User tests: Successful: Unsuccessful:
Pull Request for Issue #8569
Part of this code is by @zero-24 from PR: #15467
Tag selector respects the user's view levels
while at the same time it maintains the existing values
Please read issue #8569 to know more
Note 1: I have not tested this PR (yet)
Note 2: This PR does not include server side validation of the view access levels (yet, you can suggest place to save me some time, i can do when i get time for it)
Create a TAG in the Tags component, set the access to Super Users
Login in as a manager or another user not in Super User group
Create new article and select Tags
The tag with view access Super Users is not visible (for non superusers)
All tags visible, regardless of access set in Tag component (for non superusers)
New protected method prepareValues() added to class JFormFieldTag
Status | New | ⇒ | Pending |
Category | ⇒ | Libraries |
Labels |
Added:
?
|
The notion of a super user doesn't exist in the view access levels (weirdly enough). So I wouldn't suggest a patch that forces that ACL config into an incompatible system, and if we're going to make such a change it needs to be looked at as a bigger picture review of the whole system.
this exists in joomla as explained. check this links:
That's bypassing the view access level configuration completely. My statement still stands, the notion of a super user doesn't exist in this part of Joomla. Since viewing access levels is not part of the ACL system, the only way to get a "super user should view all tags in any view acess level, even if super user is not in that view acess level" type of behavior is to use the ACL system to determine if viewing access level filters should be bypassed.
The system design has to be changed. Either a "super user" element has to be added to the view access level configuration somehow, or JAccess::getAuthorisedViewLevels()
needs to account for users in the super user ACL group when it is fetching the data. Anything else is a bypass and/or hack of the system internals.
don't understand much of joomla internals to know best way to do.
just think is a bug a super user create a tag (or category in the other issue) and not able to choose it.
also seem similer problem to other groups if you create a article with tag (or category in the other PR) with acess "Guest" and edit that article later with another group "Administrator" - when you try to save the tag (or category in the other issue) disapeears on save!
Agreed, but what you suggest cannot be done in this PR.
You're right. The only way around this issue right now is to continue to patch core with the view access level bypass/hack that is so liberally used in place of someone trying to address the core design flaw. To meet the user expectation that a super user should have all access to all the things, JAccess::getAuthorisedViewLevels()
must be changed so that it always returns all of the access levels when it is being checked for a super user. Anything short of that continues to sweep the issue under the rug in hopes that nobody ever moves the rug and finds it.
I have tested this item
Super-User-Tag is gone after a Non-Super-User saved an Article having a Super-User-Tag (Comment of @mbabker)
hhmm it seems my code to check and keep existing values is incomplete, i will test and update this PR
It has been seven months since the last update stating that an update was coming. As that hasnt happened I am closing this. It can always be re-opened if updated
Status | Pending | ⇒ | Closed |
Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2018-01-04 22:17:21 |
Closed_By | ⇒ | brianteeman |
hi, please consider a super user should view all tags in any view acess level, even if super user is not in that view acess level.
check this: in joomla 3.7.1 install + this code, create a tag with guest acess level, then try to assign that tag in a article as a super user and save - not saved! - similer issue in categories described in #15960 (comment)