Joomla! Issue Tracker - CMS

Download
Launch
Feeling Lucky

[#47918] - ACL Error for Custom Field: Media, not check ACL Permissions

No Code Attached Yet
avatar rytechsites
rytechsites
7 Jun 2026

If a user group does not have permissions to EDIT a custom MEDIA TYPE field, they are able to click on the 'select button', and access files, upload images. They are not able to SAVE the change, however the expected outcome would be that if they cannot edit the field, they should not be able to click on the select to upload an image.

Happens in: FRONT END

Setup:
Author User Group
On article Options Able to EDIT Custom Fields = YES
On SPECIFIC FIELD permission options for Media Type field, Able to EDIT custom FIELD = DENIED

Expected Outcome:
If a Group is not able to edit a custom field, MEDIA TYPE, they should not be able to click on the SELECT button at all

avatar rytechsites rytechsites - open - 7 Jun 2026
avatar rytechsites rytechsites - change - 7 Jun 2026
Labels Removed: ?
avatar joomla-cms-bot joomla-cms-bot - change - 7 Jun 2026
Labels Added: No Code Attached Yet
avatar joomla-cms-bot joomla-cms-bot - labeled - 7 Jun 2026
avatar jiteshkhatri11
jiteshkhatri11 - comment - 16 Jun 2026

Hi @rytechsites, I'd like to investigate this issue. I'll try to reproduce it using the steps you've provided, verify whether the media field selector is bypassing the field-level ACL checks on the frontend, and submit a PR if I can identify a suitable fix.

Add a Comment

Login with GitHub to post a comment