- Issue created by @pietror91
There is a fairly impactful security bug.
Users who do not have the "moderator" role can approve any translation in any language.
A malicious user could cause serious damage to the translations.
1) Use a user who does not have the "moderator" role
2) From the list of a specific language, identify a translation that has not yet been approved
3) Using the browser's "inspect" tool, remove the disabled attribute from the related option and check the box
4) Save
In this way, even if the user does not have the "moderator" role, they will still be able to approve translations.
Apply a backend check as well to verify the role of the user approving a translation.
Active
2.0
User interface