Special "author" permissions: visibility and "updated_by" not behaving as expected

schwemmer commented 1 year ago

Bug description

I have a Collection named "Publications" and a role "Publication Editor" who can only create, edit and delete their own "Publications". For this, I added a field "Relationship > Users" and called the handle "author" and the label "Created by".

The id of the user that created the entry was only added to the flat file when I created a new entry as a "Publication Editor" but not when creating it as a super admin.
When I add an entry as Publication Editor, it gets an id and "updated_by" of that user in the flat file, as expected. When I then edit it as a super admin, the "updated_by" changes to my id, as expected. When I then edit it again as "Publication Editor", it does not update the "updated_by" field to their id (not expected)
When I set the visibility of the "author" field to "hidden" in the blueprint, the field is not shown for super admins, as expected, but the field is shown as "read only" when impersonating a Publication Editor (not expected).

How to reproduce

Create a collection
Add a Relationship > User field to the collection's blueprint
Add a role with permissions to create, edit and delete their own entries from that collection
Follow the steps as described above in the "Bug description"

Logs

No response

Environment

Environment
Laravel Version: 9.52.10
PHP Version: 8.2.7
Composer Version: 2.5.8
Environment: local
Debug Mode: ENABLED
URL: localhost:8003
Maintenance Mode: OFF

Cache
Config: NOT CACHED
Events: NOT CACHED
Routes: NOT CACHED
Views: CACHED

Drivers
Broadcasting: log
Cache: statamic
Database: mysql
Logs: stack / single
Mail: smtp
Queue: sync
Session: file

Statamic
Addons: 3
Antlers: runtime
Stache Watcher: Enabled
Static Caching: Disabled
Version: 4.10.1 PRO

Statamic Addons
aryehraber/statamic-impersonator: 2.6.0
jacksleight/statamic-bard-texstyle: 3.1.3
textandbytes/cp-assets: dev-main

Installation

Fresh statamic/statamic site via CLI

Antlers Parser

runtime (new)

Additional details

No response

duncanmcclean commented 8 months ago

Statamic doesn't automatically set the "Author" field when a super user creates/edits entries. This is intentional so when a super user edits another author's entry, they don't take over the entry from the original author.

However, super users are able to edit the "Author" field so they could assign themselves as the author of the entry.

^ Although, make sure the "Visibility" of the author field is set to "Visible". Statamic will handle adjusting the visibility based on user permissions.

If you don't need any of the author permissions magic, change the handle of the users field to something else and set the value in a listener based on the currently authenticated user.

jesseleite commented 8 months ago

PS. To add to that, you can read more about how Statamic handles the reserved author field here:

schwemmer commented 8 months ago

Thank you for your explanations.

statamic / cms