[#15467] - [Tags] Respect the current user access levels
- Closed
- 21 May 2017
- Medium
- Build: staging
- Easy Test
- # 15467
- Diff
- zero-24:tags_access
User tests: Successful: Unsuccessful:
Pull Request for Issue #8569
Summary of Changes
Respect the access levels
Testing Instructions
Create a TAG in the Tags component, set the access to Super Users
Login in as a manager or another user not in Super User group
Create new article and select Tags
Expected result
The tag with view access Super Users is not visible (for non superusers)
Actual result
All tags visible, regardless of access set in Tag component (for non superusers)
Documentation Changes Required
None
| Status | New | ⇒ | Pending |
joomla-cms-bot
- | Category | ⇒ | Libraries |
hmm correct this is a issue how do you suggest to fix this? Doing some expensive save the current value compare that with the new value and ignore changes which the current user has no permissions to change?
As such a handling needs to be implemented in any extension that has tags support implemented
I have tested this item
Tag havin Access "Super Users" isn't shown in Article-View if logged-in as "Manager" (not Member of User-Group "Super Users").
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/15467.
| Easy | No | ⇒ | Yes |
| Category | Libraries | ⇒ | ACL com_tags Libraries |
I have tested this item
Created a new tag with access to Super Users, created a manager user and logged in as that user, created a new article, checked the tags and the tag with view access Super Users was not visible as expected.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/15467.
| Status | Pending | ⇒ | Ready to Commit |
RTC after two successful tests.
@franz-wohlkoenig @rjcf18 did you also check the issue that @mbabker noted?
I mean:
This needs to be tested to ensure there is no data loss during the save processes if a user with a higher level access sets some tags, then a user with lower level access edits the item later.
So this means:
- Super User adds a article with super user tags (tags who can only be added by a super user)
- admin (that can't access that superuser tags) open and save the article.
- The Super User checks if the "superuser tags" are gone or not.
Ah ok I see. Then Ill test that as well as soon as I can.
I have tested this item
Super-User-Tag is gone after a Non-Super-User saved an Article having a Super-User-Tag.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/15467.
I have tested this item
Super-User-Tag is gone after a Non-Super-User saved an Article having a Super-User-Tag.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/15467.
I have tested this item
@zero-24 I've verified and after opening and saving an article with a super user tag as a non super user the tag was indeed gone from the article when it was reopened later.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/15467.
rdeutz
- | Status | Ready to Commit | ⇒ | Pending |
Closing here based on the unsuccessfull tests above.
| Status | Pending | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2017-05-21 18:35:03 |
| Closed_By | ⇒ | zero-24 |
| Category | Libraries ACL com_tags | ⇒ | Libraries ACL |
This needs to be tested to ensure there is no data loss during the save processes if a user with a higher level access sets some tags, then a user with lower level access edits the item later.