User can edit their own entry even when permission is not set #3347
Comments
|
I noticed an issue after updating to version 7.4 where certain members were able to edit entries they shouldn't have been able to. Despite the role settings only allowing for editing their own, this specific role was able to edit all entries. This is a serious bug I think. Robin will create a separate bug report about this issue. |
|
@harthouse - that was a different issue where you were able to SEE (not edit) entries by other people, which we have addressed already |
intoeetive
added a commit
that referenced
this issue
Jul 13, 2023
…ould still access those with direct link
intoeetive
added a commit
that referenced
this issue
Aug 9, 2023
…ould still access those with direct link
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I set the "Create entries" permission but not the "Edit own entries" permission for a role. In this configuration, users can still edit their own entries by going to the URL to edit the entry. Similarly, after saving the entry, it drops them on the edit screen, which is a typical default screen, but not when the user doesn't have access to edit their own entries.
The text was updated successfully, but these errors were encountered: