Hi Joe, I have an issue with blog security--a user reported that she can create blog posts, but is not able to edit previous posts.
In the blog's feature instance, in "Roles that can edit content," the main radio button is set to "Administrators, Content Administrators, and roles selected below are allowed". We have a custom security role that is checked here as well.
A user in that custom role can create blog posts, but is not able to edit existing blog posts.
I checked the page settings, and in the edit permissions, only the "Administrators, Content Administrators, and roles selected below are allowed" radio button is selected. I also tried adding the custom role to this permission list, but that didn't make any difference other than giving the user the ability to edit the page features, which is definitely not what we want.
I attempted to replicate this on demo.mojoportal.com, but it actually seems worse there: I created a new security role, then assigned a new user to that role, and granted the role the ability to edit content on the existing blog. When I sign in as the test user, the add post link isn't presented to the user at all. I'm not sure if there is an extra layer of security in demo that's interfering with this?
We're running 2.3.9.9 in production, but I just upgraded dev to the latest repository revision and still see the same behavior there.
Thanks,
Jamie