Don't require project edit permission to create a project with members other than yourself

Summary: See PHI193. Previously, see similar D18763. Skip this legacy-style policy check when creating a project, since we know you can add members, even if the policy doesn't actually resolve in your favor. Test Plan: - Created a project with edit policy "Members of project" and myself, plus any other user (so the code goes down this path, not the "join/leave" path) as members. Differential Revision: https://secure.phabricator.com/D19169
2024-11-10 00:42:41 +01:00 · 2018-03-01 18:38:26 -08:00 · 2018-03-01 18:38:26 -08:00 · 2121f2dea6
commit 2121f2dea6
parent 14fe941c34
1 changed files with 8 additions and 5 deletions
--- a/src/applications/project/editor/PhabricatorProjectTransactionEditor.php
+++ b/src/applications/project/editor/PhabricatorProjectTransactionEditor.php
@ -156,12 +156,15 @@ final class PhabricatorProjectTransactionEditor
                  PhabricatorPolicyCapability::CAN_EDIT);
              }
            } else {
+              if (!$this->getIsNewObject()) {
                // You need CAN_EDIT to change members other than yourself.
+                // (PHI193) Just skip this check if we're creating a project.
                PhabricatorPolicyFilter::requireCapability(
                  $this->requireActor(),
                  $object,
                  PhabricatorPolicyCapability::CAN_EDIT);
              }
+            }
            return;
        }
        break;