[#18131] - Fix top-level category allowed to be selected for new / existing records, despite disallowed via ACL core.create
- Fixed in Code Base
- 30 Sep 2017
- Medium
- Build: staging
- # 18131
- Diff
- ggppdk:patch-46
- Pending continuous-integration/drone/pr this build is pending Details
User tests: Successful: Unsuccessful:
Pull Request for Issue #18027
Summary of Changes
The issue was introduced by PR #17383 , that PR modified option->level to be option->level - 1
but option->level is later compared to zero to exclude checking ROOT category aka level 0 from ACL checks, thus all top level categories that had level 1 now have level 0 thus they are excluded from ACL checks
Testing Instructions
See issue #18027
For the publisher usergroup, open any top level category and deny "create"
Login as publisher and try to create new article
Expected result
The top category should not be shown in category selector
Actual result
The descendants category are correctly excuded (due to heritage), but the category itself is allowed to be selected
Documentation Changes Required
None
@mbabker , maybe v3.8.1 milestone,
this is easy to review, since it reverts the specific change that introduced the issue
(but also fixes the padding issue that PR #17383 was fixing in safer way)
joomla-cms-bot
- | Category | ⇒ | Administration com_categories |
| Status | New | ⇒ | Pending |
| Title |
|
||||||
I have tested this item
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/18131.
| Status | Pending | ⇒ | Ready to Commit |
RTC after two successful tests.
mbabker
- | Status | Ready to Commit | ⇒ | Fixed in Code Base |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2017-09-30 14:46:34 |
| Closed_By | ⇒ | mbabker | |
| Labels |
Added:
?
|
||
I have tested this item✅ successfully on b9871ba
Patch ok for me
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/18131.