Even unauthorized user permitted to unpublish nodes if there is an options set in view.

here is an example
http://dstock.peremoga.biz/?q=diamondlist

Comments

infojunkie’s picture

infojunkie
Location Vancouver
commented
Assigned: Unassigned » infojunkie
Status: Active » Closed (works as designed)

As far as I can tell, actions have no permissions associated with them. It seems to be up to the modules and pages to control access to actions. Therefore, it is expected that if you expose a view to anonymous users that contains certain actions, they will be able to perform these actions.