What happened?
Description
Authors who have permission to view, create, save and delete their own entries in a section that allows for more than one author per entry, but who don't have the permission to view other users' entries, can no longer add additional authors or edit the existing authors on entries where they are an author.
This is a change from previous behavior. When multiple authors per entry was first released, the behavior described above was allowed. I believe it may have changed as a result of this update -> #18298
But this change in behavior doesn't seem to be within the intent of that update, which was intended to prevent people who are not authors on entries but who had the ability to view and save other users' entries from hijacking these entries and making changes to them. In this case, it is preventing users who are authors from editing their own entries in a specific way.
The result is that there no longer appears to be a way to allow more than one user to view or edit a specific entry without allowing those users who need this ability to view ALL other entries in the section.
Steps to reproduce
- While impersonating a user who has permission to view, create, save and delete their own entries in a section that allows for more than one author per entry, but who doesn't have the permission to view other users' entries, create a new entry.
- Attempt to add an additional author to the entry.
Expected behavior
- Should allow this user to add additional authors to entries on which they are an author.
- Should allow this user to remove additional authors from entries on which they are an author.
Actual behavior
- Doesn't allow the user who is an author on the entry to add additional authors or delete existing authors.
Craft CMS version
5.9.18
PHP version
8.3.14
What happened?
Description
Authors who have permission to view, create, save and delete their own entries in a section that allows for more than one author per entry, but who don't have the permission to view other users' entries, can no longer add additional authors or edit the existing authors on entries where they are an author.
This is a change from previous behavior. When multiple authors per entry was first released, the behavior described above was allowed. I believe it may have changed as a result of this update -> #18298
But this change in behavior doesn't seem to be within the intent of that update, which was intended to prevent people who are not authors on entries but who had the ability to view and save other users' entries from hijacking these entries and making changes to them. In this case, it is preventing users who are authors from editing their own entries in a specific way.
The result is that there no longer appears to be a way to allow more than one user to view or edit a specific entry without allowing those users who need this ability to view ALL other entries in the section.
Steps to reproduce
Expected behavior
Actual behavior
Craft CMS version
5.9.18
PHP version
8.3.14