From c23a9c9fde555edc8635524c88401326e0549eb0 Mon Sep 17 00:00:00 2001
From: epriestley <git@epriestley.com>
Date: Tue, 5 Mar 2013 14:12:11 -0800
Subject: [PATCH] Use a policy-aware query for Project typeahead

Summary: Fixes T2677. Currently, you can typeahead projects you can't see.

Test Plan: Typeahead'ed projects. Verified active projects appeared; archived did not.

Reviewers: chad

Reviewed By: chad

CC: aran

Maniphest Tasks: T2677

Differential Revision: https://secure.phabricator.com/D5242
---
 .../PhabricatorTypeaheadCommonDatasourceController.php    | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/applications/typeahead/controller/PhabricatorTypeaheadCommonDatasourceController.php b/src/applications/typeahead/controller/PhabricatorTypeaheadCommonDatasourceController.php
index 18b3cceffe..616caa0d4b 100644
--- a/src/applications/typeahead/controller/PhabricatorTypeaheadCommonDatasourceController.php
+++ b/src/applications/typeahead/controller/PhabricatorTypeaheadCommonDatasourceController.php
@@ -12,6 +12,7 @@ final class PhabricatorTypeaheadCommonDatasourceController
   public function processRequest() {
 
     $request = $this->getRequest();
+    $viewer = $request->getUser();
     $query = $request->getStr('q');
 
     $need_rich_data = false;
@@ -199,9 +200,10 @@ final class PhabricatorTypeaheadCommonDatasourceController
     }
 
     if ($need_projs) {
-      $projs = id(new PhabricatorProject())->loadAllWhere(
-        'status != %d',
-        PhabricatorProjectStatus::STATUS_ARCHIVED);
+      $projs = id(new PhabricatorProjectQuery())
+        ->setViewer($viewer)
+        ->withStatus(PhabricatorProjectQuery::STATUS_OPEN)
+        ->execute();
       foreach ($projs as $proj) {
         $results[] = id(new PhabricatorTypeaheadResult())
           ->setName($proj->getName())