Staff Permission vanishes #241
Comments
arbrandes
added
the
bug
|
@ichintanjoshi, has this been reproduced on |
|
@arbrandes sorry I forgot to add those details, No I haven't tested it on This was done on |
|
Tutor certainly does work with master, but you have to install its |
|
Hi @arbrandes yes this also gets reproduced in master |
|
Hi, @arbrandes |
|
This was fixed as part of a security fix. Please see https://discuss.openedx.org/t/upcoming-security-fix-for-edx-platform-on-2024-05-17/13004/2 for the post and details linked off of it. |
Description
If a user has
staffpermission in django admin (different compared to studio staff or course staff permission). And they visit the studio and go to any course that is not created by them, after that if they go to Content dropdown -> Pages & Resources they'll get an error and their staff permission in django admin vanishes.Step To Reproduce
Go to Studio as Admin
Create a course
Sign up as new user in incognito tab
Back to admin user, activate the user and give staff permission
Go back to incognito tab with new user signed in and go to studio
Select the course created by studio
Click on "Content" Dropdown
Click on "Pages & Resources"
It'll show an error
Back to admin user and check the user in admin panel, we see that staff permission is gone.
(NOTE:- This issue will not occur if the user is present in the system and has staff permission already, it only occurs for users who are not present at the time of course creation or do not have staff permission at the time of creation)
Expected Result
Newly created users with staff permission should be able to see the page like following
Workaround
Specs
This issue is raised after enquiring in slack about where to raise the issue. This issue is raised as a result of discussion on
this thread. Please let me know if this is not the correct place for creating the issue.
The text was updated successfully, but these errors were encountered: