Joomla! Issue Tracker - CMS

Download
Launch
Feeling Lucky

[#12785] - Regression J3.7. Access inheritance broken on non core actions

?
avatar Fedik
Fedik
6 Nov 2016

Steps to reproduce the issue

To demonstrate the problem try to edit administrator/components/com_content/access.xml
In section <section name="article"> add custom rule:
<action name="com_content.foobar" title="foobar" description="foobar" />
so it looks like:

<section name="article">
 <action name="core.delete" title="JACTION_DELETE" description="COM_CONTENT_ACCESS_DELETE_DESC" />
 <action name="core.edit" title="JACTION_EDIT" description="COM_CONTENT_ACCESS_EDIT_DESC" />
 <action name="core.edit.state" title="JACTION_EDITSTATE" description="COM_CONTENT_ACCESS_EDITSTATE_DESC" />
 <action name="com_content.foobar" title="foobar" description="foobar" />
</section>

Then edit the article, and set for Public group foobar action to allowed and Save:
screen 2016-11-06 16 40 44 854x256

Then check access for Guest group.

Expected result

Access for foobar rule inherit and allowed
screen 2016-11-06 16 43 16 854x256

Actual result

Access for foobar rule inherit and NOT allowed
screen 2016-11-06 16 45 10 854x256

System information (as much as possible)

Joomla staging. php 7.0.8

Additional comments

It do not affect core extension, but can make huge problem for 3rd extension which use custom actions.
All works fine on Joomla! 3.6.4
I think it somehow related to #12028 , because JAccess::getAssetRules return different result between J3.6 and J3.7

avatar Fedik Fedik - open - 6 Nov 2016
avatar joomla-cms-bot joomla-cms-bot - change - 6 Nov 2016
Labels Added: ?
avatar Fedik Fedik - edited - 6 Nov 2016
avatar Fedik Fedik - change - 6 Nov 2016
The description was changed
avatar Fedik Fedik - edited - 6 Nov 2016
avatar Fedik Fedik - change - 6 Nov 2016
The description was changed
avatar Fedik Fedik - edited - 6 Nov 2016
avatar Fedik Fedik - change - 6 Nov 2016
Title
Regression. Access inheritance broken on non core actions
Regression J3.7. Access inheritance broken on non core actions
avatar Fedik Fedik - change - 6 Nov 2016
Title
Regression. Access inheritance broken on non core actions
Regression J3.7. Access inheritance broken on non core actions
avatar Fedik Fedik - edited - 6 Nov 2016
avatar Fedik Fedik - change - 6 Nov 2016
The description was changed
avatar Fedik Fedik - edited - 6 Nov 2016
avatar zero-24
zero-24 - comment - 6 Nov 2016

@andrepereiradasilva can you take a look into this?

avatar zero-24 zero-24 - change - 6 Nov 2016
Labels Added: ?
avatar Fedik Fedik - change - 6 Nov 2016
The description was changed
avatar Fedik Fedik - edited - 6 Nov 2016
avatar Fedik Fedik - edited - 6 Nov 2016
avatar Fedik
Fedik - comment - 6 Nov 2016

ok, it also affect com_module for module.edit.frontend action.

Try set for any module, for "Manager" group "Frontend Editing" => "allowed" , save
and check "Administrator" group, "Frontend Editing" should be Inherited (Allowed) but it Inherited (NOT Allowed)

avatar andrepereiradasilva
andrepereiradasilva - comment - 6 Nov 2016

@Fedik will check if this

UPDATE: confirmed that is different from 3.6.4 and this actaully also happens to other core rules. checking the issue...

avatar andrepereiradasilva
andrepereiradasilva - comment - 6 Nov 2016

ok so i found the issue, now i have to solve it and do A LOT of tests ...

avatar andrepereiradasilva
andrepereiradasilva - comment - 7 Nov 2016

please check #12809

avatar Fedik
Fedik - comment - 7 Nov 2016

@andrepereiradasilva thanks! I try to test it this evening

avatar Fedik Fedik - change - 7 Nov 2016
Status New Closed
Closed_Date 0000-00-00 00:00:00 2016-11-07 12:26:07
Closed_By Fedik
avatar Fedik Fedik - close - 7 Nov 2016
avatar zero-24 zero-24 - change - 16 Oct 2017
Labels Removed: ?
avatar zero-24 zero-24 - unlabeled - 16 Oct 2017

Add a Comment

Login with GitHub to post a comment