Make WordPress Core

Opened 14 months ago

Last modified 14 months ago

#57751 reopened defect (bug)

contributor bypass asking for review

Reported by: almerion's profile almerion Owned by:
Milestone: Priority: normal
Severity: normal Version: 5.9.3
Component: Role/Capability Keywords: reporter-feedback
Focuses: Cc:

Description

Okay consider two persons, A and B
A has admin rights in wordpress
B has contributor rights in wordpress and don't have the right to publish or edit pages that aren't his pages
if A publish a page and then sets as the owner of the page B, B can edit the published page but he can't update it, the button update is replaced by the usual "ask for review" because the page is published, however if he use the shortcut "ctrl +s" he will bypass the review and the published page will be updated without the review of a superior user

Change History (10)

#1 follow-up: @johnbillion
14 months ago

  • Keywords reporter-feedback added; needs-patch removed

Thank you for the report @almerion. Are you testing this with a standard WordPress website with a default theme in use and no plugins active? I ask because a Contributor cannot normally edit a published post, regardless of whether they are the author or not. I'm unable to reproduce this issue because a Contributor cannot edit the post once it's published, therefore they cannot access the editing screen for that post.

#2 in reply to: ↑ 1 @almerion
14 months ago

Replying to johnbillion:

Thank you for the report @almerion. Are you testing this with a standard WordPress website with a default theme in use and no plugins active? I ask because a Contributor cannot normally edit a published post, regardless of whether they are the author or not. I'm unable to reproduce this issue because a Contributor cannot edit the post once it's published, therefore they cannot access the editing screen for that post.

Yes i tested it with a standard wordpress website, i just changed the rights of the contributor so he gets those access :

edit_posts = true
read = true
delete_posts = true
edit pages = true
delete_pages = true
edit_published_pages=true
edit_private_pages = true
upload_files = true

#3 @johnbillion
14 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

Thanks, then the reason this is possible is because you're giving the role permission to do that.

#4 follow-up: @knutsp
14 months ago

If edit_published_pages=true then why is the primary button "Ask for review" and not "Update"? If a save with ctrl+S goes trough without unpublishing, then button should show "Update" and do the same thing.

#5 in reply to: ↑ 4 @almerion
14 months ago

  • Resolution invalid deleted
  • Status changed from closed to reopened

Replying to knutsp:

If edit_published_pages=true then why is the primary button "Ask for review" and not "Update"? If a save with ctrl+S goes trough without unpublishing, then button should show "Update" and do the same thing.

Well i thought it was the other way, i thought the button was right and ctrl + s was bypassing the review but yep, if we should be able to update with those rights the button should be "update" and not "send to review"

#6 @manfcarlo
14 months ago

#57750 was marked as a duplicate.

#7 follow-up: @manfcarlo
14 months ago

Does the behaviour differ between the classic editor and block editor?

#8 in reply to: ↑ 7 @almerion
14 months ago

Replying to manfcarlo:

Does the behaviour differ between the classic editor and block editor?

What do you mean by classic editor and block editor ? You mean the code editor and the visual editor ?

#9 follow-up: @manfcarlo
14 months ago

No, I mean activating and deactivating the Classic Editor plugin and checking whether the behaviour differs. For example, if it only happens without the plugin, then the issue might need to be reported in the gutenberg repository.

#10 in reply to: ↑ 9 @almerion
14 months ago

Replying to manfcarlo:

No, I mean activating and deactivating the Classic Editor plugin and checking whether the behaviour differs. For example, if it only happens without the plugin, then the issue might need to be reported in the gutenberg repository.

I'm getting the same problem but the other way, the button says "update" and it works when i click on it but when i do the shortcut "ctrl + s" it says that the page is saved as draft and doesn't update the published page and it also doesn't seem to save anything not even in draft

Note: See TracTickets for help on using tickets.