[#40484] - [4.3] Allow category edit, although no category exists
- Fixed in Code Base
- 6 May 2023
- Medium
- Build: 4.3-dev
- # 40484
- Diff
- bembelimen:4.3/fix-category-edit
User tests: Successful: Unsuccessful:
Issues: #40456
Summary of Changes
This is a very old bug which now becomes prominent with Joomla 4.3:
If you have no categories at all or only where you have no "core.create" access (as non-Super User), you can't create a new category if versioning is enabled:
The indirect reason is for the error is, that George did the right thing and uses the correct new Toolbar button call here: f05a062#diff-e7027c083e5734491c2543e3e20bce19f86291481b6ecdecf2e362b708b2351cL234 (PR: #39537). This leads to a strict requirement of having an integer as ID which throws this error, because new categories don't have an ID at all (NULL).
But the problem is now, when we create a new category, we should never reach this point, because some lines above there is a if/else construct: the if area should handle new categories and the else should handle editing categories (where our "version-line" from above is located).
So why are we reaching this point anyways when we have no other categories activated? Because there is the 2nd check in the if: (count($user->getAuthorisedCategories($component, 'core.create')) > 0). This says: you're only in creation mode when there is at least any other category, where you can create, too. Which makes no sense...
Testing Instructions
- Run on PHP 8.1
- Activate versioning in com_content (in the settings, it's activated by default)
- Trash all categories (or remove all "core.create" permission in all categories when no Super User)
- Create a new category
Actual result BEFORE applying this Pull Request
Error
Expected result AFTER applying this Pull Request
Creation works as expected
Link to documentations
Please select:
-
Documentation link for docs.joomla.org:
-
No documentation changes for docs.joomla.org needed
-
Pull Request link for manual.joomla.org:
-
No documentation changes for manual.joomla.org needed
joomla-cms-bot
- | Category | ⇒ | Administration com_categories |
| Status | New | ⇒ | Pending |
@bembelimen To me it seems that this PR will solve issue #40456 . Am I right? if so, please mention the issue at the top of your PR's description and let me know so I can close the issue (or close it yourself). Thanks in advance.
Yes, it does, thanks. Linked it and you can close it
@bembelimen Thanks.
The code removed by this PR here could be a remainder from copy and paste from here: https://github.com/joomla/joomla-cms/blob/4.3-dev/administrator/components/com_content/src/View/Article/HtmlView.php#L146
For the articles this check makes sense, but not for the categories, so this PR here is right.
| Labels |
Added:
bug
PR-4.3-dev
|
||
I have tested this item
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/40484.
I have tested this item
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/40484.
| Status | Pending | ⇒ | Ready to Commit |
RTC
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/40484.
| Labels |
Added:
?
Maintainers Checked
?
|
||
| Status | Ready to Commit | ⇒ | Fixed in Code Base |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2023-05-06 00:52:57 |
| Closed_By | ⇒ | obuisard |
Thank you Benjamin @bembelimen for this PR :-)
@bembelimen thanks for this, which fixes a problem #40784 which I'd just noticed.
However, the call to getAuthorisedCategories occurs also in the categories view, in /administrator/components/com_categories/src/View/Categories/HtmlView.php in the lines (195-197 in joomla 4.3.1):
if ($canDo->get('core.create') || count($user->getAuthorisedCategories($component, 'core.create')) > 0) {
$toolbar->addNew('category.add');
}
Tracing through the code of getAuthorisedCategories it looks for all that component's categories in the #__categories table, and gets the associated asset record.
It then calls authorise() on each asset record, and as this performs a recursive check up the asset hierarchy, so it ends up checking core.create against the component, which is the same as what is in the $canDo structure anyway.
So if my understanding is correct the call to getAuthorisedCategories is superfluous here, and if the user doesn't have core.create then it results in a lot of pointless database accesses.
Besides that, I think that the adding the New button should just be dependent upon having core.create permission anyway.
What do you think?
@bembelimen To me it seems that this PR will solve issue #40456 . Am I right? if so, please mention the issue at the top of your PR's description and let me know so I can close the issue (or close it yourself). Thanks in advance.