-
Bug
-
Resolution: Unresolved
-
Low
-
None
-
6.13.11
-
2
-
Severity 2 - Major
-
4
-
Summary
Applying restrictions to a draft causes it to show up in the Restricted Pages list of a space. The drafts are listed as pages there, which can be confirmed by clicking on the draft entry, it will load the draft in page view mode.
Steps to Reproduce
- Visit a space
- Click create and don't type anything to the draft
- Apply restrictions using the padlock
- Click close to save the draft
- Visit Space tools > Permissions > Restrictions
Expected Results
Drafts are not listed on that menu.
Actual Results
Drafts are listed as if they were published pages:
If the draft has no title, it is listed as #webwork.htmlEncode($content.displayTitle) instead of "Untitled".
Notes
This causes confusion as users may think there are corrupted pages on the system, whereas instead, those are just drafts that can have empty titles. Another problem is that this allows an easy "exploit" of the following bug, since clicking on the list item will load the draft as a page with /pages/viewpage.action?pageId=<DRAFTID>
This can then lead to other issues since the user can like, comment, and do other actions that aren't supposed to happen with a draft. That creates inconsistencies on the DB side that can cause issues later while trying to manipulate this object.
Workaround
Either remove the restrictions on such empty drafts or delete them using the following API call:
curl -vvv -S -u <USERNAME>:<PASSWORD> -X DELETE https://<CONFLUENCE-URL>/rest/api/content/<DRAFT-ID>?status=draft | python -mjson.tool
- is related to
-
-
- Closed
-
- mentioned in
-
Page Failed to load
| Form Name | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|