WProofreader does not respect its permission to administer its config

Hi @xamount

The "Administer the CKEditor 5 WProofreader configuration" applies to the main config form - /admin/config/ckeditor5-premium-features/wproofreader

The settings form available directly in the editor is not affecting whole site. Those settings are stored in the browser's local storage, so if you log in to another user's account on the same browser then indeed it will retain the changes made on first user's account.
If you log in on another browser or icognito mode then the settings will be again defaults.
We can do an additional permission to disallow personal configuration (I'm not 100% sure if we can do it for whole form), however for us it doesn't look like a major bug.

Ah I see thanks for the explanation. Yes you might be right about the local browser cache. Lowering the priority to Normal then.

I guess what's needed here is a drupal permission to disallow users from being able to access the settings area when they click on the wproofreader text checker button. Is this possible?

In my case, spell checking is mandatory and I do not want to allow site editors to be able to enable/disable it. I wrote a hook_form_alter to block the node edit form from saving if there are wproofreader detected errors. If site editors can then disable the wproofreader, then it defeats the purpose of the hook_form_alter validation check.

Here is a patch that adds 4 new permissions for each section in the plugin settings menu (dictionary, language, general and ignore).
When user does not have access to any of sections, the settings menu won't be available at all.
Additionally the local settings storage will be disabled for sections that are not available for user and default settings will apply. The default settings can be adjusted at /admin/config/ckeditor5-premium-features/wproofreader

When this update will be released, we'll most probably set the hook_update to enable permissions by default for sites that already have module installed (so there won't be unexpected loss of functionality). In such case we'll provide info about that here before release of the feature.

Thanks @salmonek

I create an issue fork that includes your patch and also:

- fixed a few typos
- fixed a php deprecation notice.

I tested and everything works for far, but the main request of this ticket is still missing which is to disable to "toggle" functionality.

Ok, pushed an update with additional permission.
Thank you for the fixes.

I tested the patch and I can see the new config and it's working.

I realised that with this patch, 2 specific functionalities have gone missing. I have highlighted them in the screenshot below.

The one on the left "Ignore all" is most important. Without this, a user cannot manually ignore a word.

Additionally, the "add to dictionary" button is missing.

@xamount

I've restored those actions and pushed to the working branch.
Ignore all and add to dictionary options are dependent on ignore/dictionary permissions.
Today we've released a 1.2.9 verion, but it doesn't yet contain changes for this ticket, so patch still needed for now.

Thank you so much! @salmonek

I tested the latest MR in 1.2.8 and 1.2.9 and all works as expected now.

I'll use the patch until this is merged. Do you know the ETA on 1.3.0?

@xamount today we have released 1.3.0 with updated permissions configuration for WProofreader
We had additional feedback from WebSpellChecker LLC mostly about spelling, but also about which quick actions (available bottom part of spellcheck in window) should depend on permissions.

Automatically closed - issue fixed for 2 weeks with no activity.