From 3990453ebd4693c0c2e74a6274432fe48285db46 Mon Sep 17 00:00:00 2001
From: Brandon Kelly <brandon@pixelandtonic.com>
Date: Sun, 2 Feb 2020 08:45:15 -0800
Subject: [PATCH] Don't show the Duplicate action for users w/out create
 permission

Fixes #5566
---
 CHANGELOG-v3.md        | 1 +
 src/elements/Entry.php | 5 ++++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG-v3.md b/CHANGELOG-v3.md
index fdf06d65d98..36e2e54c943 100644
--- a/CHANGELOG-v3.md
+++ b/CHANGELOG-v3.md
@@ -7,6 +7,7 @@
 
 ### Fixed
 - Fixed a bug where the `update` command was backing up the database twice.
+- Fixed a bug where the “Duplicate” element action was available for users who didn’t have permission to create new entries in the section. ([#5566](https://github.com/craftcms/cms/issues/5566))
 
 ## 3.4.2 - 2019-01-31
 
diff --git a/src/elements/Entry.php b/src/elements/Entry.php
index 04c7d0618fb..50e06ae3279 100644
--- a/src/elements/Entry.php
+++ b/src/elements/Entry.php
@@ -377,7 +377,10 @@ protected static function defineActions(string $source = null): array
                 }
 
                 // Duplicate
-                if ($userSession->checkPermission('publishEntries:' . $section->uid)) {
+                if (
+                    $userSession->checkPermission('createEntries:' . $section->uid) &&
+                    $userSession->checkPermission('publishEntries:' . $section->uid)
+                ) {
                     $actions[] = Duplicate::class;
 
                     if ($section->type === Section::TYPE_STRUCTURE && $section->maxLevels != 1) {