[#17603] - Custom admin menus do not show links to category lists unless the user is Super User
- Closed
- 19 Aug 2017
- Medium
- Build: staging
- # 17603
Steps to reproduce the issue
Installed fresh copy of J3.7.5 with sample data
Create a new user and add them to the Manager user group
Create a new admin menu
Item 1: menu item type - menu heading
Item 2: menu item type - list all articles, and set it have parent Item 1
Item 3: menu item type - list all categories, component is articles, set it have parent Item 1
Item 4: menu item type - list all categories, component is users, set it to have parent Item 1
Create a module for the menu and set the position to Menu and access to Special
You should be able to now see this menu logged in as Super User with three items in it.
Log in as your new user.
The admin menu you created should be shown but will only have one item in it - Item 1 (Item 1 is to ensure that the menu is shown.)
It doesn't matter what permissions you give to this user they will never see Item 2 which is Article Categories.
They can however see the Content menu and access Categories from there, so we know this user has the correct permission and this can be verified by looking at the permissions report.
Expected result
User should be able to see category list menu items if they have the correct permissions, so a user who is a Manager should be able to see menu Item 1 and Item 2
Actual result
Can't see these menu items
System information (as much as possible)
Tested on fresh install and other current sites
Additional comments
Categories do not have their own ACL as they get this from the component they are attached to.
The problem is in the ModMenuHelper file, as it tries to check com_categories against core.manage which always fails.
Instead we should be checking permissions for the asset type eg. com_content.category (or maybe even just on the component)
Fixed in attached file
I have tested this fix for all the core components and a number of both my own and commercial ones without any problems and menu items 2 & 3 are shown.
As expected Item 4 will not be shown because Managers do not have permissions to view user note categories.
helper.php.zip
| Labels |
Added:
?
|
||
| Category | ⇒ | com_menus |
| Status | New | ⇒ | Information Required |
This patch no longer applies as the said helper class has been modified in staging.
Now we have 'element' attribute in preset xml for this purpose.
About the custom db driven menu items I'll come back after checking.
just tested and problem is still present in j3.8beta2
in fact the problem is worse because all category links even on the standard menu disappear for a user logged in as Manager - look at the entries under the Content menu and Categories is missing.
Seems to be a problem with administrator/modules/mod_menu/menu.php on line 261 leading on to failed access check in libraries/src/Access/Access.php on line 568 we eventually get to: no asset found for com_categories falling back to root.
So code has changed but again same problem because we are not checking on the asset type
I have the patch ready will PR tomorrow when on desk. Please bear with me.
Thanks.
| Status | Information Required | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2017-08-19 07:14:21 |
| Closed_By | ⇒ | franz-wohlkoenig |
| Closed_Date | 2017-08-19 07:14:21 | ⇒ | 2017-08-19 07:14:22 |
| Closed_By | franz-wohlkoenig | ⇒ | joomla-cms-bot |
closed as havin Pull Request #17613
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/17603.
Set to "closed" on behalf of @franz-wohlkoenig by The JTracker Application at issues.joomla.org/joomla-cms/17603
tested out your new code - categories and fields links now work as expected.
Control Panel is also missing both in the standard admin menu and custom admin menu.
@heleneross please comment at Pull Request #17613 and mark your Test successfully/unsuccessfully at Issue Tracker.
@izharaazmi
can you look into this proposed solution?