Summary:
This case is unusually complicated because there are more rules than most objects will have.
- Edits are either "joins", "leaves" or "other edits".
- "Joins" require "can join" or "can edit".
- "Leaves" don't require any policy.
- "Other edits" require "can edit".
- You can't edit away your ability to edit.
- You //can// leave a project that you wouldn't be able to rejoin.
Things I'm going to add:
- Global log of policy changes.
- `bin/policy` script for undoing policy changes.
- Test coverage for these rules.
Test Plan: Made various project visibility edits with various users, joined / left projects, etc. I'll add more complete coverage in the next diff.
Reviewers: btrahan, vrana
Reviewed By: btrahan
CC: aran
Maniphest Tasks: T603
Differential Revision: https://secure.phabricator.com/D3270