08 Jun 2012
14 Jan 2011
Link to this post
When trying to tighten the security to appropriate level (author only gives go-ahead, without editing anything), I found two problems (by using two step authorization). First one is critical/serious level of bug (as there ain't possibility to create a pure authorization user), the latter is more of an inconvenience.
- authors are not allowed to author the pages (the pages menu shows
up, but all pages are gray.. although group pages can be clicked - which probably is a bug of it's own). This
despite adding view and edit rights to pages. The only way to be able to
allow authors to actually authorize the draft to go to next step is to
add authors into editors-group.
- In two step workflow, there is no publisher class created. This means that it has to be manually entered, including all necessary permissions (which in their own are an issue in this case).
The way to recreate this bug is simple, albeit bit long:
-create new project
-complete the setup and then go to settings -> workflows
-create 2 step authorization for pages
-give the rights to first step for authors
- (check for confirmation that there ain't specific user group to add for second phase, fixing requires creating such a group or just using admins or specific users instead)
-create 2 new users (1 who only belongs to author and 1 who belongs to editors)
-sign out as admin and back in as editor
-create new group page and a normal page underneath it & send the latter for approval
-sign out as editor and sign back in as author
-go to pages menu to notice the new pages are both gray
-clicking the normal page does nothing, clicking group page brings up it's options
-hence the authors can't authorize the page for next step
(to fix.. sign out as author and get back in as admin, add the author user also to editors, then sign back into system as the author and now you can authorize the draft to go to next page.. so far I have not been able to come up with any rights that would have granted possibility for author to go to authorize the page, even trying giving all possible rights without adding the editors-role)