Users with view-only permissions can see (and click on) "create" buttons on home page

Question

Users with view-only permissions can see (and click on) "create" buttons on home page

Closed this issue 3 years ago · 1 comments

Describe the bug

If a user does not have permissions to "create" a new rights shell or grouping, they are still able to see the "create" buttons on the homepage. When that user clicks on one of the buttons, they are taken to a 403 error page.

To reproduce

Steps to reproduce the behavior:

Login as a user who is not part of the "edit" group
Go to the home page
Click on the "Create a new grouping" or "Create a new rights statement" page

Expected behavior

Users who cannot "create" new records should not be able to see the related buttons (or the related buttons can be disabled).

Error message or screenshots

Answer 1 · 2021-06-22T22:57:18.000Z

FYI, I think you can do this pretty easily with the has_group functionality.