Co-maintainer of a sandbox project can't promote that project

I think this might be a duplicate issue, but I can't find any at this time.

Note for reproducing this - the project has already been promoted (thanks!), test with a current sandbox project.

I think this might be fixed by changing edit project to update project in

function project_promote_project_access($node) {
  // This callback is only valid for projects that are sandboxes. Further,
  // restrict to users with either 'administer projects' or users that have
  // access to edit the project and a valid 'create full projects' permission.
  return project_promote_project_is_sandbox($node) && (user_access('administer projects') || (project_user_access($node, 'edit project') && (user_access('create full projects') || user_access("create full {$node->type} projects"))));
}

Why is module using 'edit project' when the following code is defining 'update project'?

function project_project_permission_info($project = NULL) {
  return array(
    'update project' => array(
      'title' => t('Edit project'),
      'description' => t('Allows a user to edit a project and modify its settings.'),
    ),
    'administer maintainers' => array(
      'title' => t('Administer maintainers'),
      'description' => t('Allows a user to add and remove other project maintainers and to modify their permissions.'),
    ),
  );
}

This could explain what happens since project_user_access() is the following function.

function project_user_access($project, $permission, $account = NULL) {
  global $user;

  if ($account == NULL) {
    $account = $user;
  }

  if (empty($account->uid)) {
    return FALSE;
  }

  $project_obj = is_numeric($project) ? node_load($project) : $project;
  if (!isset($project_obj) || (isset($project_obj->type) && !project_node_is_project($project_obj))) {
    return FALSE;
  }

  // If the user has the site-wide admin permission, always grant access.
  if (user_access('administer projects')) {
     return TRUE;
  }

  // Project owners are treated as super users and can always access.
  if ($account->uid == $project_obj->uid) {
    return TRUE;
  }

  // Otherwise, see if the user has the right permission for this project.
  return !empty($project_obj->project['maintainers'][$account->uid]['permissions'][$permission]);

  // If we haven't granted access yet, deny it.
  return FALSE;
}

It works for project owners because Project owners are treated as super users and can always access (as the comment says). For the other users, it checks a permission that doesn't exist, so they get access denied.

Since the code that updates the database table uses the following code, I would use this patch.

  db_merge('project_maintainer')
    ->key(array('nid' => $nid, 'uid' => $uid))
    ->fields(array(
      'update_project' => $permissions['update project'],
      'administer_maintainers' => $permissions['administer maintainers']
    ))
    ->execute();

Looks good.

This has been deployed.