Wrong permissions applied to upload plugin #8206
Labels
severity: low
If the issue only affects a very niche base of users and an easily implemented workaround can solve
source: core:upload
Source is core/upload package
Describe the bug
The permissions applied to the upload plugin settings is incorect. In order to update the ML’s settings the user should only need the
plugins::upload.settings.read
permission and currently it’s bind toplugins::upload.assets.read
.Steps to reproduce the behaviour
{ action: 'plugins::upload.settings.read', subject: null }
{ action: 'plugins::upload.read', subject: null }
permission to its roleExpected behavior
The permissions should be this one :
{ action: 'plugins::upload.settings.read', subject: null }
System
Additional context:
There is no work to do on the admin 😉
The text was updated successfully, but these errors were encountered: