New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Users without delete entries permission can delete entries #7233
Comments
The way the permissions are currently laid out, I’d say this is expected behavior. As you mentioned, the “Delete entries” permission is not a prerequisite for the “Delete other authors’ entries”. Perhaps for Craft 4 we could come up with some way of establishing cross-hierarchical permission prerequisites, so if “Delete entries” isn’t checked, then “Delete other authors’ entries” is greyed out. |
So you’re saying „Delete entries“ basically means „Delete own entries“? Could you please name it like this then? |
Does it work the same for „Publish live changes“? If this is unchecked and „Publish live changes for other authors entries“ is checked, the user can publish entries just not their own? |
If you don’t want to rename these permission settings, can you please provide this information (setting can be overruled) in an info tooltip? |
Sorry, good point, it was not consistent with Edit or Publish permissions. So I do agree this is a bug, and have fixed for the next release. |
Craft 3.5.17 is out now with this fix. |
Description
The user doesn’t have “Delete entries” permissions for a section. The “Delete entry” action shows on Edit Entry pages and on the Entry index page for that section (see related issue #7232), and clicking those does actually delete the entry.
The user does have the “Delete other authors’ entries” permission and the entry in question is actually created by another user. This shouldn’t be of relevance though as “Delete entries” should overrule “Delete other authors’ entries”.
Additional info
The text was updated successfully, but these errors were encountered: