= System info:
* Phabricator: rPe96cd29efff7ebfcbf765eb2c70a1a434c96bb91
* Arcanist: rARC3414cbeda5036c81009287ef3f726e3a5a93fc7c
* libphutil: rPHU81eed10bea576ad0bd4087107c0beae1af7827a8
= Steps:
# From **{icon globe}Applications**, open Diffusion's {icon fa-cog}application settings //[is it just me, or is the gear icon rendering as a paw print?]//
# **{icon pencil}Edit Policies**
* change "Can Create Repositories" to "All Users"
* leave "Default Edit Policy" on its default value ("Administrators," right?)
# **Save Policies**
# As a non-admin user, go to Diffusion and try to create a new hosted repository
* Of course, when selecting access policies for the repository, set "Editable By" to something that includes yourself. Otherwise, the page won't let you proceed.
* Once you're past the access policies page, select "Create Repository Now" or "Configure More Options First," it doesn't matter which. The finish line is so close! You're almost there! Click **Save**.
= What happens:
The repository is not created, and you get an error:
**You Shall Not Pass: Unknown Object (VOID)**
**You do not have permission to edit this object.**
Users with the "Can Edit" capability:
* Administrators can take this action.
=What should happen:
Actually, I'm not sure. It depends on what "Default Edit Policy" means.
* Does "Default Edit Policy" simply specify which value is the default/preselected on the "Select access policies for this repository" page of the Create Repository workflow?
* If so, there might be a bug. Currently, whatever you set as the "Default Edit Policy" is what's preselected during the Create workflow, as expected. However, even if the user changes it to "All Users," he still can't create the repository if he's not included in "Default Edit Policy."
* Or is "Default Edit Policy" a real policy that's applied to repository objects?
* If so, then I think everything is working as intended; it's just not very obvious. When I was looking at the Diffusion application settings page for the first time, my intuition was that setting "Can Create Repositories" to "All Users" would be all it took to allow any user to create a repository. It would probably suffice to provide instructions on that page (something like "Default Edit Policy should be at least as permissive as Can Create Repositories"), or perform the same kind of policy sanity checks that are done during the Create workflow.
Also see T4242, which has a similar description, and which was resolved by moving the policy step into the Create workflow. In my case, however, the workflow fails at the end regardless of what the user selects in the policy step.