flarum / framework

Simple forum software for building great communities.
http://flarum.org/
6.38k stars 837 forks source link

Approving flagged posts / Edit posts permission #3594

Open tyler71 opened 2 years ago

tyler71 commented 2 years ago

Current Behavior

I have a group I would like to be able to review flagged posts and approve them. I have the following permissions enabled for them

This works for posts when posted on an existing discussion. For new discussions, a flag will be raised the users in this group can view and click on.

However, this will return a 404 Not Found error with a spinning loading icon.

If I add the permission, "Edit posts" to the group, they are then able to view the pending new discussion and approve it. However, I do not want to allow these users the permission to edit posts, I just want them to be able to approve it.

Steps to Reproduce

  1. Enable the following permissions for the group
    • View flagged posts
    • Approve posts
  2. User can view new discussions that need approval in the flagging system, but gets a 404 error when trying to view it
  3. Add in Edit posts permission
  4. User can now view a pending discussion

Expected Behavior

I expect users to be able to view and approve new discussions with the following privileges. At a minimum, if they can't view the new thread, they shouldn't see it flagged either.

Screenshots

Environment

Output of php flarum info

Flarum core 1.4.0
PHP version: 8.1.9
MySQL version: 10.5.16-MariaDB-1:10.5.16+maria~focal
Loaded extensions: Core, date, libxml, openssl, pcre, sqlite3, zlib, ctype, curl, dom, fileinfo, filter, ftp, hash, iconv, json, mbstring, SPL, PDO, session, posix, readline, Reflection, standard, SimpleXML, pdo_sqlite, Phar, tokenizer, xml, xmlreader, xmlwriter, mysqlnd, exif, gd, intl, pdo_mysql, zip, Zend OPcache
+-------------------------------------+---------+--------+
| Flarum Extensions                   |         |        |
+-------------------------------------+---------+--------+
| ID                                  | Version | Commit |
+-------------------------------------+---------+--------+
| flarum-flags                        | v1.4.0  |        |
| flarum-approval                     | v1.4.0  |        |
| flarum-tags                         | v1.4.0  |        |
| flarum-suspend                      | v1.4.0  |        |
| flarum-sticky                       | v1.4.0  |        |
| flarum-lock                         | v1.4.0  |        |
| flarum-subscriptions                | v1.4.0  |        |
| fof-byobu                           | 1.1.6   |        |
| flarum-markdown                     | v1.4.0  |        |
| v17development-seo                  | v1.8.0  |        |
| sycho-move-posts                    | v0.1.6  |        |
| nearata-internal-links-noreload     | v2.0.1  |        |
| kyrne-websocket                     | 3.3.0   |        |
| kilowhat-audit-free                 | 1.5.1   |        |
| fof-user-bio                        | 1.1.0   |        |
| fof-upload                          | 1.2.3   |        |
| fof-spamblock                       | 1.0.2   |        |
| fof-sitemap                         | 1.0.3   |        |
| fof-secure-https                    | 1.1.0   |        |
| fof-oauth                           | 1.2.2   |        |
| fof-nightmode                       | 1.4.0   |        |
| fof-moderator-notes                 | 1.1.0   |        |
| fof-links                           | 1.1.1   |        |
| fof-formatting                      | 1.0.2   |        |
| fof-follow-tags                     | 1.1.5   |        |
| fof-filter                          | 1.1.1   |        |
| fof-drafts                          | 1.1.2   |        |
| fof-analytics                       | 1.0.0   |        |
| flarum-statistics                   | v1.4.0  |        |
| flarum-mentions                     | v1.4.0  |        |
| flarum-likes                        | v1.4.0  |        |
| flarum-lang-english                 | v1.4.0  |        |
| flarum-emoji                        | v1.4.0  |        |
| flarum-bbcode                       | v1.4.0  |        |
| darkle-fancybox                     | 1.1.2   |        |
| clarkwinkelmann-first-post-approval | 1.0.0   |        |
| blomstra-payments                   | 0.4.0   |        |
| blomstra-cache-assets               | 0.5     |        |
| askvortsov-rich-text                | v2.1.7  |        |
| askvortsov-markdown-tables          | v1.2.1  |        |
| askvortsov-checklist                | v1.3.1  |        |
| acpl-lscache                        | 0.4.1   |        |
+-------------------------------------+---------+--------+
Base URL: https://flarum.dev.lan
Installation path: /app
Queue driver: redis
Mail driver: log
Debug mode: ON

Possible Solution

No response

Additional Context

Existing at least since Oct 2021

imorland commented 2 years ago

Hey @tyler71 thanks for the report.

I'll take a look at this, and see what we can do with these permissions. Something tells me I've come across this scenario before somewhere..