Our default Maniphest Task can edit policy is: Who is not assigned, can not edit the Task.

Today we have found an issue :-/ An User can edit the task via comment actions if has NO can edit permission.

1. Task can edit Policy

2. Task Actions

3. Moving Task on Workboards seems to respect the can edit policy of the task

phabricator d1999557dca222ce3aa2bfabd3442c2db93b39d2 (Mon, Jun 6) 
arcanist ca33240942597932075f8e715628b36eebbe68ce (Mon, Jun 6) 
phutil 557309b9242a18518aeaccd099674e889e45a62e (Mon, Jun 6)