From 966a93334c857b7228d2923f1abcac1f887b52f5 Mon Sep 17 00:00:00 2001
From: epriestley <git@epriestley.com>
Date: Wed, 16 Jan 2019 05:51:59 -0800
Subject: [PATCH] Don't require "CAN_EDIT" to watch/unwatch a project

Summary:
See T1024. When "CAN_EDIT" became default in T13186, this was missed as an exception.

Watching shouldn't require "CAN_EDIT", so exempt it.

Test Plan:
  - Before change: tried to watch a project I could not edit, got a policy error.
  - After change: watched/unwatched a project I could not edit.

Reviewers: amckinley

Reviewed By: amckinley

Differential Revision: https://secure.phabricator.com/D19977
---
 .../editor/PhabricatorApplicationTransactionEditor.php         | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php b/src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php
index 854c361614..cd5125d3b3 100644
--- a/src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php
+++ b/src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php
@@ -1677,6 +1677,9 @@ abstract class PhabricatorApplicationTransactionEditor
 
         // You need CAN_EDIT to change members other than yourself.
         return PhabricatorPolicyCapability::CAN_EDIT;
+      case PhabricatorObjectHasWatcherEdgeType::EDGECONST:
+        // See PHI1024. Watching a project does not require CAN_EDIT.
+        return null;
       default:
         return PhabricatorPolicyCapability::CAN_EDIT;
     }