Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"Globals" nav item visible for non-super-user in multisite, even without permission to manage globals in selected site #10152

Open
duncanmcclean opened this issue May 21, 2024 · 0 comments
Open

"Globals" nav item visible for non-super-user in multisite, even without permission to manage globals in selected site #10152

duncanmcclean opened this issue May 21, 2024 · 0 comments
Labels
multisite

Comments

@duncanmcclean
Copy link
Member

Bug description

On a multisite, when logged in as a non-super-user, if you have access to edit globals in one site but can't edit any globals in another site, you'll still see the "Globals" nav item even if you don't have access to any globals in that site.

For a better description of the issue, see the "How to reproduce" steps.

This isn't just an issue with globals, but also with navigations, taxonomies and collections. Globals is just the one I've picked on as an example.

Related: #9583

How to reproduce

  1. Setup a multi-site with 2 sites
  2. Create a global set that's only available in 1 one of those sites
  3. Create a role w/ permission to access that global
  4. Create a user w/ that role
  5. Login as that user
  6. Switch to site A (assuming this is the one with the global in)
  7. See "Globals" in the nav & see it has a child nav item
  8. Switch to site B (assuming this is the one without the global in)
  9. See "Globals" in the nav & that it has no child nav items
    • Expectation: If the user doesn't have access to edit globals in that site, the "Globals" nav item shouldn't be shown at all.

Logs

No response

Environment

Environment
Application Name: Harvest Statamic
Laravel Version: 10.48.11
PHP Version: 8.3.0
Composer Version: 2.6.3
Environment: local
Debug Mode: ENABLED
URL: harvestglasgow.test
Maintenance Mode: OFF

Cache
Config: NOT CACHED
Events: NOT CACHED
Routes: NOT CACHED
Views: CACHED

Drivers
Broadcasting: log
Cache: redis
Database: mysql
Logs: stack / single
Mail: smtp
Queue: sync
Session: file

Livewire
Livewire: v3.4.12

Statamic
Addons: 2
Sites: 4 (Harvest Glasgow, Harvest Ayr, Rooted Conference, Rooted Churches)
Stache Watcher: Enabled
Static Caching: Disabled
Version: 5.3.0 PRO

Statamic Addons
duncanmcclean/static-cache-manager: 4.0.0
jonassiewertsen/statamic-livewire: 3.3.1

Installation

Fresh statamic/statamic site via CLI

Additional details

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
multisite
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@duncanmcclean