Workflow rights are not applied on the content edit page

Description

Steps

Add a (non-administrative) user in a group
Add a workflow and add it to a content type
Add a read right for the added group, but not a write right
Open a document with only read rights
Result: the user can write as well
Note: even removing the read rights allows the user the write (however the document disappears from the content navigator)

Technical tasks

None

Deployment actions

Verify app/config/security.yml:

access_decision_manager:
strategy: unanimous

Status

Assignee

Unassigned

Reporter

Marijn Otte

Labels

time-estimate-accepted

Product owner

Marijn Otte

Plan date

None

Follow up date

None

Code reviewer

Michael Jongman

Developer

Jeroen van Leeuwen

Refiner

None

Dev hour estimate

None

Max. hours

None

External issue ID

None

Error message

None

Min. hours

None

Story Points

Time tracking

8h 30m

Sprint

None

Fix versions

integrated-0.7

Due date

2017/05/19

Priority

Major

Configure