Non-superusers can permanently delete pages from the trash

[adrianbj]

Short description of the issue

If a user with page delete permissions visits a page in the trash they will see the "Delete Permanently" option.

Expected behavior

Only superusers should be able to permanently delete pages

Actual behavior

Anyone with page delete permissions can permanently delete pages from the trash.

Optional: Suggestion for a possible fix

Simple fix would be to prevent non superusers from seeing the Delete tab when a page is in the trash. I think perhaps a better solution would be separate page-trash and page-delete permissions, but that sounds like a breaking change.

[ryancramerdesign]

@adrianbj The page-delete permission does allow deleting of pages, though only pages they have page-delete permission assigned to. The user would also need access to the trash in order to get there. Would the page-edit-trash-created permission be better for your use case?

[adrianbj]

@ryancramerdesign - I don't think the page-edit-trash-created helps either. Basically I don't want any non-superusers to be able to delete anything permanently.

The problem is that even though non-superusers can't see the trash branch, if they have a direct link to edit a page in the trash they can access it and use the delete permanently option.

Perhaps my only solution is to hook into ProcessPageEdit::buildForm and remove the delete tab and Pages::delete just to make sure.