Possible to access unpublished articles when not logged in

[NateWr]

Describe the bug
It is possible to access unpublished articles when not logged in or to access unpublished articles which you are not assigned to.

[NateWr]

It looks like this went wrong with an attempt to implement a preview feature. Rather than sort out the access control issues at this late stage, I've removed the preview button and blocked all access to unpublished articles on the frontend.

I checked OMP. There was no preview feature and no access to unpublished articles.

PRs:
#5564
pkp/ojs#2651

[asmecher]

Thanks, @NateWr -- merged and cherry-picked to OPS.

[Vitaliy-1]

@NateWr If the article is in the unpublished state after being published, it still can be viewed without authorization in 3.2.0-3.

[NateWr]

Can you describe what you mean by "if the article is in the unpublished state after being published"? If it is published it should have STATUS_PUBLISHED.

[Vitaliy-1]

Article that was once published but then unpublished by pressing unpublish button.

[Vitaliy-1]

Submission:

208	uk_UA	1	4	2019-12-17 22:06:47	2020-01-20 11:39:34	3	0	5	173	2020-05-14 16:21:03

Publication:

174	0	2020-03-23	2020-05-14 16:21:03	uk_UA	336	4	4	208	1		4	

Or it should to be this way?

[Vitaliy-1]

Ahh, by ID I see that the 4th version is unpublished which means that 3rd should be shown instead (publication with id 173), right?

[Vitaliy-1]

(a bit confusing to me but looks like it works as it should, false alarm)

[NateWr]

👍 Yeah you can unpublish a previously published version. But if another published version exists, the submission should remain available.