Can role-based permissions be overridden at the page blueprint level?

Hello! I am working through some page-based permissions and have run into an issue that seems to have contradictory statements floating around.

Which statement is TRUE?

In the permissions guide page it says (emphasis added):

You can keep all permissions in the role files, but you can also overwrite them individually per page, file, user or the site in the corresponding blueprints. Those specific permission settings will always override the role settings.

In my testing @texnixe appears to be correct. If create: false is set on the editor.yml user blueprint and create: true set on the page blueprint which I want to allow the editor to be able to create a page for, the editor still cannot add a page.

So the workaround is to edit every page blueprint to enable only a limited set of permissions (in this case, setting create: true on a single blueprint and create: false on a every other blueprint).

Could we clarify this (and update the docs)? Thanks!

What the docs say it how it should be, what I wrote in that thread is how it actually works or rather doesn’t work. I consider the current behavior a bug.

Thanks for confirming.

Looks like an issue going back 5 years or more. Is feedback.getkirby.com the best mechanism to file a bug report?

Worth noting that this (might?) be isolated to the create option. If I set i.e. delete: false at the role blueprint but delete: true at the page blueprint the page blueprint is respected, which seems like the intended (and logical) behaviour. duplicate, move, and sort also work as intended.

No, feedback.getkirby.com is for feature requests. Bug reports are best filed as issue on GitHub: GitHub · Where software is built