Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"Manage publish state" permission not working #1011

Closed
steveooo1 opened this issue Nov 27, 2019 · 10 comments · Fixed by #3039
Closed

"Manage publish state" permission not working #1011

steveooo1 opened this issue Nov 27, 2019 · 10 comments · Fixed by #3039

Comments

@steveooo1
Copy link

steveooo1 commented Nov 27, 2019
edited
Loading

I created a test user with a role that disallows managing publish states. E.g. for authors that only are able to create stuff, but not publish it before a proofreader approves this. I unchecked the "Manage publish state" option but still, I am able as the user to publish entries.

CleanShot 2019-11-27 at 23 46 44@2x

CleanShot 2019-11-27 at 23 49 22@2x

The resources/users/roles.yaml:

author:
  title: Author
  permissions:
    - 'access cp'
    - 'view test entries'
    - 'edit test entries'
    - 'create test entries'
@goellner
Copy link
Contributor

goellner commented Dec 3, 2019

I just set up the exact same thing, since I will need it for a project. I can confirm, that the user can manage the publish state, which he shouldn't.

@taoguangc
Copy link
Contributor

Yes I have this problem too! And at the page list can sort pages.

@steveooo1
Copy link
Author

I hope this gets fixed in a future release!

@jasonvarga
Copy link
Member

It cannot be fixed in a previous release!

@steveooo1
Copy link
Author

Therefore it must be fixed in a future release…or the current.

@steveooo1
Copy link
Author

Wanna fight?! 4pm in the backjard of your school. 1 vs 1.

@steveooo1
Copy link
Author

I bring my bike crib gang..

@jackmcdade jackmcdade added the bug label Apr 4, 2020
@tao
Copy link
Contributor

tao commented Oct 6, 2020

The same bug seems to apply to creating/publishing revisions, and deleting entries.

@tbruckmaier
Copy link

tbruckmaier commented Oct 21, 2020
edited
Loading

The logic seems to work when revisions are enabled, though there are some UX issues: the user without the publish permission sees the "publish" button, but a click on it returns "error: request failed with status 403" and the entry is (correctly) not published. The user with publish rights can publish afterwards.

Also the revision's author is changed to the publishing user, I'm not sure if that is intended?

And another thing: if the non-publishing user saves a revision, he can no longer edit anything, as the form is displayed as readonly. Only if his changes are published, he can create a new revision. Or am I using this wrong? Nope that was just a problem with my custom permissions, works fine!

To sum it up, the publish feature with the permissions works fine if revisions are enabled (just the publish button is displayed when it shouldnt). So maybe just the docs have to be updated?

@duncanmcclean duncanmcclean mentioned this issue Dec 19, 2020
Merged
@duncanmcclean
Copy link
Member

I've created a pull request which will set the published toggle to be read only if a user doesn't have the correct set of permissions. #3039

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Read-only Publish toggle on Entries
8 participants
@jackmcdade @jasonvarga @tao @goellner @tbruckmaier @duncanmcclean @taoguangc @steveooo1