Currently users have very broad permissions for editing differentials, while we heavily restrict the editing abilities for tickets. This was causing a recent incident on the bug tracker were a user edited titles of other people's differentials to draw attention to this problem.
On tickets we are being very restrictive, regular users are not allowed to change anything besides:
- Assign / Claim
On differentials they are allowed to modify everything. They can change:
- Commandeer Revision (essentially take ownership)
- Update the diff
While we want to be as open as possible so that every member of the community can participate in the development, some of these permissions should likely not be given to a regular user.