[#12825] - [ACL] [com_menus item edit view] Correct check on new with "All Menu Items" selected
- Fixed in Code Base
- 13 Nov 2016
- Medium
- Build: staging
- # 12825
- Diff
- andrepereiradasilva:patch-34
- Success continuous-integration/drone the build was successful Details
- Success continuous-integration/travis-ci/pr The Travis CI build passed Details
- Success JTracker/HumanTestResults Human Test Results: 2 Successful 0 Failed. Details
User tests: Successful: Unsuccessful:
Summary of Changes
When we create a menu item without selecting a menu first, ie, we are in "All Menus Item" view and press New to create a new menu item, the core.edit.state ACL check is not correct because we don't have a menutype id.
So this PR makes it use com_menus asset in this case.
Testing Instructions
Mainly code review. But you can also:
- Use latest staging and apply patch
- Create a user in Administrator group
- Go to com_menus permissions and disable core.edit.state for Administrator
- Login with Administrator user
- Go to "All Menu items" view
- Click New for creating a new menu item and check the published field is disabled
Documentation Changes Required
None.
| Status | New | ⇒ | Pending |
joomla-cms-bot
- | Category | ⇒ | Administration Components |
| Title |
|
||||||
| Labels |
Added:
?
|
||||||
| Title |
|
||||||
| Title |
|
||||||
| Title |
|
||||||
don't understand your comment
The thing is in this case the core is making an ACL check like this:
JFactory::getUser()->authorise('core.edit.state', 'com_menus.menu.0');This is obvious wrong because you don't have never a menutype with id 0, so you don't have asset with that name.
ok, thanks!
I have tested this item
The correct asset of the correct menu is checked for existing menu items, and for new menu items when a menu is selected
e.g. 'com_menus.menu.6'
- so this is working correctly, as it was working before
For new menu item while we are at "All menus" (what this PR fixes)
the asset that is checked (for core.edit.state) is now 'com_menus'
- so this is fixed
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/12825.
I have tested this item
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/12825.
| Status | Pending | ⇒ | Ready to Commit |
RTC
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/12825.
roland-d
- | Milestone |
Added: |
||
| Status | Ready to Commit | ⇒ | Fixed in Code Base |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2016-11-13 06:17:56 |
| Closed_By | ⇒ | roland-d |
| Category | Administration Components | ⇒ | Administration com_menus Components |
But, even if the state is on "published" you have to specify: