User tests: Successful: Unsuccessful:
This PR allows to define access levels for the different folder entries, adds a level to the folder selection and fixes a bug with subfolders in the local folder management in the media manager.
(2nd folder not visible, because user is logged in)
No access level option available
Only folders with the correct access level are shown
Status | New | ⇒ | Pending |
Category | ⇒ | Administration Language & Strings Libraries Front End Plugins |
Labels |
Added:
Language Change
?
?
|
The problem with the subfolder was/is, that the "recursive" option breaks the dropdown (as it is currently wrong implemented, that's why I added: https://github.com/joomla/joomla-cms/pull/35931/files#diff-b20a03c7bebd0a7b7ae0b5de9486009ec060a89a12542421578ae22251e5d707R162-R167 ) and I'm absolutely not happy with the current solution (but it's the best Joomla! can do beside offering a normal text field).
Also the local adapter had a bug when loading subfolders.
ACL for this is great but are you sure Access Levels is the correct way? Thats for controlling who can view something. I would have expected it to be using groups which is more fine grained.
Access Level only decided who can view the folder
Real ACL with groups would also enable control over who can add,delete media in a folder
anyone can use the images here but they can not edit or delete them without the correct permissions
these images can only be accessed by people in the marketing group who can do what they want with them
anyone can see, use and update images here
If you split this into 2 pr (subdirectories and acl) then they can be addressed separately. The acl is a bigger issue that subdirectories. My 2c
I have tested this item
I am not sure if I understand the scope of this PR properly and I think it's a great improvement but in my opinion, it needs some work. Also I have found some a11y issues:
Edited to add screenshots
ACL for this is great but are you sure Access Levels is the correct way?
In theory, ACL permissions are the correct way to do it, but the limitations are, that you need assets for them, which means, that we have to create DB entries for the folders (and files) which is not a good way in general for folders/files here. It's also not really forseen to make things with the toolbar buttons etc. + there is just no interface to manage permission here.
edit: although how it's implemented now, it's not that wrong, it defines, if you "see" an entry.
Permission issues
When you set restrictive permissions to a subfolder but loose permissions to the parent folder, you can access, view and manage content in the subfolder with no issues.
The entries are "positive inherit", means when you have access to a folder you have always access to all subfolder.
A11y issue
When you have different folders configured, you cannot access them using the keyboard as tabindex = -1 for all of them. Also subfolders cannot be accessed in the tree area.
The entries are "positive inherit", means when you have access to a folder you have always access to all subfolder.
But for all other permissions in Joomla we always do "negative inherit", don't we? That might be confussing. Also I think it might be an issue in some configurations as you usually provide All permissions to /image but you might want to "hide" some subfolders for some users.
Status | Pending | ⇒ | Closed |
Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2022-02-05 15:43:25 |
Closed_By | ⇒ | bembelimen |
The subfolders thing used to be there but it was changed - I forget the reason why but I suspect @PhilETaylor will know.