Policy - fix up DifferentialChangesetParser

Summary:
Ref T7094. We should do a policy query on the files IMO because there exists a scenario where the file gets locked down directly. This requires being a bit more disciplined about setting user, which in turn requires deciding whether or not to show edit / reply links as a separate piece of logic, not conditional on user presence.

This is not the best code but I don't think it gets worse with this and is just some other nuance in any larger cleanup we take on someday.

Test Plan: looked at a revision and noted inline comments rendered correctly with reply / edit actions. looked at a diff standalone and noted no reply / edit actions as expected. looked at a "details" link on a transaction and it rendered correctly. looked at a diff in phriction of page edits and it looked good. grepped around and verified the remaining callsite in diffusion already has the setUser call.

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: Korvin, epriestley

Maniphest Tasks: T7094

Differential Revision: https://secure.phabricator.com/D11579

src/applications/differential/controller/DifferentialChangesetViewController.php

@@ -207,11 +207,12 @@ final class DifferentialChangesetViewController extends DifferentialController {
 
     $engine->process();
     $parser->setMarkupEngine($engine);
+    $parser->setUser($request->getUser());
 
     if ($request->isAjax()) {
-      // TODO: This is sort of lazy, the effect is just to not render "Edit"
-      // and "Reply" links on the "standalone view".
-      $parser->setUser($request->getUser());
+      $parser->setShowEditAndReplyLinks(true);
+    } else {
+      $parser->setShowEditAndReplyLinks(false);
     }
 
     $output = $parser->render($range_s, $range_e, $mask);