No Code Attached Yet bug
avatar sergeytolkachyov
sergeytolkachyov
28 Sep 2021

Steps to reproduce the issue

Both in J3 and j4 we have a preinstalled user groups and access permissions for this groups. On of them is Author.
Author can do:

  • site login
  • create (any items)
    - edit own (items)
    Check this in Global configuration - Permissions.

Create a user with Author access level and try to create an article (com_content) via frontend.

Expected result

We expect that Author can create it's own item, save and close it and go to drink a cup of coffee. Then after a while he can return and resume it's job. He goes to category, select his unfinished article and continue to edit and to save it.

Actual result

Author goes to category where he created an article and sees nothing. He can't see it's own unpublished article.
If we add to Author ability to Edit (Global configuration - Permissions) or Edit sate - then Author can see unpublished articles. But also he can change article state and publish it without verification by Editor. Or he can edit all articles, not only own.

System information (as much as possible)

Checked it on Joomla 3.10.2 and 4.0.3

avatar sergeytolkachyov sergeytolkachyov - open - 28 Sep 2021
avatar joomla-cms-bot joomla-cms-bot - change - 28 Sep 2021
Labels Added: No Code Attached Yet
avatar joomla-cms-bot joomla-cms-bot - labeled - 28 Sep 2021
avatar alikon
alikon - comment - 6 Oct 2021
avatar brianteeman
brianteeman - comment - 6 Oct 2021

@alikon workflow is optional - even if it is possible with workflows which I doubt

avatar sergeytolkachyov
sergeytolkachyov - comment - 6 Oct 2021

I tested a workflow on j4and find, that author can't see his own articles. I try to repeat this on j3 and found it too.

avatar brianteeman
brianteeman - comment - 6 Oct 2021

as I expected

avatar alikon
alikon - comment - 6 Oct 2021

there are some extensions?

avatar brianteeman
brianteeman - comment - 6 Oct 2021

No. It cant be done because as reported the core acl doesnt allow it. Try it and see.

avatar jeckodevelopment
jeckodevelopment - comment - 6 Oct 2021

Would it need an additional "setting" in which the author can edit own articles only when they are still unpublished?

avatar brianteeman
brianteeman - comment - 6 Oct 2021

afaict yes that is the only way

avatar Hackwar Hackwar - change - 22 Feb 2023
Labels Added: bug
avatar Hackwar Hackwar - labeled - 22 Feb 2023
avatar peteruoi
peteruoi - comment - 22 Feb 2024

I don't know the code but just from the words i believe it could be just a simple bug.
edit own permission should be the same with edit with an AND clause that only things created by me could be edited.
Can someone point me to the correct file that these permissions are defined? i 'm not a programmer but i understand algorithms.
Of course i am not sure about what i assume so plz be patient if it is something extremely difficult to fix.

avatar ManuelHu
ManuelHu - comment - 23 Feb 2024

A question to you, @peteruoi: I understood that the user in you issue cannot see the unpublished articles in the frontend list, but could you check if the user can actually edit his unpublished article in the frontend?

To check you could just replace the article id in the URL to the frontend editor

  • Copy the edit link from a published article by this user (an article the user can see and edit with the "edit own" permission)
  • replace the article ID parameter in the URL to an unpublished article by this user (If I remember correctly it should be the &aid=XX part)
  • try to open that url while still being logged in as that user

If the user can then open and use the editor with this link, this is only a bug in the article list model. I know of similar bugs (unpusblished articles not showing up in some rather "weird" ACL configurations)


To answer your question and to explain my reply: The permission checks in lists and the editor itself are not the same code. So the check in the list might have the bug, but the check in the editor itself might work correctly. So there is no single file where this is defined...

Add a Comment

Login with GitHub to post a comment