[MAGNOLIA-2156] Editors can delete content (direct activation) Created: 28/May/08  Updated: 01/Dec/10  Resolved: 15/Nov/10

Status: Closed
Project: Magnolia
Component/s: activation
Affects Version/s: 3.5.4
Fix Version/s: 4.4

Type: Improvement Priority: Major
Reporter: Olivier Marti Assignee: Jan Haderka
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
dependency
depends upon MAGNOLIA-3335 Mixin information is not persisted du... Closed
duplicate
is duplicated by MAGNOLIA-2251 Deletion should not de-activate immed... Closed
relation
is related to MAGNOLIA-3250 Content deleted from authoring instan... Closed
is related to MAGNOLIA-2864 Deactivating content before deleting,... Closed
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Date of First Response:

 Description   

In a setup where approvers must approve changes (trough workflow) on the website before going live (activated to the public instance) it's bad behavior if Editors can delete content and this get's activated immediately.

So and ACL possibilty to prevent user from deleting content and only allowing them to edit/view content would be great.
Or, at least, in general prevent them from activating content.



 Comments   
Comment by Arjan van Bentem [ 12/Jul/10 ]

Also:

1- Wouldn't this actually require some DeactivationFlowCommand (like the existing info.magnolia.module.workflow.commands.ActivationFlowCommand)?

2- This does not seem to use the superuser account to delete the content. If the user who is trying to delete the content does not exist on the public instance, then a 401 is shown in the log file. For "normal" activation using workflow, it seems that superuser is used to do the actual activation (even if someone who is not superuser has approved and proceeded the workflow)?

3- As the version history is shown by right-clicking a node, there's no (easy?) way to see who has deleted the content when that node no longer exists, and hence cannot be right-clicked to show the history either. (I don't know if the version history is kept elsewhere, or is gone when a node is deleted. Enabling audit logging might at least give some clue about what happened.)

Comment by Jan Haderka [ 15/Nov/10 ]

Fixed by changes made for MAGNOLIA-2251

Generated at Mon Feb 12 03:33:57 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.