User with lower permissions get a bad request when trying to save a draft with errors

[cookie10codes]

Description

We have a client who tries to save her drafts but get a 400 bad request. I saw that a field had errors. When I try to save it with my admin account, I see the error. When my clients tries to save it, she git a 400 error (see on the screenshot).

The permissions for this user and section type seems to be correct. They have all the rights

Additional info

• Craft version: Craft Pro 3.7.13
• PHP version: 8.0.5
• Database driver & version: MySQL 8.0.24

[brandonkelly]

What error is your client seeing?

[cookie10codes]

the screenshot with the HTTP 400

[brandonkelly]

To confirm, you are saying you are seeing the same error when saving from your admin account? In that case, what did you mean by “user with lower permissions” in the issue title?

[samhibberd]

We've just run into this issue (although it may not be an issue) I think, we have some custom validation rules on a couple of custom fields on our entry, which are causing the draft to fail saving (red warning sign) logs confirm the validation errors are hit. Then on hitting save (cmd+s) we run into the Request missing required body param 400 error due to no draftId being present in the request.

Reason i'm not 100% that this is a bug (in our case), is that we are running this validation for all scenarios (by choice) and as a result the draft is not being created. Trying to restrict our custom validation to only validate when not a draft, didn't seem to work, using on and checking $model->getIsDraft(), like I would have expected it to.

Ideally (and we kinda expected) the entry would run the save and present any errors as it usually would irrelevant of the automatic draft stuff.

NB. For us setting autosaveDrafts to false allowed us to workaround.

[vitalijalbu]

Yes, I also have this type of error. can it be fixed asap??

[timkelty]

@cookie10codes @samhibberd @vitalijalbu I'm unable to produce this with a vanilla install of Craft.

Can one of you share your composer.json/lock, config, and possibly a db dump? You can share to support@craftcms.com

[vitalijalbu]

@cookie10codes @samhibberd @vitalijalbu I'm unable to produce this with a vanilla install of Craft.

Can one of you share your composer.json/lock, config, and possibly a db dump? You can share to support@craftcms.com

{ "require": { "craftcms/cms": "3.7.27.1", "craftcms/redactor": "2.8.8", "ether/seo": "3.7.4", "verbb/field-manager": "2.2.4", "vlucas/phpdotenv": "^3.4.0" }, "require-dev": { "yiisoft/yii2-shell": "^2.0.3" }, "autoload": { "psr-4": { "modules\": "modules/" } }, "config": { "sort-packages": true, "optimize-autoloader": true, "platform": { "php": "7.2.5" } }, "scripts": { "post-root-package-install": [ "@php -r \"file_exists('.env') || copy('.env.example', '.env');\"" ] } }

Also from this version I'm not able to update to latest version

[cookie10codes]

hi @vitalijalbu, that project isn't in use anymore, so this issue is closed for me. hopefully you can help the others to get around this :-)

[timkelty]

draftId gets added by js, so I would check your javascript console for errors. Also, try in a different browser/incognito mode w/o any browser extensions enabled.