Policy Extender and Tests (#2461)

Policy application has also been refactored, so that policies return one of `allow`, `deny`, `forceAllow`, `forceDeny`. The result of a set of policies is no longer the first non-null result, but rather the highest priority result (forceDeny > forceAllow > deny > allow, so if a single forceDeny is present, that beats out all other returned results). This removes order in which extensions boot as a factor.

src/User/UserServiceProvider.php

@@ -9,8 +9,14 @@
 
 namespace Flarum\User;
 
+use Flarum\Discussion\Access\DiscussionPolicy;
+use Flarum\Discussion\Discussion;
 use Flarum\Foundation\AbstractServiceProvider;
 use Flarum\Foundation\ContainerUtil;
+use Flarum\Group\Access\GroupPolicy;
+use Flarum\Group\Group;
+use Flarum\Post\Access\PostPolicy;
+use Flarum\Post\Post;
 use Flarum\Settings\SettingsRepositoryInterface;
 use Flarum\User\Access\ScopeUserVisibility;
 use Flarum\User\DisplayName\DriverInterface;
@@ -36,6 +42,16 @@ class UserServiceProvider extends AbstractServiceProvider
         $this->app->singleton('flarum.user.group_processors', function () {
             return [];
         });
+
+        $this->app->singleton('flarum.policies', function () {
+            return [
+                Access\AbstractPolicy::GLOBAL => [],
+                Discussion::class => [DiscussionPolicy::class],
+                Group::class => [GroupPolicy::class],
+                Post::class => [PostPolicy::class],
+                User::class => [Access\UserPolicy::class],
+            ];
+        });
     }
 
     protected function registerDisplayNameDrivers()
@@ -81,18 +97,17 @@ class UserServiceProvider extends AbstractServiceProvider
             User::addGroupProcessor(ContainerUtil::wrapCallback($callback, $this->app));
         }
 
-        User::setHasher($this->app->make('hash'));
-        User::setGate($this->app->make(Gate::class));
-        User::setDisplayNameDriver($this->app->make('flarum.user.display_name.driver'));
-
         $events = $this->app->make('events');
 
+        User::setHasher($this->app->make('hash'));
+        User::setGate($this->app->makeWith(Access\Gate::class, ['policyClasses' => $this->app->make('flarum.policies')]));
+        User::setDisplayNameDriver($this->app->make('flarum.user.display_name.driver'));
+
         $events->listen(Saving::class, SelfDemotionGuard::class);
         $events->listen(Registered::class, AccountActivationMailer::class);
         $events->listen(EmailChangeRequested::class, EmailConfirmationMailer::class);
 
         $events->subscribe(UserMetadataUpdater::class);
-        $events->subscribe(UserPolicy::class);
 
         User::registerPreference('discloseOnline', 'boolval', true);
         User::registerPreference('indexProfile', 'boolval', true);