[#32539] - fix(mod_submenu): hide disabled components in mod_submenu
- Closed
- 2 Mar 2021
- Medium
- Build: 4.0-dev
- # 32539
- Diff
- sawmurai:fix/mod_menu/hide-disabled-components-in-panel
User tests: Successful: Unsuccessful:
Pull Request for Issue #32456 .
Summary of Changes
The changes introduced hide menu items for disabled components from the cpanel.
Testing Instructions
- Disable the CSP extension
Actual result BEFORE applying this Pull Request
The menu item "Content Security Policy" is still available in the cpanel.
Expected result AFTER applying this Pull Request
The menu item "Content Security Policy" is not available in the cpanel anymore.
Documentation Changes Required
| Status | New | ⇒ | Pending |
joomla-cms-bot
- | Category | ⇒ | Modules Administration |
| Labels |
Added:
?
|
||
I don't know if this is the right approach or not, but it contains a few mistakes:
- The extension name is not unique in the extensions table, so there may be several extensions of different types having the same name value. What has to be unique is the combination of element, folder and client_id for extensions of type "plugin", and element and client_id for extensions of other types. But the database query here doesn't contain any restrictions ("WHERE ...") for the extension type and client_id:
joomla-cms/administrator/modules/mod_submenu/src/Menu/Menu.php
Lines 44 to 46 in 47b2cff
As far as I understand the purpose of this PR, only extensions of type "component" should be fetched with that query, and they should be restricted also to the right client_id here (1 for admin).
- The property "element" is checked to be in the array, which contains the "name" values and not the "element" values, as you could see by the query mentioned above. See here the check:
For lucky circumstances, the "name" and "element" values are the same for (core) components, but that might not always be granted, so it can happen we compare apples and pears here. Therefore at least from a formal point of view the above check is wrong.
- Beside the above 2 points my knowledge about the submenu is too little to say if the approach chosen here is right or wrong. Hoping for more detailed feedback e.g. from @SharkyKZ .
P.S. to my above comment's items 1 and 2: For the reasons stated there, I would expect the query to be:
$query->select($db->quoteName('e.element'))
->from($db->quoteName('#__extensions', 'e'))
->where($db->quoteName('e.type') . ' = ' . $db->quote('component'))
->where($db->quoteName('e.client_id') . ' = 1')
->where($db->quoteName('e.enabled') . ' = 0');
And later below it should be:
$names[] = $item->element;
@richard67 Thank you so much for the comments! I updated the PR. Let's see what @SharkyKZ's feedback is.
This would be my first contribution to joomla despite having used it for the past couple of years, so I would not be surprised if I misunderstood something and my approach is totally wrong.
The idea behind my approach is basically:
Since the menu is rendered from the preset-xml files (in the error case) my only information are the element and type of the menu item, so I know that its a component of "type" com_csp. To link that to the state of the component (enabled, disabled) I have to query the database beforehand and pass that information to the precheck function, which already appears to be hiding menu items under certain conditions.
Agreed! Did not know about the ComponentHelper
| Status | Pending | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2021-03-02 12:32:32 |
| Closed_By | ⇒ | sawmurai |
Yep, I will close it :)
@SharkyKZ could you please elaborate why you gave a thumb down? Probably there is room for improvement in this PR based on you feedback. Thanks.