Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Reviewer can't approve/reject from entry page when permissions are missing, but still can from the submission list #184

Open
uandco opened this issue Feb 8, 2023 · 1 comment

Comments

@uandco
Copy link

uandco commented Feb 8, 2023

Describe the bug

I had forgotten to set the permission Save other users’ drafts on my a reviewer.

When viewing an entry requiring approval as this reviewer, the comment/approve/reject section would show up as normal but none of the buttons would work (nothing happened at all when clicking, no XHR request, no JS error, just as if the click event was disabled).

From the workflow submissions list, the same user could still approve/reject though.

I reckon it comes from how Craft handles the sidebar, and would prevent anything to be modified from the entry page if the user attempting the change doesn't have the permission to do so.

I'm not sure what's the best fix for this. Either bypass the check and still allow the approve/reject, or not show the comment/approve/reject section at all, or display a warning message mentioning higher permissions are needed (I would go with that one).

Steps to reproduce

  1. Do not set the Save other users’ drafts permission for entries (for example pages) on the reviewer group
  2. Create a user (we'll call it "user B") in that group
  3. Create a new draft with user A (author)
  4. Submit the draft for review
  5. Review the draft with User B
  6. Click the entry
  7. Try to click "Accept" or "Reject" in the review box, beloew "Comments"

Craft CMS version

Craft Pro 4.3.7.1

Plugin version

2.0.3

Multi-site?

No

Additional context

No response

@engram-design
Copy link
Member

engram-design commented Feb 11, 2023

Hmmm, now that is indeed tricky. In that scenario, there's a "Save" or "Apply" button on the top-right of the page to save the entry (without Workflow factored in at all), due to the permissions for the user. This is because they can't do anything with the entry, but Workflow should probably be aware of that.

I think if anything, maybe the Workflow panel shouldn't be shown in this scenario as you can't do anything meaningful. We should also probably be adding a check to approval process on the Workflow area as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants