[#47735] - [5.4] Fix Article Version Preview For Authors
- Pending
- Medium
- Build: 5.4-dev
- # 47735
- Diff
- CSGoat0:fix/article-version-preview-for-authors
User tests: Successful: Unsuccessful:
Pull Request resolves #39268.
- I read the Generative AI policy and my contribution is either not created with the help of AI or is compatible with the policy and GNU/GPL 2 or later.
Summary of Changes
Fixes a missing core.edit.own permission check in PreviewModel::canEdit() inside com_contenthistory. The method only checked core.edit, which excluded users in the Author group (who have core.edit.own but not core.edit). They received a 403 when trying to preview older versions of their own articles via the Versions popup in the article edit view.
The fix adds an explicit core.edit.own + ownership check (created_by === current user) as a second step, consistent with how ArticleController::allowEdit() already handles this permission pair.
Additional cleanup:
- Removed a redundant
core.editcheck ingetItem()that duplicated the first check insidecanEdit(), and consolidated all access logic intocanEdit(). - Replaced the misleading comment
// Finally try session (this catches edit.own case too)— that comment existed because the session fallback was previously the only implicit coverage forcore.edit.own. Now thatcore.edit.ownis handled explicitly, the comment was inaccurate. - Restructured
canEdit()from a nested$result-variable pattern to a flat early-return style to eliminate the double!$resultevaluation.
Testing Instructions
-
Log in as Super User to the administrator backend
-
Create a test user with Author rights:
- Go to Users → Manage → Add New User
- Fill in:
- Name:
Test Author - Username:
testauthor - Email:
author@example.com - Password: write something you will remember
- Name:
- Under Assigned User Groups, select Author and remove anything else.
- Click Save & Close
-
Create an article owned by the Author:
- Go to Content → Articles → New
- Title:
Test Article – Version Preview - Content:
This is version 1 content. - Status: Published
- Access: Public
- Navigate to Publishing tab then set Created By: to
Test Author - Click Save & Close
-
Edit the article:
- Open the same article again
- Change content to:
This is version 2 content. - Click Save & Close
-
Versions Check:
- Navigate to the Frontend
- Log in as the
testauthor - Navigate to the target article,
Test Article – Version Preview - Click Edit (note: You shouldn't open the edit view at frontend and backend together, it's not applicable for the same article).
- At the bottom, you can find
Versions, click it.
Actual result BEFORE applying this Pull Request
The preview popup returns a 403 Access Denied error for Author-group users. The same user can open the article for editing without issue, but cannot preview historical versions.
Expected result AFTER applying this Pull Request
The preview popup opens successfully and displays the historical version data. Behaviour matches Joomla 3.10.x where Authors could preview versions of their own articles.
Link to documentations
Please select:
- Documentation link for guide.joomla.org:
- No documentation changes for guide.joomla.org needed
- Pull Request link for manual.joomla.org:
- No documentation changes for manual.joomla.org needed
Votes
| Status | New | ⇒ | Pending |
joomla-cms-bot
- | Category | ⇒ | Administration com_content com_contenthistory |
| Labels |
Added:
PR-5.4-dev
|
||
@CSGoat0 Version History works for different content type, not just article, so you cannot hard code the check to article like that. I haven't tried but I think the issue comes from this line https://github.com/joomla/joomla-cms/blob/5.4-dev/administrator/components/com_contenthistory/src/Model/PreviewModel.php#L143. $contentTypeTable is just a new table object, it hasn't loaded data from database yet, so I don't think it is right to use $contentTypeTable->type_alias here. Maybe you can try to change $contentTypeTable->type_alias in that line of code to just $typeAlias (seems logical to me) to see if it solves the issue?
@CSGoat0 Version History works for different content type, not just article, so you cannot hard code the check to article like that. I haven't tried but I think the issue comes from this line https://github.com/joomla/joomla-cms/blob/5.4-dev/administrator/components/com_contenthistory/src/Model/PreviewModel.php#L143. $contentTypeTable is just a new table object, it hasn't loaded data from database yet, so I don't think it is right to use $contentTypeTable->type_alias here. Maybe you can try to change $contentTypeTable->type_alias in that line of code to just $typeAlias (seems logical to me) to see if it solves the issue?
I should have posted the comment directly in the code section, but for some reasons, It could not be submitted, so I had to add new comment here.
@CSGoat0 Version History works for different content type, not just article, so you cannot hard code the check to article like that. I haven't tried but I think the issue comes from this line https://github.com/joomla/joomla-cms/blob/5.4-dev/administrator/components/com_contenthistory/src/Model/PreviewModel.php#L143.
$contentTypeTableis just a new table object, it hasn't loaded data from database yet, so I don't think it is right to use$contentTypeTable->type_aliashere. Maybe you can try to change$contentTypeTable->type_aliasin that line of code to just$typeAlias(seems logical to me) to see if it solves the issue?I should have posted the comment directly in the code section, but for some reasons, It could not be submitted, so I had to add new comment here.
Nice catch, I have tried both and you are right.
I updated the code.
There are still many unrelated changes. As mentioned, I think the only change needed is modify this line of code https://github.com/joomla/joomla-cms/blob/5.4-dev/administrator/components/com_contenthistory/src/Model/PreviewModel.php#L143, change change $contentTypeTable->type_alias in that line of code to just $typeAlias , all other changes could be reverted.
There are still many unrelated changes. As mentioned, I think the only change needed is modify this line of code https://github.com/joomla/joomla-cms/blob/5.4-dev/administrator/components/com_contenthistory/src/Model/PreviewModel.php#L143, change change
$contentTypeTable->type_aliasin that line of code to just$typeAlias, all other changes could be reverted.
I reverted it back, I have also removed the $user->authorise('core.edit', $table->item_id) at getItem() as it's double checked.
Thanks for the help, also everything works fine.
Yes, looks good. Could you also remove these lines of code https://github.com/joomla/joomla-cms/blob/5.4-dev/administrator/components/com_contenthistory/src/Model/PreviewModel.php#L137-L138 ? The variable $contentTypeTable is not used anymore, thus it should be removed.
Also, with your edit, the $user variable at this line https://github.com/joomla/joomla-cms/blob/5.4-dev/administrator/components/com_contenthistory/src/Model/PreviewModel.php#L55 should also be removed because it is not used anymore. Not sure if it is github issue or my internet connection, I could not comment directly in the code area
Also, with your edit, the $user variable at this line https://github.com/joomla/joomla-cms/blob/5.4-dev/administrator/components/com_contenthistory/src/Model/PreviewModel.php#L55 should also be removed because it is not used anymore. Not sure if it is github issue or my internet connection, I could not comment directly in the code area
All set, boss.
Looks good to me now, thanks. @Rolli1962 Could you please test it again ?
Tested again with J6.1.0 - is working fine!
Checked on a J6.1.0 System. Is working, user with author-rights now is able to open previews. Thx!