View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0004148||Composr||core_permission_management||public||2020-02-25 05:20||2020-02-28 15:39|
|Reporter||Adam||Assigned To||Chris Graham|
|Fixed in Version||10.0.31|
|Summary||0004148: Submit mid-impact (medium visibility) content|
|Description||As part of providing an answer on the forum, I turned this privilege off for Guest and Members. However, logged in as test I still have access to the News link in CMS Zone, there is no Add button but I get the screen and intro text. I can also append &type=add to load the add screen. The only reason I cannot submit News as a Member is that the category dropdown is empty.|
|Tags||No tags attached.|
|Time estimation (hours)|
Technically I could argue this is not a bug.
Removing submit permission is only going to affect adding, so it's correct the whole CMS module doesn't disappear - maybe there is permission for editing still, or something else.
Permission could instead be removed to the cms_news page or the whole cms zone.
As for the form still being there, there could be permissions overridden on a category level to any of the news categories. As it happens, there aren't, and thus the list is empty. If they try and submit it will say they didn't select a category. Composr isn't going to be linking to that form normally, but it is conceivable for a site with complex permissions to have added custom links to submit to a particular permissive category..
But I do recognise it is messy. It should at least have an error message if there are no categories to select from rather than waiting until form submission. I'll handle it as a 'there are no categories' situation. That's technically not the correct error message, but there's no distinction between "no categories" and "no categories available to you" and I don't want us to have to create one.
Automated response: Possible to manually go to add news/blog/event URL even with no access
If you have no access to add news/blog-posts/calendar-events, the normal links and icons for doing so will be missing. But you can manually go to the form URL. No categories will be available for selection unless a category has been given overridding privileges to allow submission for that category/categories only.
It's a messy situation, we should not show empty lists that require selection. Show a generic error message instead.
Fixed in git commit 38ab16baf (https://gitlab.com/composr-foundation/composr/commit/38ab16baf - link will become active once code pushed to GitLab)
A hotfix (a TAR of files to upload) has been uploaded to this issue. These files are made to the latest intra-version state (i.e. may roll in earlier fixes too if made to the same files) - so only upload files newer than what you have already. If there are files in a hot-fix that you don't have then they probably relate to addons that you don't have installed and should be skipped. Always take backups of files you are replacing or keep a copy of the manual installer for your version, and only apply fixes you need. These hotfixes are not necessarily reliable or well supported. Not sure how to extract TAR files to your Windows computer? Try 7-zip (http://www.7-zip.org/).
hotfix-4148, 2020-02-28 1am.tar (183,808 bytes)
||From a user perspective, not having links to modules where actions cannot be performed is a good solution that eases any potential confusion. Thanks for the changes.|