[#12445] - Restore edition for com_templates
- Closed
- 17 Oct 2016
- Medium
- Build: staging
- # 12445
- Diff
- hikashop-jerome:patch-3
- Success continuous-integration/drone the build was successful Details
- Success continuous-integration/travis-ci/pr The Travis CI build passed Details
User tests: Successful: Unsuccessful:
Summary of Changes
In the view, the buttons were just display to the super users ; but in the controller the checks where still made according to the access level and the "core.edit" on "com_templates".
To keep a cohesion between the view, the controller and the Joomla ACL system ; the button should be displayed in the view.
Testing Instructions
As a non super user account but with "admin" and "edit" ACL on "com_templates", go in the template manager.
The list of files won't be visible, the account will only see the "readonly" view.
Going further
In order to make a difference between the right to edit the template settings and the right to edit the template files ; it could be interesting to add a new entry in the access.xml file.
Thanks to that, in the controller, it would be possible to make the according checks and not authorize user to modify the files (or perform action like compiling the less).
Because even if the user cannot see the file content via the editor, he can still submit data to modify them.
Documentation Changes Required
None
| Status | New | ⇒ | Pending |
joomla-cms-bot
- | Labels |
Added:
?
|
||
| Category | ⇒ | Administration Components |
I am closing this as it is the expected behaviour
In order to make a difference between the right to edit the template settings and the right to edit the template files ; it could be interesting to add a new entry in the access.xml file.
this already exists ;)
| Status | Pending | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2016-10-17 13:14:40 |
| Closed_By | ⇒ | brianteeman |
I am quite sure it was an intentional decision to lock down that part to the super users only but in that case, the controller should be updated as well ; otherwise it could looks like a security issue.
FYI it was a very intentional decision to lock down this part of the template manager to super users only.