Make "public" pastes meaningfully visible to logged-out users

Summary:
  - Introduce `shouldAllowPublic()`, indicating that logged-out users are OK in a controller if the install is configured to permit public policies.
  - Make Paste views and lists allow public users.
  - Make UI do sensible things with respect to disabling links, etc.
  - Improve behavior of "you need to login" with respect to policy exceptions and Ajax requests.

Test Plan: Looked at "public" paste, saw all unavailable UI disabled, clicked it, got appropraite prompts.

Reviewers: vrana, btrahan

Reviewed By: vrana

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D3502

src/applications/auth/controller/PhabricatorLoginController.php

@@ -25,12 +25,33 @@ final class PhabricatorLoginController
 
   public function processRequest() {
     $request = $this->getRequest();
+    $user = $request->getUser();
 
-    if ($request->getUser()->getPHID()) {
+    if ($user->isLoggedIn()) {
       // Kick the user out if they're already logged in.
       return id(new AphrontRedirectResponse())->setURI('/');
     }
 
+    if ($request->isAjax()) {
+
+      // We end up here if the user clicks a workflow link that they need to
+      // login to use. We give them a dialog saying "You need to login..".
+
+      if ($request->isDialogFormPost()) {
+        return id(new AphrontRedirectResponse())->setURI(
+          $request->getRequestURI());
+      }
+
+      $dialog = new AphrontDialogView();
+      $dialog->setUser($user);
+      $dialog->setTitle('Login Required');
+      $dialog->appendChild('<p>You must login to continue.</p>');
+      $dialog->addSubmitButton('Login');
+      $dialog->addCancelButton('/', 'Cancel');
+
+      return id(new AphrontDialogResponse())->setDialog($dialog);
+    }
+
     if ($request->isConduit()) {
 
       // A common source of errors in Conduit client configuration is getting