[#45331] - [6.0] Implement access levels for media manager folder
- Pending
- Medium
- Build: 6.0-dev
- # 45331
- Diff
- bembelimen:6.0/media-manager/access-level
User tests: Successful: Unsuccessful:
Summary of Changes
This is the 6.0 version of #35931
This PR allows to define access levels for the different folder entries, adds a level to the folder selection and fixes a bug with subfolders in the local folder management in the media manager.
Testing Instructions
- Apply PR
- Go to the "FileSystem - Local" plugin
- Set some folders + permissions
- Create users to check the permissions (by e.g. opening the media select for intro images in an article)
Actual result BEFORE applying this Pull Request
No access level option available
Expected result AFTER applying this Pull Request
Only folders with the correct access level are shown
Link to documentations
Please select:
-
Documentation link for docs.joomla.org:
-
No documentation changes for docs.joomla.org needed
-
Pull Request link for manual.joomla.org:
-
No documentation changes for manual.joomla.org needed
| Status | New | ⇒ | Pending |
joomla-cms-bot
- | Category | ⇒ | Administration Language & Strings Libraries Front End Plugins |
| Labels |
Added:
Feature
Language Change
PR-6.0-dev
|
||
When you dont have access to any folder then the media manager should display an appropriate message and the buttons in the toolbar should not be available
Same with the media manager modal
When you dont have access to any folder you also cannot create an article, contact etc basically anything that uses tinymce :(
An error has occurred.
0 COM_MEDIA_ERROR_NO_ADAPTER_FOUND
| --- | Function | Location |
|---|---|---|
| 1 | () | JROOT\administrator\components\com_media\src\Provider\ProviderManagerHelperTrait.php:125 |
| 2 | class@anonymousD:\repos\j6\plugins\editors\tinymce\src\PluginTraits\DisplayTrait.php:333$968e->resolveAdapterAndPath() | JROOT\plugins\editors\tinymce\src\PluginTraits\DisplayTrait.php:338 |
| 3 | class@anonymousD:\repos\j6\plugins\editors\tinymce\src\PluginTraits\DisplayTrait.php:333$968e->prepareTinyMCEUploadPath() | JROOT\plugins\editors\tinymce\src\PluginTraits\DisplayTrait.php:352 |
| 4 | Joomla\Plugin\Editors\TinyMCE\Provider\TinyMCEProvider->display() | JROOT\libraries\src\Editor\Editor.php:211 |
| 5 | Joomla\CMS\Editor\Editor->display() | JROOT\libraries\src\Form\Field\EditorField.php:250 |
| 6 | Joomla\CMS\Form\Field\EditorField->getInput() | JROOT\libraries\src\Form\FormField.php:482 |
| 7 | Joomla\CMS\Form\FormField->__get() | JROOT\libraries\src\Form\Field\TextareaField.php:94 |
| 8 | Joomla\CMS\Form\Field\TextareaField->__get() | JROOT\libraries\src\Form\Field\EditorField.php:138 |
| 9 | Joomla\CMS\Form\Field\EditorField->__get() | JROOT\libraries\src\Form\Form.php:469 |
| 10 | Joomla\CMS\Form\Form->getInput() | JROOT\administrator\components\com_content\tmpl\article\edit.php:73 |
| 11 | include() | JROOT\libraries\src\MVC\View\HtmlView.php:416 |
| 12 | Joomla\CMS\MVC\View\HtmlView->loadTemplate() | JROOT\libraries\src\MVC\View\HtmlView.php:204 |
| 13 | Joomla\CMS\MVC\View\HtmlView->display() | JROOT\administrator\components\com_content\src\View\Article\HtmlView.php:148 |
| 14 | Joomla\Component\Content\Administrator\View\Article\HtmlView->display() | JROOT\libraries\src\MVC\Controller\BaseController.php:697 |
| 15 | Joomla\CMS\MVC\Controller\BaseController->display() | JROOT\administrator\components\com_content\src\Controller\DisplayController.php:70 |
| 16 | Joomla\Component\Content\Administrator\Controller\DisplayController->display() | JROOT\libraries\src\MVC\Controller\BaseController.php:730 |
| 17 | Joomla\CMS\MVC\Controller\BaseController->execute() | JROOT\libraries\src\Dispatcher\ComponentDispatcher.php:143 |
| 18 | Joomla\CMS\Dispatcher\ComponentDispatcher->dispatch() | JROOT\libraries\src\Component\ComponentHelper.php:361 |
| 19 | Joomla\CMS\Component\ComponentHelper::renderComponent() | JROOT\libraries\src\Application\AdministratorApplication.php:150 |
| 20 | Joomla\CMS\Application\AdministratorApplication->dispatch() | JROOT\libraries\src\Application\AdministratorApplication.php:205 |
| 21 | Joomla\CMS\Application\AdministratorApplication->doExecute() | JROOT\libraries\src\Application\CMSApplication.php:304 |
| 22 | Joomla\CMS\Application\CMSApplication->execute() | JROOT\administrator\includes\app.php:58 |
| 23 | require_once() | JROOT\administrator\index.php:32 |
Access Level public and guest should not be in the list as there is no scenario where they will ever be able to access the media manager
There is the use case, that guest can submit articles, so there is a scenario. Currently the problem is, e.g. that this line is broken ($asset is 0 not an empty string). But should be fixed with another PR.
When you dont have access to any folder then the media manager should display an appropriate message and the buttons in the toolbar should not be available
Not sure, if that would fit when you have more than one filesystem plugin activated.
When you dont have access to any folder you also cannot create an article, contact etc :(
Thanks have to check this.
Access Level public and guest should not be in the list as there is no scenario where they will ever be able to access the media manager
There is the use case, that guest can submit articles, so there is a scenario.
They can submit articles but they cannot upload images. You will see that the editor-xtd button is never displayed to guests and any media fields will produce a 403. This was done as a security measure
They can submit articles but they cannot upload images. You will see that the editor-xtd button is never displayed to guests and any media fields will produce a 403. This was done as a security measure
Just set a category to "allow edit" for guests and they see the media button. But as I said in the comment before. The check is broken anyways and needs fixing. So it's possible (before the PR), you just can't limit to a certain folder.
"Guest" is just a normal Access Level and User Group, no difference to other groups.
Another thing that you need to check/document/ignore is the drag and drop functionality of images in tinymce - if the folders set in the tinymce plugin dont match the folders in the filesystem plugin you get this useless error
Another thing that you need to check/document/ignore is the drag and drop functionality of images in tinymce - if the folders set in the tinymce plugin dont match the folders in the filesystem plugin you get this useless error
But this is not related to this PR, is it?
@bembelimen You are aware of the failing unit tests?
Another thing that you need to check/document/ignore is the drag and drop functionality of images in tinymce - if the folders set in the tinymce plugin dont match the folders in the filesystem plugin you get this useless error
But this is not related to this PR, is it?
it is exposed by this PR
@bembelimen You are aware of the failing unit tests?
Yes, I'm aware of it.
| Category | Administration Language & Strings Libraries Front End Plugins | ⇒ | Administration Language & Strings Libraries Front End Plugins Unit Tests |
| Labels |
Added:
Unit/System Tests
|
||
I think many people may expect that this will make the folder "protected".
Or, do you think User will not expect these files to be access limited for the regular visitors, I mean on the site?
Maybe need the field description to clarify it? Or something kind of that.
@bembelimen does the code pilot review change anything here or can we progress after unit tests?
Access Level public and guest should not be in the list as there is no scenario where they will ever be able to access the media manager