Description
EE 6.1.5
PHP 7.4.23
We like to give our "Site Admin" Role members the ability to edit/add/delete categories from within their entries, but restrict the ability for them to delete entire category groups.
I noticed that having "Access channel manager" toggled-ON from the role's configuration + checking all the "Channel categories" selected actions gave them more permission than I wanted, so I toggled-OFF "Access channel manager."
Issue 1: "Categories" disappeared from the Site Admin's sidebar menu, but they're still able to edit categories at the .../admin.php?/cp/categories/group/# path.
- So if they bookmarked the Categories page in their browser, they'll still be able to edit things.
- I tested out checking/enabling all of the selected actions of "Channels" (under "Access channel manager"). As expected/hoped for, when I turned off "Access channel manager" for the role and used the .../admin.php?/cp/channels path to see if my Site Admins still had access to the Channel settings, I got an error message.
Issue 2: Once "Access channel manager" has been toggled-OFF and the member Role's settings saved, the nested permissions (Channels, Channel fields, Channel categories, and Statuses) remain visible, which makes it appear as though those selected actions are still permitted.
- See screenshots for illustration of this change in settings, and the resulting UX confusion
