[MAGNOLIA-2156] Editors can delete content (direct activation) Created: 28/May/08 Updated: 01/Dec/10 Resolved: 15/Nov/10 |
|
| Status: | Closed |
| Project: | Magnolia |
| Component/s: | activation |
| Affects Version/s: | 3.5.4 |
| Fix Version/s: | 4.4 |
| Type: | Improvement | Priority: | Major |
| Reporter: | Olivier Marti | Assignee: | Jan Haderka |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||||||||||
| Template: |
|
||||||||||||||||||||||||||||
| Acceptance criteria: |
Empty
|
||||||||||||||||||||||||||||
| Task DoD: |
[ ]*
Doc/release notes changes? Comment present?
[ ]*
Downstream builds green?
[ ]*
Solution information and context easily available?
[ ]*
Tests
[ ]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
||||||||||||||||||||||||||||
| Date of First Response: | |||||||||||||||||||||||||||||
| Description |
|
In a setup where approvers must approve changes (trough workflow) on the website before going live (activated to the public instance) it's bad behavior if Editors can delete content and this get's activated immediately. So and ACL possibilty to prevent user from deleting content and only allowing them to edit/view content would be great. |
| Comments |
| Comment by Arjan van Bentem [ 12/Jul/10 ] |
|
Also: 1- Wouldn't this actually require some DeactivationFlowCommand (like the existing info.magnolia.module.workflow.commands.ActivationFlowCommand)? 2- This does not seem to use the superuser account to delete the content. If the user who is trying to delete the content does not exist on the public instance, then a 401 is shown in the log file. For "normal" activation using workflow, it seems that superuser is used to do the actual activation (even if someone who is not superuser has approved and proceeded the workflow)? 3- As the version history is shown by right-clicking a node, there's no (easy?) way to see who has deleted the content when that node no longer exists, and hence cannot be right-clicked to show the history either. (I don't know if the version history is kept elsewhere, or is gone when a node is deleted. Enabling audit logging might at least give some clue about what happened.) |
| Comment by Jan Haderka [ 15/Nov/10 ] |
|
Fixed by changes made for |