User tests: Successful: Unsuccessful:
Version: Joomla! 3.x
In #6113, the permission check for editing a module in frontend was checked from "return error if user is not allowed to edit this module OR if user is not allowed to edit any module" to "return error if user is not allowed to edit this module AND if user is not allowed to edit any module". The intention was to allow users to edit a single module even if they are lacking the general permission to edit modules in frontend.
However, this introduces a problem for the inverse case: A user that generally may edit frontend modules, but should not be allowed to edit one particular module. For this case, the "OR" construction worked and the "AND" doesn't.
I suggest to get rid of the check of the general permission. If there are no permission rules for the particular module, Joomla's ACL has an automatic fallback to the general permissions for frontend module editing. So I don't see any need to check both rules. Please correct me if I'm mistaken!
For the frontend steps, you need a user who is no "Super Administrator", but in another user group, for example "Administrator". For the backend steps, use your "Super Administrator" account or at least an account who has the permissions to edit permissions.
Although you shouldn't be allowed to do this, you can edit the module in step 8.
Step 8 should result in a "You are not allowed to view this resource" error. All other steps should still work like before (e.g. follow the ACL permissions).
None
Status | New | ⇒ | Pending |
Category | ⇒ | Front End com_config |
Labels |
Added:
?
|
I rebased it and the tests passed. Thank you!
I have tested this item
Perfect test instructions!
I have tested this item
Phew :-) Thanks for your instructions!
Status | Pending | ⇒ | Ready to Commit |
RTC
Status | Ready to Commit | ⇒ | Fixed in Code Base |
Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2020-10-30 12:48:32 |
Closed_By | ⇒ | rdeutz | |
Labels |
Added:
?
|
@Harmageddon Could you merge latest staging of the cms repo into your branch for this PR to get the latest updates from the CMS? There was an error in the staging branch for a while which is fixed now, and this error made all system and unit tests fail, so we can't really see if they would be successful for your PR or not. Thanks in advance.