Use a policy-aware query for Project typeahead

Summary: Fixes T2677. Currently, you can typeahead projects you can't see.

Test Plan: Typeahead'ed projects. Verified active projects appeared; archived did not.

Reviewers: chad

Reviewed By: chad

CC: aran

Maniphest Tasks: T2677

Differential Revision: https://secure.phabricator.com/D5242

src/applications/typeahead/controller/PhabricatorTypeaheadCommonDatasourceController.php

@@ -12,6 +12,7 @@ final class PhabricatorTypeaheadCommonDatasourceController
   public function processRequest() {
 
     $request = $this->getRequest();
+    $viewer = $request->getUser();
     $query = $request->getStr('q');
 
     $need_rich_data = false;
@@ -199,9 +200,10 @@ final class PhabricatorTypeaheadCommonDatasourceController
     }
 
     if ($need_projs) {
-      $projs = id(new PhabricatorProject())->loadAllWhere(
-        'status != %d',
-        PhabricatorProjectStatus::STATUS_ARCHIVED);
+      $projs = id(new PhabricatorProjectQuery())
+        ->setViewer($viewer)
+        ->withStatus(PhabricatorProjectQuery::STATUS_OPEN)
+        ->execute();
       foreach ($projs as $proj) {
         $results[] = id(new PhabricatorTypeaheadResult())
           ->setName($proj->getName())