Vulnerability in EPiServer.Forms
I'm trying to set up one of the default workflows, sequential approval, to do the following:
Now I have added editor and approver to the WebEditors group and the publisher is in the Administrators group. The workflow has the users approver and publisher in that order on the Start Parameters tab. On starting the workflow process the editor has the option to withdraw and edit, the approver has withdraw and edit (no approve option) and the publisher has the options reject and approve & publish.
Basically the approver cannot do anything except withdraw and edit and if I add publish rights they are able to publish the page which they shouldn't be able to do.
The documentation states:
The Sequential Approval workflow enables sequential approval in several steps. Here we have set up a scenario in which two individuals after each other have to check product pages that editors create. One checks that the prices are correct and the other checks the text and images. In this workflow, we have the option of setting which group or individual will approve the pages. When the last individual has given their approval, the page is published.
I'm sure that in the past I have seen the option to approve or reject for this scenario and I can't see where this option can be set. I'm sure that I just haven't configered this correctly so any pointers would be much appreciated.
Oh and another thing, if I reject a change there is no way option to send some feedback which I'm sure I have seen in the past as well.
Thanks Mark, we received your support ticket. We'll take a look.
I have the same issue. Any progress?