Pull Request for New Feature.

Summary of Changes

previous discussion of several approaches that led to this solution:

• https://issues.joomla.org/tracker/joomla-cms/19473
• https://issues.joomla.org/tracker/joomla-cms/19996

Summary of Changes

This RFC proposes to extend the configuration of com_fields to better control the displaying of Fields on (component edit / create) Forms. This functionality will greatly extend the use cases for com_fields (and therefore for Joomla!) in ‘real-life’ implementations.

In this PR, #19884 is 'cherry picked' (currently in staging) as this is a required bug fix for com_fields.

Current Limitations

This RFC proposes to extend the configuration of com_fields to better control the displaying of Fields on (component edit / create) Forms. This functionality will greatly extend the use cases for com_fields in ‘real-life’ implementations.

Use Case com_fields and com_content:

I run a large blog site where the blogs are ‘enriched’ with custom fields to add credits, opengraph image / title / description, twitter card image / title / description to the blogs. The access to these field values must be set to public in order for visitors / facebook / twitter etc. to ‘see’ the given values.

These filling of these fields must be limited to the publisher role to avoid mis usage and to comply to site standards (for images).

The fields should be invisible to authors in order to avoid ‘support calls’: what are these fields for, why cannot I edit them, etc.

With the current configuration settings this is not possible:

• Setting the Access to publisher will prevent the fields from displaying on the article editing / creation form, but will also only display the values set in these fields to publisher only: public / guest will not see the values set.
• using show on administrator will partly work, but the publishers need to be able to login via the back-end. The show on parameter is ACL independent (simple toggle). Publishers do not have access to the back-end but need access to these fields via the front-end.
• setting the ACL to only allow publishers to Edit Custom Field Value, will display the fields on everybody’s article edit / creation form (including authors) as read-only except for the groups that have the correct permissions. This will clutter the article edit / creation form with a lot of read-only fields with the possibility that in the long list of fields some fields are read-only and some are editable.

Use Case com_fields and com_users:

I run a membership site where users subscribe to a service. Depending on their subscription, values can be set in their user profile via com_fields. The amount of fields for all subscriptions total up to 50 fields.

The values set in these fields should be visible on the front-end (via a special view that reads the user’s set value (via com_fields api)), the access to these fields must be set to public in order for public and guests to see the values for a specific user.

Specific fields should only be visible on the user profile edit form for the groups the user is member of and where these fields should be assigned to.

• Setting access to a field to the specific group that the fields belongs to does not work as this will also make the values set in these fields inaccessible to public. The values can only be seen by the users that have group membership the field access is set to
• using show on administrator will now work, because it is a generic toggle that is independent of group ACL membership: They are either all shown or all invisible. Furthermore no users have access to the back-end.
• Setting the ACL to only have specific user groups Edit Custom Field Value rights will display all fields on the user profile edit form: most read-only and some where values can be set. Only the fields where values can be set should be shown on the user edit profile form.

Furthermore: because the fields access is set to public, when a new user registers on the site, all (!) 50 fields are shown in the registration form as read-only, where the registering user needs to scroll down past all the read-only fields to reach the actual register button. Only the fields that are necessary in the form should be displayed.

Proposed Change

The current limitation lies in the fact that the access field is used for both the form AND for the values.

I propose to extend com_fields with an additional parameter: Display on Forms

The Display on Forms setting holds the group that a user needs to be member of in order to be able to see the field on the form.

The Display on Forms setting can be set on field level AND on group level, making the maintenance of large field sets easier as not every field needs to be modified when the Display on Forms setting value changes (can be set on fields group level).

Use Case com_fields and com_content:

With the proposed change, the following configuration can be set for the com_content fields:

1. Access = Public (as the values set need to be displayed to visitors)
2. Show on: both (as the fields should be BOTH editable via the back-end AND front-end)
3. ACL permission: set Edit Custom Field Value permission to publisher (only members of the publisher acl can set and edit the field values)
4. (proposed setting) Display on Forms: set to publisher (only publishers will have the fields on the article edit / creation form.

Users that do not have sufficient Access rights to edit the fields will also not see these fields on the article edit / creation form. This will make the edit / create form very UX friendly as only relevant fields are displayed on the form!

Use Case com_fields and com_users:

With the proposed change, the following configuration can be set for the com_users fields:

1. Access = Public (as the values set need to be displayed to visitors)
2. Config setting Show on: both (as the fields should be BOTH editable via the back-end AND front-end)
3. ACL permission: set Edit Custom Field Value permission to public (only members of the public acl can set and edit the field values)
4. (proposed config setting) Display on Forms: set to ‘subscription group’ (only subscribers to the ‘subscription group’ will have the fields on their user profile edit form.

The benefit here is that users that do not have sufficient Access rights to edit the fields will also not see these fields on their user profile edit form. This will make the edit form very UX friendly as only relevant fields are displayed on the form!

Testing Instructions

Test Case: com_users

1. in com_users create a fields group:

• title: user details
• permissions: Edit Custom Field Value > public > allowed
• Display on Forms (new field): Public

2. in Com_users create 3 new fields:

• title: address, type text, Display on Forms: registered, field group: user details
• title: town, type text, Display on Forms: registered, field group: user details
• title: country, type: text, Display on Forms: public, field group: user details

3. In the front-end: register a new user account
   Without this PR: fields address, town and country are visible on registration form
   With this PR: only field country is visible on registration form
4. In the front-end: login with user account en edit user profile
   all fields: address, town, country are visible
5. In back-end:change com_user field town > Display on Forms = Author
6. In the front-end: login with user account and edit user profile
   Fields: address and country are visible, town is not visible for this user
7. change user group access to author, login with this user and edit user profile:
   all fields: address, town, country are visible

Test Case: com_content

1. in com_user: create Viewing Access Levels for Author and Publisher
2. in com_content create a fields group:

• title: Blog info
• permissions: Edit Custom Field Value > Author > allowed
• Display on Forms (new field): Author

3. in com_content create 3 new fields:

• title: opengraph image, type: media, Display on Forms: publisher, field group: Blog info
• title: opengraph description, type: editor, Display on Forms: publisher, field group: Blog info
• title: credits, type: editor, Display on Forms: publisher + author, field group: Blog info

4. Login on the front-end with a user account with author (no editor/ publisher etc.) rights and edit an article created by this user
   Without this PR, a tab Blog Info will be shown with all fields on it
   With this PR, a tab Blog Info will be shown with only the field 'Credits' shown
5. In the back-end change the group for the user to publisher
6. Repeat step 4
   A tab Blog info is shown with all three fields on it.

Expected result

in italics described above

Actual result

Fields are always displayed write or read-only

Documentation Changes Required

yes, com_fields gets new configuration field

EDIT: changed test instruction