diff --git a/src/applications/search/engine/PhabricatorProfileMenuEngine.php b/src/applications/search/engine/PhabricatorProfileMenuEngine.php index 6157d5f657..3e11436ced 100644 --- a/src/applications/search/engine/PhabricatorProfileMenuEngine.php +++ b/src/applications/search/engine/PhabricatorProfileMenuEngine.php @@ -557,10 +557,16 @@ abstract class PhabricatorProfileMenuEngine extends Phobject { $first_item->willBuildNavigationItems($group); } - PhabricatorPolicyFilter::requireCapability( - $viewer, - $object, - PhabricatorPolicyCapability::CAN_EDIT); + // Users only need to be able to edit the object which this menu appears + // on if they're editing global menu items. For example, users do not need + // to be able to edit the Favorites application to add new items to the + // Favorites menu. + if (!$this->getCustomPHID()) { + PhabricatorPolicyFilter::requireCapability( + $viewer, + $object, + PhabricatorPolicyCapability::CAN_EDIT); + } $list_id = celerity_generate_unique_node_id(); diff --git a/src/applications/search/storage/PhabricatorProfileMenuItemConfiguration.php b/src/applications/search/storage/PhabricatorProfileMenuItemConfiguration.php index 943474669d..e1571ee6f6 100644 --- a/src/applications/search/storage/PhabricatorProfileMenuItemConfiguration.php +++ b/src/applications/search/storage/PhabricatorProfileMenuItemConfiguration.php @@ -189,6 +189,21 @@ final class PhabricatorProfileMenuItemConfiguration public function getExtendedPolicy($capability, PhabricatorUser $viewer) { + // If this is an item with a custom PHID (like a personal menu item), + // we only require that the user can edit the corresponding custom + // object (usually their own user profile), not the object that the + // menu appears on (which may be an Application like Favorites or Home). + if ($capability == PhabricatorPolicyCapability::CAN_EDIT) { + if ($this->getCustomPHID()) { + return array( + array( + $this->getCustomPHID(), + $capability, + ), + ); + } + } + return array( array( $this->getProfileObject(),