Don't require project edit permission to create a project with members other than yourself

Summary: See PHI193. Previously, see similar D18763. Skip this legacy-style policy check when creating a project, since we know you can add members, even if the policy doesn't actually resolve in your favor. Test Plan: - Created a project with edit policy "Members of project" and myself, plus any other user (so the code goes down this path, not the "join/leave" path) as members. Differential Revision: https://secure.phabricator.com/D19169
2024-09-19 16:58:48 +02:00 · 2018-03-01 18:38:26 -08:00 · 2018-03-01 18:38:26 -08:00 · 2121f2dea6
commit 2121f2dea6
parent 14fe941c34
1 changed files with 8 additions and 5 deletions
--- a/src/applications/project/editor/PhabricatorProjectTransactionEditor.php
+++ b/src/applications/project/editor/PhabricatorProjectTransactionEditor.php
@ -156,11 +156,14 @@ final class PhabricatorProjectTransactionEditor
                  PhabricatorPolicyCapability::CAN_EDIT);
              }
            } else {
-              // You need CAN_EDIT to change members other than yourself.
-              PhabricatorPolicyFilter::requireCapability(
-                $this->requireActor(),
-                $object,
-                PhabricatorPolicyCapability::CAN_EDIT);
+              if (!$this->getIsNewObject()) {
+                // You need CAN_EDIT to change members other than yourself.
+                // (PHI193) Just skip this check if we're creating a project.
+                PhabricatorPolicyFilter::requireCapability(
+                  $this->requireActor(),
+                  $object,
+                  PhabricatorPolicyCapability::CAN_EDIT);
+              }
            }
            return;
        }