longhotsummer
commented
1 day ago @actlikewill please describe the solution and the @Sandravaphilips can implement
Open niiroobiro opened 1 day ago
longhotsummer
commented
1 day ago @actlikewill please describe the solution and the @Sandravaphilips can implement
actlikewill
commented
1 day ago Logged in users have the access to the 'Edit' button in the document detail view. That opens up the external document editing platform(indigo or caselaw) or local admin on the dropdown depending on the configuration. These both require that the user have the coredocument editor permissions.
That permission is a little too high level to grant all editors. Instead we want to have those links only require that the user is a staff to view that button.
Change the requirement for both of those to user.is_staff
We need to review the permissions that allow users to edit documents, especially the KL team making edits on Tausi.