Pull Request for Issue #39706, #36273

Summary of Changes

This PR implement the missing com_config component dispatcher, fix ACL bugs for changing component options as reported #39706 and #36273 . It is a replacement / addition for the code implemented at #39710 by @carlitorweb (thanks for working on it, most of the code here base on our discussion on that original PR)

Basically, when someone accesses to com_config

• If user is changing a component config, he needs to have core.admin or core.options of that component. For two special components: com_privacy and com_joomlaupdate, he needs to have global core.admin permission
• For doing anything else in com_config, he will need to have global core.admin permission.

Testing Instructions

Mostly you can follow instructions at #39706 :

1. Login to administrator area of your site using a super user account.
2. Access to Content -> Articles, click on Options button in the toolbar. Select Manager user group, set permission Configure Options for that user group to Allowed.
3. Create a new user account, assign him to Manager user group
4. Logout from your super user account. Then login using the user account belong to Manager user group above
5. Access to Content -> Articles again, try to click on Options button in the toolbar

Actual result BEFORE applying this Pull Request

You get 403 , Access Denied error like in the attached screenshot

Expected result AFTER applying this Pull Request

No error anymore. You can change options for com_content and have it saved without any error.

After confirming it fixed the issue for Manager user, please login again using your super user account. Try to go to System -> Global Configuration, change settings and make sure it is still working, too.

Link to documentations

• No documentation changes for docs.joomla.org needed
• No documentation changes for manual.joomla.org needed