[#12934] - Disallow certain usergroups from editing and changing states of Article Categories (while maintaining ability to create, edit and change state of Articles)
- Closed
- 12 Mar 2020
- Medium
- Build: master
- # 12934
Steps to reproduce the issue
Any ACL settings that have a result to prevent editing categories, creating new categories, deleting categories, or changing the state of categories, also have the undesired side-effect of preventing this action on Articles. Therefore, there is no way to lock down Categories while still allowing all these actions to occur on Articles in the back end administrator.
Expected result and more information.
ACL settings that allow you to set access permissions for categories that remain separate from the ACL permissions on Article managing and creation. In other words, allow articles to be created, deleted, edited, or their states changed, but deny categories to be created, deleted, edited or their states changed. As it stands now, you can't allow one without the other also being allowed. More fine control is needed.
Thank you.
Votes
@tonypartridge , it is original issue describes.
Now regarding the suggestion / request of this issue,
adding extra ACL to have different ACL control for categories, that is rules e.g. like:
core.create.cat
core.edit.cat
core.delete.cat
core.edit.state.cat
will be rarely useful, thus not worth adding ?, and is a probably a B/C break
- what is really missing and can be common enough to care to add (e.g. ">1%" of sites)
is to disallow access to the categories, while allowing access to the articles / records
thus what is missing an extra "Access Categories Admin Interface" (or similarly called)
e.g. named:
core.manage.cat
Just to give some background:
- Com_categories doesn't have an own ACL. It's always handled by com_content (for articles and its categories).
- The articles inherit their permissions from categories which inherit from component settings.
Yep your actually right. I thought I recalled it, the joys of being on my phone.
Surely we should have category ACL control it shouldn't be too hard to add? For instance, you might want users to manage certain categories and sub categories.
There is ACL for the categories, but not handled by com_categories. Each category has its own permission field. It is no problem to let a usergroup handle only a subset of categories. But since there is no distinction in the actions, you can only set "create" to allow or deny and it will apply to both articles and categories within a given category.
If we want to make that distinction, we would have to add new actions like @ggppdk wrote.
I believe like it was suggested earlier an appropriate fix would be to have an ACL option that would control Categories Admin Acess. Without access to the admin panel of Categories the other actions would not be possible. And the issue would be solved.
| Category | ACL | ⇒ | ACL Feature Request |
Has there been any updates on a feature or modification related to this?
Thank you
franz-wohlkoenig
- | Status | New | ⇒ | Confirmed |
| Status | Confirmed | ⇒ | Discussion |
| Status | Discussion | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2020-03-12 20:32:13 |
| Closed_By | ⇒ | jwaisner |
| Closed_By | jwaisner | ⇒ | joomla-cms-bot |
| Status | Closed | ⇒ | Discussion |
Set to "closed" on behalf of @jwaisner by The JTracker Application at issues.joomla.org/joomla-cms/12934
Closing as features are not available for J3. Please review J4 to see if this feature would apply and if so please open an item for J4.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/12934.
Closing as features are not available for J3. Please review J4 to see if this feature would apply and if so please open an item for J4.
Thats the wrong reason to close a feature request, but this can be closed because iirc acl doesn't affects articles anylonger in j4 because they are workflow based now.
Unless I am very much mistaken the issue will still be present in J4
Hello,
To confirm you tried applying the ACL options in thecom_categories component? Since these ACL settings shouldn't have any effect on the Articles as they are handled by com_content.