search

TACC / Core-CMS

The Core CMS codebase used by TACC Portals.
https://cep.tacc.utexas.edu
2 stars 1 forks source link

hotfix: do not let editors publish by default #820

Closed wesleyboar closed 3 months ago

wesleyboar commented 3 months ago

Overview

Do not let editors publish by default.

The permission to publish must only be given via "Page Publisher" group, so it is obvious who has publishing, the most dangerous permission.

P.S. News Editor can still publish, because publishing articles is really just editing a boolean option on the article; thus, for News, edit article equals publish article.

Related

N/A. I just noticed this while testing publish permission for a user that mysteriously already had permission.

Changes

Testing

Skipped, but would be:

  1. Create/Find CMS without these groups.
  2. Add these groups via script off of this branch.
  3. Create a test staff user assigned to these groups.
  4. Give this group permission to publish only the home page.
  5. Verify staff user cannot publish.
  6. Add "Can publish page" permission to this group.
  7. Verify staff user can publish.

UI

Skipped.