It is possible to see and use "Publishing Channel" modal with only "view-only" access to a channel

[jonboiser]

Observed behavior

I went to this channel for which I am not an editor, but was still able to see the Publishing Modal and could even click it.

Expected behavior

Non-editors with view-only access should not see the modal and/or the stop button.

User-facing consequences

non-editors can see and possibly access publishing functionality they should not have.

Additional information

I observed this using my Administrator-level account. I did not try to check on this with a non-admin account.

I did not try to interact with the modal, so was not able to see if I had permissions on the backend to cancel the publishing task, etc.

Steps to reproduce the issue

1. Get someone with a channel you are not an editor of to publish a new version
2. Before the publishing task finishes, you go and view the channel edit link for that channel
3. You should see the publishing modal

[radinamatic]

As commented in the linked PR, when I'm signed in with my Studio admin-level account, I now seem to be able to open, edit and publish channels to which I supposedly have just view-only permissions, and I can't see the View-only label in the upper right corner on any of them, the usual PUBLISH button. No modal appears while channels are published by another edit-permissions-holding user.

When signed in as non-admin Studio accounts: View-only label visible, no modal while the channel is published by another edit-permissions-holding user.