Page MenuHomePhabricator

Broken project permissions/weird bug with nested projects
Open, Needs TriagePublic

Assigned To
Authored By
Mar 22 2017, 4:18 PM
Referenced Files
F4250986: pasted_file
Mar 22 2017, 4:18 PM
F4250961: pasted_file
Mar 22 2017, 4:18 PM
F4251008: pasted_file
Mar 22 2017, 4:18 PM


Someone on my team has a parent project with several children. Let's call them Parent, Child1, and Child 2.

Parent had a number of members before any child projects were created. Parent has an edit and join policy of "Project Members Only", meaning that someone must add you to the project.

Then, someone started creating child projects. This means that Parent no longer has its own members, members are only able to be added to leaf node projects.

pasted_file (213×613 px, 31 KB)

This has an interesting side effect. Anyone that was a member of Parent *before* Child was created is able to edit Parent. Anyone who is only a member of Child (because they cannot be directly added to Parent), is unable to edit Parent, create new Subprojects, etc.

Here are some screenshots demonstrating this weirdness:

pasted_file (532×1 px, 75 KB)

Supertest is a member of the "PermissionsTest" parent project, via his membership of the "child permissions project" subproject.

pasted_file (466×1 px, 62 KB)

Supertest gets this error when trying to edit "PermissionsTest"

Related Objects

Event Timeline

This is probably a one-line fix, but let me repro + get test coverage on it.

WARNING: never mind this was bogus

Actually, that fix is completely bogus and there's no inverse edge type so this is perhaps somewhat more involved.