Workflow rights are not applied on the content edit page

Description

Steps

  • Add a (non-administrative) user in a group

  • Add a workflow and add it to a content type

  • Add a read right for the added group, but not a write right

  • Open a document with only read rights

  • Result: the user can write as well

  • Note: even removing the read rights allows the user the write (however the document disappears from the content navigator)

Environment

None

Deployment actions

Verify app/config/security.yml:

access_decision_manager:
strategy: unanimous

Technical tasks

None

Status

Assignee

Unassigned

Reporter

Marijn Otte

Client

Integrated Marijn

External issue ID

None

Follow up date

None

Code reviewer

Michael Jongman

Developer

Jeroen van Leeuwen

Plan date

None

Max. hours

None

Error message

None

Min. hours

None

Product owner

Marijn Otte

Refiner

None

Switches

None

Dev hour estimate

None

Story Points

2

Time tracking

8h 30m

Sprint

None

Fix versions

Due date

2017/05/19

Priority

Major
Configure