Opened 19 months ago
Last modified 19 months ago
#57751 reopened defect (bug)
contributor bypass asking for review
Reported by: | almerion | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 5.9.3 |
Component: | Role/Capability | Keywords: | reporter-feedback |
Focuses: | Cc: |
Description
Okay consider two persons, A and B
A has admin rights in wordpress
B has contributor rights in wordpress and don't have the right to publish or edit pages that aren't his pages
if A publish a page and then sets as the owner of the page B, B can edit the published page but he can't update it, the button update is replaced by the usual "ask for review" because the page is published, however if he use the shortcut "ctrl +s" he will bypass the review and the published page will be updated without the review of a superior user
Change History (10)
#2
in reply to:
↑ 1
@
19 months ago
Replying to johnbillion:
Thank you for the report @almerion. Are you testing this with a standard WordPress website with a default theme in use and no plugins active? I ask because a Contributor cannot normally edit a published post, regardless of whether they are the author or not. I'm unable to reproduce this issue because a Contributor cannot edit the post once it's published, therefore they cannot access the editing screen for that post.
Yes i tested it with a standard wordpress website, i just changed the rights of the contributor so he gets those access :
edit_posts = true
read = true
delete_posts = true
edit pages = true
delete_pages = true
edit_published_pages=true
edit_private_pages = true
upload_files = true
#3
@
19 months ago
- Milestone Awaiting Review deleted
- Resolution set to invalid
- Status changed from new to closed
Thanks, then the reason this is possible is because you're giving the role permission to do that.
#4
follow-up:
↓ 5
@
19 months ago
If edit_published_pages
=true then why is the primary button "Ask for review" and not "Update"? If a save with ctrl+S goes trough without unpublishing, then button should show "Update" and do the same thing.
#5
in reply to:
↑ 4
@
19 months ago
- Resolution invalid deleted
- Status changed from closed to reopened
Replying to knutsp:
If
edit_published_pages
=true then why is the primary button "Ask for review" and not "Update"? If a save with ctrl+S goes trough without unpublishing, then button should show "Update" and do the same thing.
Well i thought it was the other way, i thought the button was right and ctrl + s was bypassing the review but yep, if we should be able to update with those rights the button should be "update" and not "send to review"
#7
follow-up:
↓ 8
@
19 months ago
Does the behaviour differ between the classic editor and block editor?
#8
in reply to:
↑ 7
@
19 months ago
Replying to manfcarlo:
Does the behaviour differ between the classic editor and block editor?
What do you mean by classic editor and block editor ? You mean the code editor and the visual editor ?
#9
follow-up:
↓ 10
@
19 months ago
No, I mean activating and deactivating the Classic Editor plugin and checking whether the behaviour differs. For example, if it only happens without the plugin, then the issue might need to be reported in the gutenberg repository.
#10
in reply to:
↑ 9
@
19 months ago
Replying to manfcarlo:
No, I mean activating and deactivating the Classic Editor plugin and checking whether the behaviour differs. For example, if it only happens without the plugin, then the issue might need to be reported in the gutenberg repository.
I'm getting the same problem but the other way, the button says "update" and it works when i click on it but when i do the shortcut "ctrl + s" it says that the page is saved as draft and doesn't update the published page and it also doesn't seem to save anything not even in draft
Thank you for the report @almerion. Are you testing this with a standard WordPress website with a default theme in use and no plugins active? I ask because a Contributor cannot normally edit a published post, regardless of whether they are the author or not. I'm unable to reproduce this issue because a Contributor cannot edit the post once it's published, therefore they cannot access the editing screen for that post.