Reader role is able to do a submission. Is this intend? Is there a setting to prevent it?

Describe the issue or problem

Reader role is able to do a submission.
I want to check if this is correct behavior? Also I want to know when I can read about roles and authorization and if we can somehow change it in our system, because if Reader role can do a submission by default we want to prevent that.

I found an old discussion, not sure what is the currently status:

Steps I took leading up to the issue
For example:

  1. Register as reader. Validate your email. User is enable and marked as a reader
  2. Login into the journal
  3. Go to the dashboard
  4. Click in Back to New Submission
  5. Fulfill the form to Submit
  6. Save and the submission was perfomend

What application are you using?

OS platform: Linux
PHP version: 8.1.28
Apache version: Apache
Database driver: mysql
Database server version: 5.5.68-MariaDB

Hi @gkuhn,

Thanks for your post. I tested this and see what you mean. I flagged this with our developers and am waiting on hearing back from them.

PKP Team

Hi @gkuhn,

Reporting back. Our developers had this to say:

It’s intentional, as the linked thread says. We used to require users to have an Author role in order to submit something. it was necessary to go to your profile and self-register as an Author before you’d be able to find a “create a new submission” button.

However, existing readers of the journal who later wanted to make submissions got lost and confused. It wasn’t clear they had to self-register as Authors first. So we removed the restriction.

I hope that makes things clear?

PKP Team

Hello Roger,

Thank you for make it clear.

Any patch or workaround we can apply if we want to prevent it in our system?