You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When a user does not have the full access to an entity he cannot use the toggle publish status action.
How can we reproduce this issue?
Step 1: Remove administrator / full access to contact segments for a user. Give edit / view permission.
Try to toggle publish status in segment list overview. See access denied, while this should be granted.
Relevant log output
No response
Code of Conduct
I confirm that I have read and agree to follow this project's Code of Conduct
Care about this issue? Want to get it resolved sooner? If you are a member of Mautic, you can add some funds to the Bounties Project so that the person who completes this task can claim those funds once it is merged by a member of the core team! Read the docs here.
The text was updated successfully, but these errors were encountered:
What this does, is it checks if the full permission exists, which it does. Then checks if permission is granted (which is not), and thus skips the further checks.
Not sure how to fix this securely, so posting an issue for it.
If somebody can provide some pointers to existing code where this is done correctly i'm happy to create a PR.
I think the simplest adjustment is keep checking untill we encounter true, so that would be something like below.
RCheesley
added
roles
Anything related to users and roles
T1
Low difficulty to fix (issue) or test (PR)
and removed
needs-triage
For new issues/PRs that need to be triaged
labels
Apr 29, 2024
Mautic Version
5.0.x series
Way of installing
I installed with composer using https://github.com/mautic/recommended-project
PHP version
8.1
What browsers are you seeing the problem on?
Not relevant
What happened?
When a user does not have the full access to an entity he cannot use the toggle publish status action.
How can we reproduce this issue?
Step 1: Remove administrator / full access to contact segments for a user. Give edit / view permission.
Try to toggle publish status in segment list overview. See access denied, while this should be granted.
Relevant log output
No response
Code of Conduct
Care about this issue? Want to get it resolved sooner? If you are a member of Mautic, you can add some funds to the Bounties Project so that the person who completes this task can claim those funds once it is merged by a member of the core team! Read the docs here.
The text was updated successfully, but these errors were encountered: