Admin UI elements do not reflect read/write access rights
Steps to reproduce
Steps to reproduce:
1. With an admin user, create an event with the following ACLs
ROLE_ANONYMOUS read access
2. Create a (non-admin) user and assign that user all available UI roles
3. Click on the details-button in the "Actions"-tab and browse, e.g. to the metadata Tab
All fields are editable, the changes, however, are not stored when closing the details view. There are no indications of failure in the UI. The log outputs errors, when trying to edit something, please refer to err_log.txt (ADMIN-URL replaces the URL of our admin node).
Event details should only be editable, if the respective user has write access and possesses the respective ROLE_UI_EVENTS_DETAILS_***_EDIT role.
Workaround (if any):
Similar problems arise with the remove-button in the Actions-Tab. However, the UI gives some feedback here ("Task could not be created"). Also possibly with the "tasks"-dropdown, although some tasks might not require write access.
I set priority to 'Minor' since, as far as I can tell, the (non-privileged) user cannot do real damage in the use cases mentioned above. It's mainly just confusing to the user.
Whoever fixes this, please see the minor discussion on as well.