Core: Applying the "reply to discussions" permission to a tag may break the "lock" mode

Created on 30 Jul 2019  路  3Comments  路  Source: flarum/core

Bug Report

Current Behavior
If you have a tag where you explicitly set that users can reply to discussions, users may be able to reply to discussions that are locked.

Steps to Reproduce

  1. Log in as an admin
  2. Create a new "restriction by tag" for any tag (X) in the Permissions admin page
  3. Set the permission that allows users to reply to discussions with tag X
  4. Create a new discussion with tag X and lock it
  5. Disable and re-enable the lock extension (this is required to reproduce the issue)
  6. Log in as a regular user
  7. Try to reply to the created discussion in tag X and succeed

Expected Behavior
Users should not be able to reply to discussions that are locked (unless they have the "canLock" permission).

Screenshots

Admin view:

immagine

User view:

immagine

Environment
Reproduced on beta.flarum.site and nightly.flarum.site.

critical typbug
Source
picture matteocontrini

All 3 comments

This will be fixed with the policy rewrite I'm working on right now.

askvortsov1 picture askvortsov1 on 6 Mar 2020
👍1

Hello, is there a chance to have this fixed for the next beta? It's the only issue marked as "critical" (EDIT: currently) but it's been almost a year since it's been reported... Thanks 馃槂

matteocontrini picture matteocontrini on 25 May 2020

I think this issue is more complicated than it seems. We've discussed multiple ways on fixing it, and the policy refactor PR may fix it.

datitisev picture datitisev on 25 May 2020
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

franzliedke picture franzliedke  路  4Comments
tobyzerner picture tobyzerner  路  5Comments
datitisev picture datitisev  路  3Comments
Ralkage picture Ralkage  路  3Comments
jordanjay29 picture jordanjay29  路  3Comments