Admin Articles View - Execute transition button permissions fixed (joomla#39490)

* Admin Articles View - Transition button fixed

* fixed drone claim

---------

Author: carlitorweb

administrator/components/com_content/src/View/Articles/HtmlView.php

@@ -190,7 +190,7 @@ protected function addToolbar()
 
             $childBar = $dropdown->getChildToolbar();
 
-            if (\count($this->transitions)) {
+            if ($canDo->get('core.execute.transition') && \count($this->transitions)) {
                 $childBar->separatorButton('transition-headline')
                     ->text('COM_CONTENT_RUN_TRANSITIONS')
                     ->buttonClass('text-center py-2 h3');

administrator/components/com_content/tmpl/articles/default.php

@@ -152,23 +152,39 @@
                               endif; ?>>
                         <?php foreach ($this->items as $i => $item) :
                             $item->max_ordering = 0;
-                            $canEdit          = $user->authorise('core.edit', 'com_content.article.' . $item->id);
-                            $canCheckin       = $user->authorise('core.manage', 'com_checkin') || $item->checked_out == $userId || is_null($item->checked_out);
-                            $canEditOwn       = $user->authorise('core.edit.own', 'com_content.article.' . $item->id) && $item->created_by == $userId;
-                            $canChange        = $user->authorise('core.edit.state', 'com_content.article.' . $item->id) && $canCheckin;
-                            $canEditCat       = $user->authorise('core.edit', 'com_content.category.' . $item->catid);
-                            $canEditOwnCat    = $user->authorise('core.edit.own', 'com_content.category.' . $item->catid) && $item->category_uid == $userId;
-                            $canEditParCat    = $user->authorise('core.edit', 'com_content.category.' . $item->parent_category_id);
-                            $canEditOwnParCat = $user->authorise('core.edit.own', 'com_content.category.' . $item->parent_category_id) && $item->parent_category_uid == $userId;
+                            $canEdit              = $user->authorise('core.edit', 'com_content.article.' . $item->id);
+                            $canCheckin           = $user->authorise('core.manage', 'com_checkin') || $item->checked_out == $userId || is_null($item->checked_out);
+                            $canEditOwn           = $user->authorise('core.edit.own', 'com_content.article.' . $item->id) && $item->created_by == $userId;
+                            $canChange            = $user->authorise('core.edit.state', 'com_content.article.' . $item->id) && $canCheckin;
+                            $canExecuteTransition = $user->authorise('core.execute.transition', 'com_content.article.' . $item->id);
+                            $canEditCat           = $user->authorise('core.edit', 'com_content.category.' . $item->catid);
+                            $canEditOwnCat        = $user->authorise('core.edit.own', 'com_content.category.' . $item->catid) && $item->category_uid == $userId;
+                            $canEditParCat        = $user->authorise('core.edit', 'com_content.category.' . $item->parent_category_id);
+                            $canEditOwnParCat     = $user->authorise('core.edit.own', 'com_content.category.' . $item->parent_category_id) && $item->parent_category_uid == $userId;
 
-                            $transitions = ContentHelper::filterTransitions($this->transitions, (int) $item->stage_id, (int) $item->workflow_id);
+                            // Transition button options
+                            $options = [
+                                'title' => Text::_($item->stage_title),
+                                'tip_content' => Text::sprintf('JWORKFLOW', Text::_($item->workflow_title)),
+                                'id' => 'workflow-' . $item->id,
+                                'task' => 'articles.runTransition',
+                                'disabled' => !$canExecuteTransition,
+                            ];
 
-                            $transition_ids = ArrayHelper::getColumn($transitions, 'value');
-                            $transition_ids = ArrayHelper::toInteger($transition_ids);
+                            if ($canExecuteTransition) {
+                                $transitions = ContentHelper::filterTransitions($this->transitions, (int) $item->stage_id, (int) $item->workflow_id);
+
+                                $transition_ids = ArrayHelper::getColumn($transitions, 'value');
+                                $transition_ids = ArrayHelper::toInteger($transition_ids);
+
+                                $dataTransitionsAttribute = 'data-transitions="' . implode(',', $transition_ids) . '"';
+
+                                $options = array_merge($options, ['transitions' => $transitions]);
+                            }
 
                             ?>
                             <tr class="row<?php echo $i % 2; ?>" data-draggable-group="<?php echo $item->catid; ?>"
-                                data-transitions="<?php echo implode(',', $transition_ids); ?>"
+                                <?php echo $dataTransitionsAttribute ?? '' ?>
                             >
                                 <td class="text-center">
                                     <?php echo HTMLHelper::_('grid.id', $i, $item->id, false, 'cid', 'cb', $item->title); ?>
@@ -192,14 +208,6 @@
                                 <?php if ($workflow_enabled) : ?>
                                 <td class="article-stage text-center">
                                     <?php
-                                    $options = [
-                                    'transitions' => $transitions,
-                                    'title' => Text::_($item->stage_title),
-                                    'tip_content' => Text::sprintf('JWORKFLOW', Text::_($item->workflow_title)),
-                                    'id' => 'workflow-' . $item->id,
-                                    'task' => 'articles.runTransition'
-                                    ];
-
                                     echo (new TransitionButton($options))
                                     ->render(0, $i);
                                     ?>