[#44281] - Article Newsflash does not show articles not yet published
- Closed
- 16 Oct 2024
- Medium
- Build: 5.2-dev
- # 44281
Steps to reproduce the issue
Create an Article - newsflash module and an article whose published date is after the current date.
Expected result
The article is displayed in the module.
Actual result
The article is not displayed on the module.
System information (as much as possible)
Joomla 5.2 on a raspberry pi 3B running up to date debian.
Additional comments
This is due to42694 that breaks the former behaviour (which I uses).
The following patch brings it back without touching #42694's spirit:
diff --git a/modules/mod_articles_news/src/Helper/ArticlesNewsHelper.php b/modules/mod_articles_news/src/Helper/ArticlesNewsHelper.php
index 067dc9b44..58826839c 100644
--- a/modules/mod_articles_news/src/Helper/ArticlesNewsHelper.php
+++ b/modules/mod_articles_news/src/Helper/ArticlesNewsHelper.php
@@ -56,7 +56,7 @@ class ArticlesNewsHelper implements DatabaseAwareInterface
$model->setState('params', $appParams);
$model->setState('list.start', 0);
- $model->setState('filter.published', 1);
+ $model->setState('filter.published', array(0, 1));
// Set the filters based on the module params
$model->setState('list.limit', (int) $params->get('count', 5));
joomla-cms-bot
- | Labels |
Added:
No Code Attached Yet
|
||
| Status | New | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2024-10-16 15:45:49 |
| Closed_By | ⇒ | Hackwar |
My bad, I got confused in my changes, this is the actual patch:
- $model->setState('filter.published', 1);
+ $user = $app->getIdentity();
+ if ($user && ($user->authorise('core.edit.state')) && ($user->authorise('core.edit'))) {
+ $model->setState('filter.published', array(0, 1));
+ } else {
+ $model->setState('filter.published', 1);
+ }Edit: note that this only addresses cases for user with the global core.edit / core.edit.state permission. I am unsure whether a more fine-grain solution is doable (e.g. to exactly match the user's category-based permissions).
If the article is not yet published why do you expect it to be displayed
In my use case, several administrators share a website to write content to readers. It is easier for the admins to see on the homepage the next news to be published in a glance, without going individually to all categories.
For that specific use case you will need to create your own module. It certainly would not be the expected or designed behaviour. I managed many sites where this would result in information being leaked before it should be available.
Well, users with global core.edit have other ways to see / modify to-be-publisged content but I suppose this falls out of the scope of the module, which is either way doomed for death on 6.0.
Thanks for the clarification!
The behavior from 4.4/5.2 is the intended behavior and not a bug. Your solution unfortunately actually is a security issue, since it displays unpublished content to public users. We can not accept this. I would advise you to find a different solution for your problem or in worst case copy the module and model and make a change for you alone, but for Joomla this is both a breaking change and a security issue.