[MAGNOLIA-3399] ACL has no way to restrict editor from being publisher and vice versa Created: 22/Nov/10  Updated: 25/Nov/10  Resolved: 25/Nov/10

Status: Closed
Project: Magnolia
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Critical
Reporter: Chetan Assignee: Boris Kraft
Resolution: Not an issue Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:

 Description   

1) deny access ACL to /modules/adminInterface/commands should make user not able to activate/ deactivate page, from bottom tool bar buttons and on page link right click menus.
2) There should be some ACL to restrict editor role from changing URL, page name, creation of new page, etc it should only add content/data to pages and should not be able to publish it or create new page.

Basically there is no way to restrict editor from being publisher and vice versa



 Comments   
Comment by Chetan [ 22/Nov/10 ]

Hope issue is clear enough . We should provide some moderation for editors before publishing page on public instance and editors should not be able to directly publish page but should ask publisher to do it for him after moderating his content.

Comment by Boris Kraft [ 25/Nov/10 ]

Use workflow.

Comment by Boris Kraft [ 25/Nov/10 ]

While I agree it would be nice to have even more fine-tuned control. e.g. not allowing an editor to change the name of a page, you can work around this by creating your own user interface to edit content, e.g. use the data module to write articles, then use the website module to assemble the content. Give your authors access to the data module only and that solves your problem.

Generated at Mon Feb 12 03:46:06 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.