recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Don't require edit capability on the Favorites application to edit personal menu items

Summary:
Ref T11096. Currently, editing ProfileMenuItemConfigurations always requires that you can edit the corresponding object.

This is correct for global items (for example: you can't change the global menu for a project unless you can edit the project) but not for personal items.

For personal items, only require that the user can edit the `customPHID` object. Today, this is always their own profile.

Test Plan: As a non-admin, edited personal menu items.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11096

Differential Revision: https://secure.phabricator.com/D17228

epriestley b0dfd42e 269dd81f

+25 -4
+10 -4
src/applications/search/engine/PhabricatorProfileMenuEngine.php
··· 557 557 $first_item->willBuildNavigationItems($group); 558 558 } 559 559 560 - PhabricatorPolicyFilter::requireCapability( 561 - $viewer, 562 - $object, 563 - PhabricatorPolicyCapability::CAN_EDIT); 560 + // Users only need to be able to edit the object which this menu appears 561 + // on if they're editing global menu items. For example, users do not need 562 + // to be able to edit the Favorites application to add new items to the 563 + // Favorites menu. 564 + if (!$this->getCustomPHID()) { 565 + PhabricatorPolicyFilter::requireCapability( 566 + $viewer, 567 + $object, 568 + PhabricatorPolicyCapability::CAN_EDIT); 569 + } 564 570 565 571 $list_id = celerity_generate_unique_node_id(); 566 572
+15
src/applications/search/storage/PhabricatorProfileMenuItemConfiguration.php
··· 189 189 190 190 191 191 public function getExtendedPolicy($capability, PhabricatorUser $viewer) { 192 + // If this is an item with a custom PHID (like a personal menu item), 193 + // we only require that the user can edit the corresponding custom 194 + // object (usually their own user profile), not the object that the 195 + // menu appears on (which may be an Application like Favorites or Home). 196 + if ($capability == PhabricatorPolicyCapability::CAN_EDIT) { 197 + if ($this->getCustomPHID()) { 198 + return array( 199 + array( 200 + $this->getCustomPHID(), 201 + $capability, 202 + ), 203 + ); 204 + } 205 + } 206 + 192 207 return array( 193 208 array( 194 209 $this->getProfileObject(),