HomePhabricator
Diffusion Phabricator cd8b5b82c860

Stop requiring CAN_EDIT to reach the TransactionEditor via "*.edit" in…
cd8b5b82c860
Actions

Description

Stop requiring CAN_EDIT to reach the TransactionEditor via "*.edit" in EditEngine

Summary:
Depends on D19607. Ref T13189. See PHI642. Ref T13186.

Some transactions can sometimes be applied to objects you can not edit. Currently, using *.edit to edit an object always explicitly requires CAN_EDIT.

Now that individual transactions require CAN_EDIT by default and can reduce or replace this requirement, stop requiring CAN_EDIT to reach the editor.

The only expected effect of this change is that low-permission edits (like disabling a user, leaving a project, or leaving a thread) can now work via *.edit.

Test Plan:

  • Tried to perform a normal edit (changing a task title) against an object with no CAN_EDIT. Still got a permissions error.
  • As a non-admin, disabled other users while holding the "Can Disable Users" permission.
  • As a non-admin, got a permissions error while trying to disable other users while not holding the "Can Disable Users" permission.

Reviewers: amckinley

Maniphest Tasks: T13189, T13186

Differential Revision: https://secure.phabricator.com/D19608

Details

Provenance
epriestleyAuthored on Aug 27 2018, 2:52 PM
epriestleyPushed on Aug 27 2018, 3:10 PM
Differential Revision
D19608: Stop requiring CAN_EDIT to reach the TransactionEditor via "*.edit" in EditEngine
Parents
rPf9192d07f2c7: Align web UI "Disable" and "Approve/Disapprove" flows with new "Can Disable…
Branches
Unknown
Tags
Unknown
Tasks
T13189: Plans: 2018 Week 35 Bonus Content
T13186: Upgrading: Legacy "Can Edit <Field>" policies in Maniphest; requireCapabilities() in TransactionEditor
Build Status
Buildable 20683
Build 28110: Run Core Tests

Changes (1)

PathSize
src/
applications/
transactions/
editengine/

rPcd8b5b82c860

View Options

src/applications/transactions/editengine/PhabricatorEditEngine.php

Loading...
Phabricator · Built by Phacility