends PhutilArgumentWorkflow {
+
+  final public function isExecutable() {
+    return true;
+  }
+
+}