Page MenuHomePhabricator

"Sign With MFA" requires "CAN_EDIT" permission, but should only require "CAN_INTERACT" permission
Open, NormalPublic

Description

See PHI1291. To reproduce:

  • View a task you have permission to see, but do not have permission to edit.
  • Add a comment and try to sign your comment with MFA.

Expected behavior:

  • You can explicitly "Sign with MFA" even if you can't edit.

Actual behavior:

  • You can not "Sign with MFA" unless you can edit.

The "Sign with MFA" action is an interaction (like a comment), not an edit, so it shouldn't require edit permission.