search

statamic / cms

The core Laravel CMS Composer package
https://statamic.com
Other
3.71k stars 508 forks source link

Importing Author Fieldset breaks Permissions #8805

Open binoclard opened 11 months ago

binoclard commented 11 months ago

Bug description

I have encountered a weird thing with Roles and Author. I have made a description on this Discussion thread.

Basically, if an Author Field is imported alone as a Field, it works. But if the entire Fieldset is imported, it breaks something in the Permissions, and an User can not create or edit Entries, unless he has the complete list of Permission over a Collection.

# Fielset: enseignant_responsable.yaml
title: "Enseignant responsable"
fields:
  -
    handle: author
    field:
      max_items: 1
      mode: select
      display: 'Enseignant·e responsable de ce rapport'
      type: users
      icon: users
      default: current

 # Blueprint experimentation.yaml
  sidebar:
    display: Sidebar
    sections:
      -
        fields:
          -
            import: enseignant_responsable

 # Blueprint experimentation.yaml
  sidebar:
    display: Sidebar
    sections:
      -
        fields:
          -
            handle: author
            field:
              max_items: 1
              mode: select
              display: 'Enseignant·e responsable de ce rapport'
              type: users
              default: current

 # Blueprint experimentation.yaml
  sidebar:
    display: Sidebar
    sections:
      -
        fields:
          -
            handle: enseignant
            field: enseignant_responsable.author

How to reproduce

  1. Create a Role that does not allow to edit other's authors Entries:
 # roles.yaml
prof-experimentation:
  title: 'Prof Expérimentation'
  permissions:
    - 'view experimentation entries'
    - 'edit experimentation entries'
    - 'create experimentation entries'
    - 'delete experimentation entries'
    - 'publish experimentation entries'
    - 'reorder experimentation entries'
  1. Create a Fieldset:
# Fielset: enseignant_responsable.yaml
title: "Enseignant responsable"
fields:
  -
    handle: author
    field:
      max_items: 1
      mode: select
      display: 'Enseignant·e responsable de ce rapport'
      type: users
      default: current

  1. Import it in a Collection Blueprint: import: enseignant_responsable

  2. Try to create a new Entry. At this point, it should display an Undefined array key "author" error.

  3. (Weird side-effect: Add - 'edit other authors experimentation entries' to the role, and it works…). Remove and go to point 6

  4. Import the Field only, It should work:

    fields:
-
 handle: my_content_field
 field: enseignant_responsable.author

Logs

No response

Environment

Environment
Application Name: PPA&D Rapports de compétences
Laravel Version: 10.26.2
PHP Version: 8.2.9
Composer Version: 2.5.5
Environment: test
Debug Mode: ENABLED
URL: ppad-rapports.test
Maintenance Mode: OFF

Cache
Config: NOT CACHED
Events: NOT CACHED
Routes: NOT CACHED
Views: CACHED

Drivers
Broadcasting: log
Cache: statamic
Database: mysql
Logs: stack / daily, flare
Mail: smtp
Queue: sync
Session: file

Statamic
Addons: 1
Antlers: runtime
Stache Watcher: Enabled
Static Caching: Disabled
Version: 4.24.0 PRO

Statamic Addons
rias/statamic-data-import: 1.3.0

Installation

Fresh statamic/statamic site via CLI

Antlers Parser

runtime (new)

Additional details

No response

duncanmcclean commented 10 months ago

I've looked at this issue this afternoon and we probably need to make big some changes to how blueprints/fieldsets work under the hood to fix it properly so it's unlikely to be fixed in the short-term.

For now, as you've detailed, you can workaround the issue by adding the "Author" field directly to the blueprint or link the single fieldset field.