[#12765] - Some issues with ACL system
- Closed
- 26 Dec 2017
- Medium
- Build: master
- # 12765
Steps to reproduce the issue
As talked in #12069 there are some otimization that can be done in the ACL system
- Review ACL in installation files
- When creating new item don't hardcode the parent ACL rules. It should be empty
{}if no permissions are set. ACL system should inherits from parent so we should not hardcode the parent rules in the child. - The ACL between installation, saving an item editing an item should be consistent.
System information (as much as possible)
Latest staging
Additional comments
Some relevant parts of the ACL system:
- Rules form field: https://github.com/joomla/joomla-cms/blob/staging/libraries/joomla/form/fields/rules.php#L137
- AJAX rules save: https://github.com/joomla/joomla-cms/blob/staging/administrator/components/com_config/model/application.php#L400
- JTable asset Save: https://github.com/joomla/joomla-cms/blob/staging/libraries/joomla/table/table.php#L798
- JTableAsset: https://github.com/joomla/joomla-cms/blob/staging/libraries/joomla/table/asset.php
- JAccess libraries: https://github.com/joomla/joomla-cms/tree/staging/libraries/joomla/access
As discussed, @sanderpotjer please review if this is what is needed.
| Labels |
Added:
?
|
||
brianteeman
- | Category | ⇒ | ACL |
ok so for what i see, we need at leaset the following PR:
1. Review installation ACL sql
2. Review save permissions trough AJAX
3. Review save permissions when creating an item.
Also i noticed languages and ucm content create a strange ACL name with the db table name. IMHO that should be reviewed too in another PR (4.).
I am working on 2. and, if i have time, will try to work on 3. after.
Please do ping me when you make PR that changes core ACL stuff, like JAccess class and AJAX saving
sure thanks!
| Status | New | ⇒ | Confirmed |
| Status | Confirmed | ⇒ | Information Required |
If this Issue get no Response, it will be closed at 26th December 2017.
| Closed_By | franz-wohlkoenig | ⇒ | joomla-cms-bot |
| Status | Information Required | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2017-12-26 06:49:15 |
| Closed_By | ⇒ | franz-wohlkoenig |
Set to "closed" on behalf of @franz-wohlkoenig by The JTracker Application at issues.joomla.org/joomla-cms/12765
Closed as stated above.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/12765.
@andrepereiradasilva thanks, it indeed is a summary of what is needed. The only thing I would add is that only the actions relevant to the item are being stored in the database once just one of the actions is set for an item. So make sure the
core.admin,core.optionsandcore.manageare not stored when setting one of the actions for a category for example, as these actions only apply to the component section, not the category.