Maniphest T13307

"Sign With MFA" requires "CAN_EDIT" permission, but should only require "CAN_INTERACT" permission
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	epriestley
	Jun 6 2019, 2:18 AM

Tags

Referenced Files

None

Subscribers

Description

See PHI1291. To reproduce:

View a task you have permission to see, but do not have permission to edit.
Add a comment and try to sign your comment with MFA.

Expected behavior:

You can explicitly "Sign with MFA" even if you can't edit.

Actual behavior:

You can not "Sign with MFA" unless you can edit.

The "Sign with MFA" action is an interaction (like a comment), not an edit, so it shouldn't require edit permission.

Revisions and Commits

rP Phabricator
	D20574	rPd3112392d1e8 Allow "Sign with MFA" to be applied as a comment action without requiring…

Event Timeline

epriestley triaged this task as Normal priority.Jun 6 2019, 2:18 AM

epriestley created this task.

Herald added a subscriber: amckinley. · View Herald TranscriptJun 6 2019, 2:18 AM

epriestley added a revision: D20574: Allow "Sign with MFA" to be applied as a comment action without requiring "CAN_EDIT".Jun 6 2019, 2:23 AM

epriestley added a project: Auth.Jun 6 2019, 2:23 AM

epriestley closed this task as Resolved by committing rPd3112392d1e8: Allow "Sign with MFA" to be applied as a comment action without requiring….Jun 17 2019, 5:41 PM

epriestley added a commit: rPd3112392d1e8: Allow "Sign with MFA" to be applied as a comment action without requiring….