TOPIC: restricted user can publish to any category
restricted user can publish to any category
1 year ago #426
Hi, don't know if its by design or a flaw.
In my site I created a special user group with registred as parent and no more abilities. I have opened up it a little by giving permission to create/edit/delete/publish articles into two categories. It works well in normal circumstances.
I decided to try out your app. I liked it but I realised that this special user group was able to post to any category from Joooid. Then I had to disable the plugin.
Maybe I missed a setting?
Running Joomla 2.5.4 with Joooid 1.4 component for Joomla 1.6/1.7 and Joooid 1.4 on Samsung Galaxy S2
Now permissions are fixed (rel. 2.0), but some testing is needed.
If a user can create/edit/delete an article just in some categories, he'll be able to do it just in those categories.
Now a user can browse only categories on which he's privileges on create,edit,edit state, delete articles.
So if you are editing an article on which you have edit state permission (so you can publish and unpubslih it) and you cannot edit its content, if you modify some text, you'll have an error.
Also, if you try to edit the state (publish, unpubslih, trash) of an article of which you haven't such permission, an error is raised.
Please make some testing on your own to check if it's working as intended and thank you for pointing it.