Users without delete entries permission can delete entries #7233
Comments
|
The way the permissions are currently laid out, I’d say this is expected behavior. As you mentioned, the “Delete entries” permission is not a prerequisite for the “Delete other authors’ entries”.
Perhaps for Craft 4 we could come up with some way of establishing cross-hierarchical permission prerequisites, so if “Delete entries” isn’t checked, then “Delete other authors’ entries” is greyed out. |
brandonkelly
added
enhancement
|
So you’re saying „Delete entries“ basically means „Delete own entries“? Could you please name it like this then? |
|
Does it work the same for „Publish live changes“? If this is unchecked and „Publish live changes for other authors entries“ is checked, the user can publish entries just not their own? |
|
If you don’t want to rename these permission settings, can you please provide this information (setting can be overruled) in an info tooltip? |
brandonkelly
added
bug
severity:normal
Sorry, good point, it was not consistent with Edit or Publish permissions. So I do agree this is a bug, and have fixed for the next release. |
|
Craft 3.5.17 is out now with this fix. |
Description
The user doesn’t have “Delete entries” permissions for a section. The “Delete entry” action shows on Edit Entry pages and on the Entry index page for that section (see related issue #7232), and clicking those does actually delete the entry.
The user does have the “Delete other authors’ entries” permission and the entry in question is actually created by another user. This shouldn’t be of relevance though as “Delete entries” should overrule “Delete other authors’ entries”.
Additional info
The text was updated successfully, but these errors were encountered: