[J4] "Articles - Latest" admin module does not respect "edit own" permissions #36558
Description
Steps to reproduce the issue
- Create a user group "Test User Group".
- Create a user "Test User" and assign to "Test User Group".
- As a super user, navigate to the global configuration, and click permissions.
- Click "test user group" and ensure it can log in to administrator. Save.
- In the configuration, click on Articles, and click permissions.
- Select "Test User Group" and set "Access Administration Interface" and "Edit Own" to "Allowed", and ensure all other permissions are set to "Not Allowed", like so:
- Save.
- Go to content > administrator modules, and create a new module with type "Articles - Latest". Assign it to cpanel, set category to "any category", and set authors to "added or modified by me", like so:
- Save and close.
- Log in as Test User.
- Create a new article in any category and save it.
- Navigate to the home dashboard.
Expected result
The article is shown with a linked title so that the user can edit their own article:
Actual result
The title is not linked even though the user has permission to edit their own article:
System information (as much as possible)
Joomla 4.0.5
PHP 8
Additional comments
The title is only linked if the user group is given edit access to all articles:
The module helper seems to be trying to check the user permissions against the article ID, so something here must not be working right:
if ($user->authorise('core.edit', 'com_content.article.' . $item->id))
{
$item->link = Route::_('index.php?option=com_content&task=article.edit&id=' . $item->id);
}
(administrator/modules/mod_latest/src/Helper/LatestHelper.php lines 99-102)