[#14310] - In the frontend editor ALL available categories and access levels are displayed - also those the user not has permission to see or use
- Closed
- 4 Apr 2017
- Medium
- Build: 3.6.5
- # 14310
Steps to reproduce the issue
Simply enable the standard front-end editor. Then try to create a new document.
Under the 'Publishing' tab and the 'Category' dropdown menu ALL available categories are displayed also those the user not has permission to see and or use. The same applies for the 'Access' level dropdown menu also under the 'Publishing' tab.
Expected result
Only the categories and accesslevels the user actual has permission to see and use should be displayed....
Actual result
Under the 'Publishing' tab and the 'Category' dropdown menu ALL available categories are displayed also those the user not has permission to see and or use. The same applies for the 'Access' level dropdown menu also under the 'Publishing' tab.
System information (as much as possible)
Standard newest updated Joomla. Seems to happen regardless of template used, and also regardless of if my T3 plugin is enabled or not and I think(!) also regardless of editor. Currently I use JCE.
Additional comments
This file is involved in returning the access levels (and more files after this one of course):
/var/www/joomla/libraries/joomla/form/fields/accesslevel.php
And this file is involved in returning the categories (and more files also of course):
/var/www/joomla/administrator/components/com_categories/models/fields/categoryedit.php
I'm confident I've configured the user, usergroups, categories and accesslevels correct regarding permissions, some extra info:
I have created one user. That user is is related to one and only one usergroup - only including that user. I've created one accesslevel related only to that particular usergroup and only that one. Further I've created one category given accesslevel to that particular accesslevel (and accordingly group and user). I've also checked the Category Permissions to be correct and and only given permissions for the right usergroup and blocked the other usergroups.
Thanks so much for your feedback, appreciated.
Regarding access-levels, access-levels are configured by 'User Groups Having Viewing Access' (i.e. by user groups), and currently I can't understand it is correct behavior that people e.g. in the front-end should be able to see and use those access levels they not are permitted to see and use(?!). I consider this to be an error , even though it may reflect lacking functionality, possibly in the core. I hope you or other people also will agree on this one.
Regarding categories in the front-end editor, are you sure you don't see all the available categories regardless of configuration? I'm not able to reproduce your behavior on my clean Joomla install. Looking e.g. into the file which is in use at least in my case:
/var/www/joomla/administrator/components/com_categories/models/fields/categoryedit.php
I can't see where the filtering of right categories are displayed to the right access levels/groups in the editor is performed. To me it seems as all the categories are returned to the user regardless of accesslevels/usergroups defined.
However, it may be something I've overlooked.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/14310.
| Status | New | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2017-04-04 12:17:27 |
| Closed_By | ⇒ | franz-wohlkoenig |
Set to "closed" on behalf of @franz-wohlkoenig by The JTracker Application at issues.joomla.org/joomla-cms/14310
@kevinkli closed cause your above comment. If you have still Issue, please reopen.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/14310.
Permissions set correctly for the category concerned works fine here on staging.
Concerning access levels: all of them will show in the dropdown and that is expected as its name indicates: they concern defining the access level and not limiting them to whatever as there is no parameter in core to limit their choice depending on the usergroup.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/14310.