Policy Extender and Tests (#2461)

Policy application has also been refactored, so that policies return one of `allow`, `deny`, `forceAllow`, `forceDeny`. The result of a set of policies is no longer the first non-null result, but rather the highest priority result (forceDeny > forceAllow > deny > allow, so if a single forceDeny is present, that beats out all other returned results). This removes order in which extensions boot as a factor.

src/Group/Access/GroupPolicy.php

@@ -7,18 +7,13 @@
  * LICENSE file that was distributed with this source code.
  */
 
-namespace Flarum\Group;
+namespace Flarum\Group\Access;
 
-use Flarum\User\AbstractPolicy;
+use Flarum\User\Access\AbstractPolicy;
 use Flarum\User\User;
 
 class GroupPolicy extends AbstractPolicy
 {
-    /**
-     * {@inheritdoc}
-     */
-    protected $model = Group::class;
-
     /**
      * @param User $actor
      * @param string $ability
@@ -27,7 +22,7 @@ class GroupPolicy extends AbstractPolicy
     public function can(User $actor, $ability)
     {
         if ($actor->hasPermission('group.'.$ability)) {
-            return true;
+            return $this->allow();
         }
     }
 }

src/Group/GroupServiceProvider.php

@@ -19,9 +19,6 @@ class GroupServiceProvider extends AbstractServiceProvider
      */
     public function boot()
     {
-        $events = $this->app->make('events');
-        $events->subscribe(GroupPolicy::class);
-
         Group::registerVisibilityScoper(new ScopeGroupVisibility(), 'view');
     }
 }