[#10793] - [ACL] Improve panel, solve ajax problems and ACL bugs
- Fixed in Code Base
- 19 Jun 2016
- Medium
- Build: staging
- # 10793
- Diff
- andrepereiradasilva:improve-ajax-js-errors
- Success continuous-integration/travis-ci/pr The Travis CI build passed Details
- Success JTracker/HumanTestResults Human Test Results: 7 Successful 0 Failed. Details
User tests: Successful: Unsuccessful:
Pull Request for solving several ACL issues.
Summary of Changes
This PR makes several changes in the permissions panel and also replicate js improvements in sendtest mail in order to solves bugs and improve php/js code.
Bugs/Improvements
1: Ajax js errors (json parse, no content, http status error, etc) are not captched in permission.js
After this PR uses the same checks as sendtestmail.js that where now moved to core.js
2: Session token is not being checked in permission.js
After this PR the session token is checked.
3: Permision js ajax call is returned in html mimetype
After this PR the ajax call is returned in json mimetype.
4: Some messages returned by permission and sentestmail js ajax calls are returned in HTML format.
After this PR all messages are returned in Json.
5: The js messages in sendtestmail and permissions.js are not cleaned on change.
After this PR they are cleaned everytime you change.
6: Permission js uses a custom html message system
After this PR all message use the Joomla API message system.
7: A super user cannot remove super user permission from other groups that his not into.
After this PR this is possible.
8: When a super user permission is changed or a permission of a group with child groups is changed, the user is not informed that we needs to refresh the page to recalculate permissions.
After this PR the user is notified.
9: A user that is not Super User can change a Super User group permissions.
After this PR this is not possible.
10: A user that is not Super User can change change its own's groups ot it's parent permissions.
After this PR this is not possible.
11: We don't have calculate permissions column in com_config "Public" (root) group.
After this PR we have the calculated permission here too.
12: Changing a permission with "Not Allowed (Locked)" to "Allowed" or "Denied" changes it's calculate permission (it should stay at "Not Allowed (Locked)").
After this PR the calculated permissions always stays "Not Allowed (Locked)" in this cases.
13: If you change a "Inherited" permission with a calculated permission of "Not Allowed" to "Allowed" and then back to "Inherited", the calculated status is changed to "Allowed" (it should be "Not Allowed (Inherited)").
This PR solves that.
14: There are some "Conflict" messages when you have a parent group with "Denied" and some child group with "Allowed". This should be only "Not Allowed (Locked)"
This PR solves that.
There can be more bugs/improvements that i don't remember...
Scenarios
Calculated Permissions Scenarios
If only "Inherited" across the group tree or group in global config:
- "Inherited" -> "Not Allowed (Inherited)" (red).
- "Allowed" -> "Allowed" (green).
- "Denied" -> "Not Allowed" (red).
If any "Denied" across the group tree or group in global config:
- "Inherited" -> "Not Allowed (Locked)" (red with lock).
- "Allowed" -> "Not Allowed (Locked)" (red with lock).
- "Denied" -> "Not Allowed (Locked)" (red with lock).
If no "Denied" and a "Allowed" across the group tree or group in global config:
- "Inherited" -> "Allowed (Inherited)" (green).
- "Allowed" -> "Allowed" (green).
- "Denied" -> "Not Allowed" (red).
Special case: If group has super User permissions all values in that group and child groups should be "Allowed (Super User)" (green with lock).
Error/Notices Scenarios
Can't change permissions scenarios:
- Session token is not valid.
- Database query/update errors.
- Any error while checking or storing asset.
- Current user does not have permissions to change ACL for the component.
- Current user is Super User and is trying to remove his own Super User permissions.
- Current user is not Super User and is trying to change a Super User group permissions.
- Current user is not Super User and is trying to change its own's groups permissions.
- Current user is not Super User and is trying to change its own's groups parent permissions.
Ask user to reload the page scenarios:
- User changed permissions of a group with child groups.
- User changed group permissions to Super User.
Testing Instructions
- Use latest staging.
- Check all "Bugs/Improvements".
- Apply patch
- Go to global configuration
- Clean browser cache.
- Check all "Bugs/Improvements" are solved.
- Check all scenarios described in the "Scenarios".
- Do the tests two times. With your super user and other user with less permissions (easier if you open a session for that user in a private browser window).
| Status | New | ⇒ | Pending |
| Labels |
Added:
?
?
|
||
Please add permissions.min.js to delete in script.php
I have tested this item
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/10793.
| Category | ⇒ | ACL |
Why remove the min.js file?
Testing
- Super user cannot change it's own permission
✅ - Parent group has option set to Denied, Child is set to Denied the message is Not allowed (Inherited) but on page refresh it says Denied
???? - If a component has no entry in the asset table, storing a permission creates an invalid asset entry
???? 
- When I change a permission in a parent group I get this message:
Notice Permissions changed in a group with child groups. Save or reload to recalculate the child groups permissions.The message is OK, but every other change I make is causing the screen to jump up and down. Would be nicer if the screen wouldn't jump up and down.???? - The correct calculated value is returned for setting Allowed/Denied/Inherited
✅ - User cannot change the permission of it's parent or own group
✅ - User cannot change a super user permission
✅
Because Andre replaced it by an uncompressed.js one in this patch
I see, usually we have a minified version and a regular version as these are loaded as needed by Joomla depending on debug status. No worries, was just wondering.
Parent group has option set to Denied, Child is set to Denied the message is Not allowed (Inherited) but on page refresh it says Denied
????
I can't reproduce this (Tested on a single article): It remains on Not Allowed (inherited) here.
When I change a permission in a parent group I get this message: Notice Permissions changed in a group with child groups. Save or reload to recalculate the child groups permissions. The message is OK, but every other change I make is causing the screen to jump up and down. Would be nicer if the screen wouldn't jump up and down.
Agree, but I can live with it.
If a component has no entry in the asset table, storing a permission creates an invalid asset entry
???? invalid_asset_entry
To test this, I deleted all Permissions in com_banners, just left {}. I had no other asset for com_banners.
Then I edited the permissions of the banners component, forbidding create, delete, edit and edit state to Manager (group id 6) and gave some Allowed permissions for Configure ACL and Configure Options to Adminitrator (group id 7).
Then I saved, got the notice, and Not Allowed (Inherited) showing OK in children groups.
Looking at db, I get
A com_banners category which had no assets is now present in the assets table as
com_banners.category.3 with the correct parent_id
Parents and level look OK to me:
@infograf768 It doesn't have an s too much, I have done that on purpose. You misunderstood the test I did. The test is that if you install a component which has no entry (nothing) in the assets table, the entry will be created but incorrect. You tested an empty param column instead.
Agree, but I can live with it.
?
I can't. I find it very annoying.
I can't reproduce this (Tested on a single article)
I will test this again another time, let's see what others find.
This PR has received new commits.
CC: @infograf768
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/10793.
@roland-d thanks for testing.
4: When I change a permission in a parent group I get this message: Notice Permissions changed in a group with child groups. Save or reload to recalculate the child groups permissions. The message is OK, but every other change I make is causing the screen to jump up and down. Would be nicer if the screen wouldn't jump up and down.
?
Can be easily changed.
But please understand i made that to make sure the user always see the message (mobile for instance). Also remember you're testing and using a LOT of times. IMHO a regular user will not change it so many times.
I will check your other comments.
It's good I see the messages. Usually I don't see them at all in my screen
size
This PR has received new commits.
CC: @infograf768
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/10793.
Parent group has option set to Denied, Child is set to Denied the message is Not allowed (Inherited) but on page refresh it says Denied
?
Solved.
Also solved another bug. When parent group is set to denied and a child group is Suer user before last commit the calculated permission was "Not Allowed (Inhreited)" (it should be Allowed "(Super User)").
This PR has received new commits.
CC: @infograf768
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/10793.
This PR has received new commits.
CC: @infograf768
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/10793.
@roland-d
Before last changes from @andrepereiradasilva (which I will test now), I have no issue when installing new component.
Exemple with patchtester
@andrepereiradasilva Yes, this already happens before this patch.
@infograf768 I didn't say I have the issue but was thinking in case you have an issue with your asset table.
Parent group has option set to Denied, Child is set to Denied the message is Not allowed (Inherited) but on page refresh it says Denied
? Solved.
That WAS working before. I now systematically get Not Allowed (inherited)
Also solved another bug. When parent group is set to denied and a child group is Suer user before last commit the calculated permission was "Not Allowed (Inhreited)" (it should be Allowed "(Super User)").
OK here.
That WAS working before. I now systematically get Not Allowed (inherited)
And that is how it's supposed to be right?
If any "Denied" across the group tree:
"Inherited" -> "Not Allowed (Inherited)" (red with lock).
"Allowed" -> "Not Allowed (Inherited)" (red with lock).
"Denied" -> "Not Allowed (Inherited)" (red with lock).
(see PR introduction)
@andrepereiradasilva Yes, this already happens before this patch.
@roland-d i have no solution for that. I propose to not put a solution for taht in this PR and solve it in another PR.
I have tested this item
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/10793.
@andrepereiradasilva No problem to put it in another PR. I won't be a common issue but yet still a bug.
@andrepereiradasilva Can you please fix the merge conflicts?
| Milestone |
Added: |
||
Also remember you're testing and using a LOT of times. IMHO a regular user will not change it so many times.
Yes, I understand that but even doing 2 or 3 changes it jumps. Would be nice if we could just replace the content as it is.
I have tested this item
I have checked all the permissions before and after. After applying the patch all the ACL changes are as expected.
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/10793.
| Status | Pending | ⇒ | Ready to Commit |
| Labels | |||
| Milestone |
Removed: |
||
Setting to RTC as we have 2 succesful tests
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/10793.
| Labels |
Added:
?
|
||
@andrepereiradasilva there are merge conflicts.
This PR has received new commits.
CC: @infograf768, @roland-d
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/10793.
I have tested this item
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/10793.
This PR has received new commits.
CC: @infograf768, @rishiv3, @roland-d
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/10793.
This PR has received new commits.
CC: @infograf768, @rishiv3, @roland-d
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/10793.
@roland-d @infograf768 i added a temporary (or not) debug system.
Please enable debug. And check if everything is ok.
This PR has received new commits.
CC: @infograf768, @rishiv3, @roland-d
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/10793.
This PR has received new commits.
CC: @infograf768, @rishiv3, @roland-d
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/10793.
This PR has received new commits.
CC: @infograf768, @rishiv3, @roland-d
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/10793.
This PR has received new commits.
CC: @infograf768, @rishiv3, @roland-d
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/10793.
This PR has received new commits.
CC: @infograf768, @rishiv3, @roland-d
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/10793.
This PR has received new commits.
CC: @infograf768, @rishiv3, @roland-d
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/10793.
This PR has received new commits.
CC: @infograf768, @rishiv3, @roland-d
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/10793.
This PR has received new commits.
CC: @infograf768, @rishiv3, @roland-d
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/10793.
This PR has received new commits.
CC: @infograf768, @rishiv3, @roland-d
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/10793.
I did the final testing once more and all looks good, all issues I found before are solved.
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/10793.
I have tested this item
tested again and everything looks good.
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/10793.
@zero-24 it is already in RTC.
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/10793.
If you guys @zero-24 and @gunjanpatel could test this as well it would be appreciated. It will be good to have some extra tests.
Final testing done here. All looks real fine! Thanks @andrepereiradasilva and @roland-d
This PR has received new commits.
CC: @infograf768, @rishiv3, @roland-d
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/10793.
@infograf768 done as requested.
It's a small change, just changed the message string and the comment as request from JM.
See 5d72352
| Category | ACL | ⇒ | ACL Language & Strings |
| Labels | |||
| Labels | |||
This PR has received new commits.
CC: @infograf768, @rishiv3, @roland-d
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/10793.
This PR has received new commits.
CC: @infograf768, @rishiv3, @roland-d
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/10793.
folks, just language and comments changes as @brianteeman requested. no need to retest.
I have tested this item
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/10793.
I have tested this item
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/10793.
I have tested this item
Everything's ok here even if already RTC - Thanks all
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/10793.
Just one note, you don't need the permissions JS file with all 3 variations here. It should either be .js and .min.js or -uncompressed.js and .js. I honestly don't think JHtml's loader can cope with that correctly.
there are only the normal and the uncompressed in this PR. (the .min.js was removed).
to follow the same logic of other js files in this folder.
See https://github.com/joomla/joomla-cms/tree/staging/media/system/js/
That's what I get for looking at the diff on mobile.
is ok. some problem with your mobile them
| Milestone |
Added: |
||
| Status | Ready to Commit | ⇒ | Fixed in Code Base |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2016-06-19 19:55:21 |
| Closed_By | ⇒ | wilsonge |
Thanks @andrepereiradasilva and also thanks to @infograf768 and @roland-d who I know also put a lot of work into this!
| Labels |
Removed:
?
|
||
thanks you all! for testing and helping to solve this issues.
I have tested this item
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/10793.
This is great work but I have found 2 issues
1 is serious (and was introduced by this PR), custom forms that do not have a form field named "title", can no longer save ACL permissions via AJAX, shall i open a new issue ?
custom forms that do not have a form field named "title" can no longer save ACL permissions via AJAX
what is the ajax URL? post parameters?
Also are you sure it was introduced by this PR?
But please open an issue.
pinging @infograf768 @roland-d