Closed burningchair closed 2 hours ago
User with only "View entries" permission for one section is able to see other users entries in a custom source
User can not see other entries in custom source if he has no "view other users' entries" permission
User can see other entries
5.4.8
8.2.24
Linux 6.11.3-200.fc40.x86_64
PostgreSQL 14.12
Imagick 3.7.0 (ImageMagick 6.9.11-60)
CKEditor 4.x-dev Feed Me 6.5.0 Maps 5.0.3 Workflow 3.0.4
I did not see the "is viewable" filter option and it is also possible to restrict the access of custom sources to user groups.
imho "is viewable" should be the default value
What happened?
Description
User with only "View entries" permission for one section is able to see other users entries in a custom source
Steps to reproduce
Expected behavior
User can not see other entries in custom source if he has no "view other users' entries" permission
Actual behavior
User can see other entries
Craft CMS version
5.4.8
PHP version
8.2.24
Operating system and version
Linux 6.11.3-200.fc40.x86_64
Database type and version
PostgreSQL 14.12
Image driver and version
Imagick 3.7.0 (ImageMagick 6.9.11-60)
Installed plugins and versions
CKEditor 4.x-dev Feed Me 6.5.0 Maps 5.0.3 Workflow 3.0.4