7.3 Members can view entries they do not have permission to edit.

ExpressionEngine / ExpressionEngine

ExpressionEngine is a flexible, feature-rich, free open-source content management platform that empowers hundreds of thousands of individuals and organizations around the world to easily manage their web site.

https://expressionengine.com

Other

455 stars 124 forks source link

7.3 Members can view entries they do not have permission to edit. #3563

Closed robinsowell closed 1 year ago

robinsowell commented 1 year ago

I have a user role with permission to create, edit their own entries and delete their own entries. That's it- they can't edit/delete other peoples'. I have a user assigned to only that role.

In 7.2.17, on the edit entry page, that user would only see the entries they authored. In 7.3, they see ALL of the entries. They can't click a link and edit them, and they can't select the checkbox. But they can see them all.

This is a change from 7.2.

intoeetive commented 1 year ago

The related discussion is happening in https://github.com/ExpressionEngine/ExpressionEngine/discussions/3091

intoeetive commented 1 year ago

We reverted behavior to be close to original in 7.3.5