Right now, there's just a global "edit" permission for com_users, meaning that if you want to allow someone to edit users, you also have to allow them to edit groups and view levels, which obviously isn't always wanted as a security implication in terms of ACL is associated to that.
We should split up the "com_users" ACL right into multiple rights, just like we do in the rest of the CMS:
Tasks:
JSST had an internal discussion about this topic, but as the current behavior is "by design" and any change would be a b/c break, we decided to open a ticket in the public tracker instead of handling it in a security release.
Labels |
Added:
?
|
Status | New | ⇒ | Discussion |
Category | ⇒ | ACL com_users |
Labels |
Added:
J4 Issue
|
or should this be closed?
@SniperSister any update?
Drowning in work so didn't had time to tackle that issue, but it's definitely on my todo list
Status | Discussion | ⇒ | New |
Build | master | ⇒ | 4.0-dev |
Category | ACL com_users | ⇒ | ACL com_users Feature Request |
Nice feature to add. @SniperSister
Thsi should probably be retagged for 4.1
Labels |
Added:
?
|
Labels |
Removed:
J4 Issue
|
Title |
|
Labels |
Removed:
?
?
|
Labels |
Removed:
?
?
|
Updated to retag (without a label at the moment) to revisit for 4.1
please add the new feature and j4 issue label
Labels |
Added:
?
J4 Issue
|
Is this something you will be contributing?