Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F14747124
D17228.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
1 KB
Referenced Files
None
Subscribers
None
D17228.diff
View Options
diff --git a/src/applications/search/engine/PhabricatorProfileMenuEngine.php b/src/applications/search/engine/PhabricatorProfileMenuEngine.php
--- a/src/applications/search/engine/PhabricatorProfileMenuEngine.php
+++ b/src/applications/search/engine/PhabricatorProfileMenuEngine.php
@@ -557,10 +557,16 @@
$first_item->willBuildNavigationItems($group);
}
- PhabricatorPolicyFilter::requireCapability(
- $viewer,
- $object,
- PhabricatorPolicyCapability::CAN_EDIT);
+ // Users only need to be able to edit the object which this menu appears
+ // on if they're editing global menu items. For example, users do not need
+ // to be able to edit the Favorites application to add new items to the
+ // Favorites menu.
+ if (!$this->getCustomPHID()) {
+ PhabricatorPolicyFilter::requireCapability(
+ $viewer,
+ $object,
+ PhabricatorPolicyCapability::CAN_EDIT);
+ }
$list_id = celerity_generate_unique_node_id();
diff --git a/src/applications/search/storage/PhabricatorProfileMenuItemConfiguration.php b/src/applications/search/storage/PhabricatorProfileMenuItemConfiguration.php
--- a/src/applications/search/storage/PhabricatorProfileMenuItemConfiguration.php
+++ b/src/applications/search/storage/PhabricatorProfileMenuItemConfiguration.php
@@ -189,6 +189,21 @@
public function getExtendedPolicy($capability, PhabricatorUser $viewer) {
+ // If this is an item with a custom PHID (like a personal menu item),
+ // we only require that the user can edit the corresponding custom
+ // object (usually their own user profile), not the object that the
+ // menu appears on (which may be an Application like Favorites or Home).
+ if ($capability == PhabricatorPolicyCapability::CAN_EDIT) {
+ if ($this->getCustomPHID()) {
+ return array(
+ array(
+ $this->getCustomPHID(),
+ $capability,
+ ),
+ );
+ }
+ }
+
return array(
array(
$this->getProfileObject(),
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Wed, Jan 22, 10:00 AM (10 h, 3 m)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
7029597
Default Alt Text
D17228.diff (1 KB)
Attached To
Mode
D17228: Don't require edit capability on the Favorites application to edit personal menu items
Attached
Detach File
Event Timeline
Log In to Comment