Download & Extend
editablefields » Issues

Edit own content permission not applied?

Posted by pushka on January 2, 2012 at 6:52pm
Project:editablefields
Version:7.x-1.x-dev
Component:Code
Category:bug report
Priority:major
Assigned:Unassigned
Status:active

Issue Summary

I'm not sure the node permissions are being applied to editable fields?

Example:

For content type article, authenticated user role only has permission to edit own content. Content type article has an editable field.

User A creates an article node. User B can view the node and edit the field, even though he can't edit the node.

Login or register to post comments

Comments

#1

Posted by mr.h on January 8, 2012 at 2:55am
Priority:normal» major

This is bad. I can also edit other user profiles

#2

Posted by thechanceg on January 10, 2012 at 11:54pm

It doesn't look like it has any kind of permissions check. I can actually edit content without being logged in?!

#3

Posted by q2_faith on March 8, 2012 at 9:22am

+1

#4

Posted by johnv on April 14, 2012 at 3:06pm

Does this help?
#1344634: Editing fields without update access (D7)

nobody click here