Open adrianbj opened 3 months ago
@adrianbj The page-delete permission does allow deleting of pages, though only pages they have page-delete permission assigned to. The user would also need access to the trash in order to get there. Would the page-edit-trash-created
permission be better for your use case?
@ryancramerdesign - I don't think the page-edit-trash-created
helps either. Basically I don't want any non-superusers to be able to delete anything permanently.
The problem is that even though non-superusers can't see the trash branch, if they have a direct link to edit a page in the trash they can access it and use the delete permanently option.
Perhaps my only solution is to hook into ProcessPageEdit::buildForm
and remove the delete tab and Pages::delete
just to make sure.
Short description of the issue
If a user with page delete permissions visits a page in the trash they will see the "Delete Permanently" option.
Expected behavior
Only superusers should be able to permanently delete pages
Actual behavior
Anyone with page delete permissions can permanently delete pages from the trash.
Optional: Suggestion for a possible fix
Simple fix would be to prevent non superusers from seeing the Delete tab when a page is in the trash. I think perhaps a better solution would be separate
page-trash
andpage-delete
permissions, but that sounds like a breaking change.