pimcore icon indicating copy to clipboard operation
pimcore copied to clipboard

Published 20 hours ago verified publisher icon pimcore

Grid edit: Permission denied to edit using grid even if the user has the save permission

Open pradeeppimcore opened this issue 1 year ago • 2 comments

Pimcore version

11.2.3

Steps to reproduce

  • Create a role who does not have publish permissions for products, but has save permission.
  • Login using a user of this role.
  • Open product grid and try to edit any attribute of a product.

Actual Behavior

User is not able to save the changes in the product data using grid edit. User gets the following screen.

image

Expected Behavior

As the user/role has the permission to save the product data, user/role should be able to save the product data changes from grid also as user can change the product data on the detail page.

It was notices that at the time of grid edit, system is checking for the 'publish' permission only and not the 'save' permission. Class Namespace: Pimcore\Bundle\AdminBundle\Controller\Admin\DataObject

image

This becomes a big problem when a product can only be published through workflow and no user can manually publish the product. In this case, because of the issue being reported, no user in system is able to use the grid edit feature. So, grid edit becomes useless.

pradeeppimcore avatar Jul 03 '24 10:07 pradeeppimcore

Right now, edits in the grid implicitly also publish the dataobject. that is, why it is checking the publish permission.

Would need to change the behavior and do an implicit saveVersion if user has save permission only.

fashxp avatar Jul 11 '24 06:07 fashxp

Thanks a lot for reporting the issue. We did not consider the issue as "Pimcore:Priority", "Pimcore:ToDo" or "Pimcore:Backlog", so we're not going to work on that anytime soon. Please create a pull request to fix the issue if this is a bug report. We'll then review it as quickly as possible. If you're interested in contributing a feature, please contact us first here before creating a pull request. We'll then decide whether we'd accept it or not. Thanks for your understanding.

github-actions[bot] avatar Jul 31 '24 07:07 github-actions[bot]

But if you select one or multiple objects in the grid and use the Batch Edit Selected you can save it, even if you don't have publish permissions. So this is actually doing the same thing but in another way and that is permitted with only the save permission. I agree it would be better to create only a new saved version but then this should work also for the batch options.

alexbaat avatar Oct 27 '25 16:10 alexbaat

this, I would consider as a bug then.

fashxp avatar Nov 03 '25 11:11 fashxp

see also https://github.com/pimcore/studio-ui-bundle/issues/2478

fashxp avatar Nov 03 '25 11:11 fashxp