See PHI1552. There appear to be three bugs related to creating milestones:
- We check the wrong edit policy when testing if you can create a milestone: we check the default application policy, but should check the parent project policy?
- We predict the wrong set of members for the milestone when testing policies: we predict "no members", but should predict "exactly the same as the members of the parent project"?
- We materialize some members into the milestone? This causes no real problems, but we shouldn't materialize members into milestones.
I haven't isolated these yet so I may be slightly wrong about what's going on here in some cases. These all seem like straightforward bugs rather than foundational issues, however.