Joomla! Issue Tracker - CMS

Download
Launch
Feeling Lucky

[#35584] - Correct access checks for Categories Quick Icon

? PBF ? ? Pending

User tests: Successful: Unsuccessful:

avatar sanderpotjer
sanderpotjer
17 Sep 2021

Pull Request for Issue # .

Summary of Changes

For the "Article Categories" quick icon on the dashboard the incorrect access checks are made. Right now the permission is checked against com_categories, which is not a valid asset in Joomla. As the icon links to the Article categories the correct permission check should be made against com_content. This PR implements this.

Testing Instructions

  1. Create a new user group with "Public" as the parent user group. Allow actions "Administrator Login", "Access Administration Interface" and "Create" in the Global configuration. 
  2. Login with as test user assigned to this new user group only and confirm that "Articles" and "Article Categories" are visible in the control panel. 

Screenshot 2021-09-17 at 16 06 25

  1. Now go to the component options of the article manager and set "Access Administration Interface" and "Create" to denied for the test user group. 
  2. Go back to the control panel with the test user and confirm that "Article Categories" is still visible, clicking on the icon will give an 403 You don't have permission to access this. error.

Screenshot 2021-09-17 at 16 09 33

  1. Apply patch.
  2. Go back to the control panel with the test user and confirm that "Article Categories" is no longer visible.

Screenshot 2021-09-17 at 16 22 04

  1. Go to the component options of the article manager and set "Access Administration Interface" and "Create" to inherited (so allowed) for the test user group.  
  2. Go back to the control panel with the test user and confirm that "Articles" and "Article Categories" are both visible in the control panel.
avatar sanderpotjer sanderpotjer - open - 17 Sep 2021
avatar sanderpotjer sanderpotjer - change - 17 Sep 2021
Status New Pending
avatar joomla-cms-bot joomla-cms-bot - change - 17 Sep 2021
Category Modules Administration
avatar Quy Quy - change - 27 Jan 2022
Labels Added: ? ?
avatar HLeithner
HLeithner - comment - 27 Jun 2022

This pull request has automatically rebased to 4.2-dev.

avatar joomla-bot
joomla-bot - comment - 27 Jun 2022

This pull requests has been automatically converted to the PSR-12 coding standard.

avatar HLeithner HLeithner - change - 27 Jun 2022
Labels Added: PBF ? ?
Removed: ? ?
avatar Hackwar Hackwar - change - 21 Oct 2022
Labels Added: ?
Removed: ?
avatar drmenzelit
drmenzelit - comment - 21 Oct 2022

I have tested this item successfully on fa9c7e3

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/35584.

avatar drmenzelit drmenzelit - test_item - 21 Oct 2022 - Tested successfully
avatar chmst
chmst - comment - 21 Oct 2022

I have tested this item successfully on fa9c7e3

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/35584.

avatar chmst chmst - test_item - 21 Oct 2022 - Tested successfully
avatar chmst chmst - change - 21 Oct 2022
Status Pending Ready to Commit
avatar chmst
chmst - comment - 21 Oct 2022

RTC

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/35584.

avatar bembelimen bembelimen - change - 22 Oct 2022
Status Ready to Commit Fixed in Code Base
Closed_Date 0000-00-00 00:00:00 2022-10-22 07:25:59
Closed_By bembelimen
Labels Added: ?
avatar bembelimen bembelimen - close - 22 Oct 2022
avatar bembelimen bembelimen - merge - 22 Oct 2022
avatar bembelimen
bembelimen - comment - 22 Oct 2022

Thx

Add a Comment

Login with GitHub to post a comment