[#31484] - Why do we use the ID of the category for checking permissions in toolbar of an item?
- Closed
- 29 Nov 2020
- Medium
- Build: staging
- # 31484
Problem identified
I like to understand, why we use the ID of the category for checking permissions in toolbar of an item:
If I check blame I only see a very old PR "ACL Issues when user has edit (but not create) permission in…". I do not know how to open this PR.
Open questions
Why do we use the ID of the category for checking permissions in toolbar of an item
and
is there a way to open old PRs?
joomla-cms-bot
- | Labels |
Added:
?
|
||
Thank you @wojsmol
But I can not find an entry "ACL Issues when user has edit (but not create) permission in…" in joomlacode-archive. What is my mistake?
I can see the changed files here: 467c3dc
But I can not see the conversation. If I click on the issue link an other PR is opend - a newer one with the same number #27766.
To understand your question: which check would you expect?
I assume, the permission will follow the default behaviour: component => category => item and as the item has no ACL, it sticks to the category.
I only can see that the banners themselves i.e. the table #__banners has no field asset_id. So if someone may edit a category it is assumed that he can edit also the banners.
Maybe that this code was written before Joomla was on github.
| Status | New | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2020-11-29 16:47:41 |
| Closed_By | ⇒ | astridx |
I think I understood it now. There is no special reason why there is no asset tracking in com_contact and com_banners at item level. It's just not implemented. Correct?
Most likely one didn't see any advantage for item permissions at the time. As long as you don't need to allow edits for a single banner (or contact) only, it is sufficient to track it on category level.
AFor old PRs part please see https://developer.joomla.org/joomlacode-archive/