Joomla! Issue Tracker | Joomla! CMS #19601 - "Link unauthorized" setting = "Use article settings" not respected

Closed
11 Mar 2020
Medium
Build: staging
# 19601

danpdanp
7 Feb 2018

Steps to reproduce the issue

Articles -> Properties: "Link not authorized" = "No".
In the default menu item (articles in evidence of all categories): "Link not authorized" = "Use article settings".
Article Options: "Link not authorized" = "No" and "Access" = "Super users"

Expected result

The article is visible in Home Page only to "super users"

Actual result

The article is visible in Home Page to everyone (Public)

System information (as much as possible)

PHP attivo su | Linux web-lnx23.ergonet.host 3.10.0-327.36.3.el7.x86_64 #1 SMP Mon Oct 24 16:09:20 UTC 2016 x86_64
Versione database | 5.5.5-10.1.18-MariaDB
Collation database | utf8_general_ci
Collation connessione database | utf8mb4_general_ci
Versione PHP | 7.0.8
Web Server | Apache
WebServer interfaccia PHP | cgi-fcgi
Versione di Joomla! | Joomla! 3.8.5 Stable [ Amani ] 6-February-2018 15:00 GMT
Versione piattaforma Joomla! | Joomla Platform 13.1.0 Stable [ Curiosity ] 24-Apr-2013 00:00 GMT
User Agent | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36

Additional comments

The behavior returns to "normal" if the "Link unauthorized" setting of the pre-defined menu item is set to "No".
Alreadyproblem already known and solved in the past (#18413).

danpdanp - open - 7 Feb 2018

joomla-cms-bot - change - 7 Feb 2018

Labels

Added: ?

joomla-cms-bot - labeled - 7 Feb 2018

franz-wohlkoenig - change - 7 Feb 2018

Category

⇒

ACL com_content

ggppdk - comment - 7 Feb 2018

The issue was not fixed even for that case

The PR #18417 that was supposed to fix it, was wrong, just appears to work

You see $params already includes

component parameters
that are overriden by menu parameters

Moreover that PR was wrong for 2 reasons

The fix worked via a sideffect, by looking if we have disabled show unauthorized at component level, and then doing access filtering at SQL query, thus the setting of "show unauthorized links" with value "use article" is just ignored, since the articles are already filtered at the SQL query
If component setting for "Show unathorized links" is ON then all items are included, but then $params['access.view'] is not being set using the --combination-- of article's setting of 'show unathorized' and according to it access level

Propably this is a correct interpretation of the menu having 'Use article setting' for 'Show unauthorized links'

Include all items regardless of their access level, because we do not yet know what is the value of "show unauthorized links" in every article
After the set of items is loaded and the parameter "show unauthorized links" is known for every article, then it can then be combined with article's access level to set
$item->params->set('access-view', ...);
and then layout will decide

Looking at this more, the per article parameter 'access-view' is already set properly,
thus

either the layout needs to check the per article parameter 'show_noauth' and skip article if needed
or this skipping must be done inside the model after the SQL query that retrieves articles data
or deciding to remove the option 'use_article' for 'show unauthorized links' ('show_noauth'), since anyway it never worked properly

franz-wohlkoenig - change - 8 Feb 2018

Status

New

⇒

Discussion

brianteeman - labeled - 25 Mar 2018

jwaisner - change - 11 Mar 2020

Status

Discussion

⇒

Information Required

joomla-cms-bot - unlabeled - 11 Mar 2020

jwaisner - comment - 11 Mar 2020

Closing. Please see PR #21407

jwaisner - change - 11 Mar 2020

Status	Information Required	⇒	Closed
Closed_Date	0000-00-00 00:00:00	⇒	2020-03-11 19:44:46
Closed_By		⇒	jwaisner

jwaisner - close - 11 Mar 2020

Add a Comment

Older
Newer

Joomla! Issue Tracker - CMS

[#19601] - "Link unauthorized" setting = "Use article settings" not respected