[#4975] - Adding a new ACL rule 'core.options'
- Closed
- 2 Dec 2014
- Medium
- Build: staging
- # 4975
- Diff
- Bakual:AddACLCoreOptions
- Success continuous-integration/travis-ci The Travis CI build passed Details
User tests: Successful: Unsuccessful:
Issue
As explained in issue #4954, currently it's not possible to give someone access to the options without giving him also access to the permissions. It means that a user with access to the options is a "SuperUser" for that particular extension.
There may be use cases where you want to give someone access to the options without giving him full permissions for the extension.
Solution
This PR adds a new ACL rule core.options which will allow to edit the options, but not the permissions.
I only did it for com_content so far, but if the concept is accepted I can easily add it to the other extensions as well. It's just an added line in the access.xml file and an added ACL check in each view where the options button should appear.
Testing
- Create a second user and adjust the permissions in com_content so he can access the options but doesn't have "Configure" permissions.
- Check with SuperUser and this new user if the options work as expected. SuperUser should be able to save the permissions. The new user should not see them and not be able to save them (even if he fakes the form).
- Check also in other extensions that the SuperUser still can access and save the options and permissions. Nothing should have changed there.
jissues-bot
- | Labels |
Added:
?
|
||
| Rel_Number | ⇒ | 4954 | |
| Relation Type | ⇒ | Related to |
Updated the language strings and moved the new ACL above the "Access Administration Interface" so it's next to the "Configure" one. Should be less confusing this way.
Thanks - looks good to me
| Category | ⇒ | ACL Administration |
@test Works as expected. The new user can configure the content options but not the permissions.
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/4975.
@test Works as expected. The new user can configure the content options but not the permissions.
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/4975.
| Status | Pending | ⇒ | Ready to Commit |
losedk
- 
All good!
| Labels |
Added:
?
|
||
| Status | Ready to Commit | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2014-12-02 19:48:43 |
Ah, see it now. Looks like a merge conflict with the previous moving of the buttons. Didn't catch that obviously.
@Bakual was looking into the history of core.options, and found this PR. Was there any specific reason to not include core.options in the Global Configurations of Joomla? Right now a user can't allow the core.options action from a global level to allow the action for all components that are using that action.
@sanderpotjer I'd bet on it just being an oversight on my part. Because I added it first in com_content only, it didn't made sense to have it in the global options. And when I added it to the remaining extensions it just popped up in my mind to add it to global as well.
It works perfectly technically THANKS
I would suggest making some small changes to the UI (as it took me ages to get the settings correct)
Move Access Administration Interface to the top
As we have the space then change the label Configure to Configure ACL & Options and change Options to Configure Options only