public function rejectObject(PhabricatorPolicyInterface $object, $policy, $capability)
 {
     if (!$this->raisePolicyExceptions) {
         return;
     }
     if ($this->viewer->isOmnipotent()) {
         // Never raise policy exceptions for the omnipotent viewer. Although we
         // will never normally issue a policy rejection for the omnipotent
         // viewer, we can end up here when queries blanket reject objects that
         // have failed to load, without distinguishing between nonexistent and
         // nonvisible objects.
         return;
     }
     $capobj = PhabricatorPolicyCapability::getCapabilityByKey($capability);
     $rejection = null;
     if ($capobj) {
         $rejection = $capobj->describeCapabilityRejection();
         $capability_name = $capobj->getCapabilityName();
     } else {
         $capability_name = $capability;
     }
     if (!$rejection) {
         // We couldn't find the capability object, or it doesn't provide a
         // tailored rejection string.
         $rejection = pht('You do not have the required capability ("%s") to do whatever you ' . 'are trying to do.', $capability);
     }
     $more = PhabricatorPolicy::getPolicyExplanation($this->viewer, $policy);
     $exceptions = $object->describeAutomaticCapability($capability);
     $details = array_filter(array_merge(array($more), (array) $exceptions));
     $access_denied = $this->renderAccessDenied($object);
     $full_message = pht('[%s] (%s) %s // %s', $access_denied, $capability_name, $rejection, implode(' ', $details));
     $exception = id(new PhabricatorPolicyException($full_message))->setTitle($access_denied)->setObjectPHID($object->getPHID())->setRejection($rejection)->setCapability($capability)->setCapabilityName($capability_name)->setMoreInfo($details);
     throw $exception;
 }
 public function rejectObject(PhabricatorPolicyInterface $object, $policy, $capability)
 {
     if (!$this->raisePolicyExceptions) {
         return;
     }
     if ($this->viewer->isOmnipotent()) {
         // Never raise policy exceptions for the omnipotent viewer. Although we
         // will never normally issue a policy rejection for the omnipotent
         // viewer, we can end up here when queries blanket reject objects that
         // have failed to load, without distinguishing between nonexistent and
         // nonvisible objects.
         return;
     }
     $capobj = PhabricatorPolicyCapability::getCapabilityByKey($capability);
     $rejection = null;
     if ($capobj) {
         $rejection = $capobj->describeCapabilityRejection();
         $capability_name = $capobj->getCapabilityName();
     } else {
         $capability_name = $capability;
     }
     if (!$rejection) {
         // We couldn't find the capability object, or it doesn't provide a
         // tailored rejection string.
         $rejection = pht('You do not have the required capability ("%s") to do whatever you ' . 'are trying to do.', $capability);
     }
     $more = PhabricatorPolicy::getPolicyExplanation($this->viewer, $policy);
     $exceptions = $object->describeAutomaticCapability($capability);
     $details = array_filter(array_merge(array($more), (array) $exceptions));
     // NOTE: Not every type of policy object has a real PHID; just load an
     // empty handle if a real PHID isn't available.
     $phid = nonempty($object->getPHID(), PhabricatorPHIDConstants::PHID_VOID);
     $handle = id(new PhabricatorHandleQuery())->setViewer($this->viewer)->withPHIDs(array($phid))->executeOne();
     $object_name = pht('%s %s', $handle->getTypeName(), $handle->getObjectName());
     $is_serious = PhabricatorEnv::getEnvConfig('phabricator.serious-business');
     if ($is_serious) {
         $title = pht('Access Denied: %s', $object_name);
     } else {
         $title = pht('You Shall Not Pass: %s', $object_name);
     }
     $full_message = pht('[%s] (%s) %s // %s', $title, $capability_name, $rejection, implode(' ', $details));
     $exception = id(new PhabricatorPolicyException($full_message))->setTitle($title)->setRejection($rejection)->setCapabilityName($capability_name)->setMoreInfo($details);
     throw $exception;
 }