[#4982] - Admin users cannot see when Joomla updates are available
- Closed
- 5 Sep 2015
- Medium
- Build: master
- # 4982
Steps to reproduce the issue
Log in as admin user when new updates are available (not as a super user)
Attached screenshot "Joomla Update Message for Super Users - Screenshot.png" shows what a super user sees, and attached screenshot "Joomla Update Message not available for Admin Users - Screenshot.png" shows that admin users cannot see the update messages.
Expected result
Can See Update Available message: Joomla! x.x.x is available Update Now (button)
Actual result
No messages visible
System information (as much as possible)
Linux x86_64
Joomla 3.3.x
PHP 5.3.28
MySql 5.5.35
Additional comments
95% of our clients that manage their own sites only have a maximum of Administrator access to the admin area of Joomla in order that they cannot accidentally cause a catastrophic error on their site, and we have opened up the permissions so that they can do regular admin functions such as regular backups etc with Akeeba Backup.
In earlier versions of Joomla (I believe, but as our clients no longer have any older versions so I cannot confirm) I'm sure that admin users were able to administrate the Joomla site by carrying out such tasks as applying security updates etc for the Joomla Core and any installed components etc.
With the latest version of Joomla (v3.3.6) I was taking a client to task for not updating her site with the latest security updates when it was brought to my attention that she could not see any indication that there were any updates available (see the 2 screenshots that show what a super user sees, and what an admin user sees!!!).
This seems crazy to me that an administrator cannot at the very least "see" administrator messages such as this (think logically about the word used to descibe this user access level!!, e.g. "ADMINISTRATOR").
Even if it is deemed that the administrator users cannot actually do the updates, at least they should be able to "see" the messages so that they can at least alert the super users that an update is available!! After all it is logical that an administrator will regularly access the site, but a super user will only access the site as and when required, so it really would make much more sense if administrator users can at the very least see the warning messages, even if they cannot action them.
For example, if it is not possible for the administrator users to actually carry out the updates themselves, then at least let them see a message telling them that an update is available but they do not have permission to carry out the update so they should contact their website administrator (e.g. the super admin user) to carry out the update etc.
This should really also happen for all component updates reported through the Joomla update messaging system for all compliant components and/plugins etc.
Closing this issue so we can keep the conversation in one place. Please use the PR to comment further.
| Status | New | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2014-11-04 06:55:18 |
PR was wrong as the quick icon rightfully checks the extension manager for the permissions since the AJAX request goes there (which needs access to com_installer).
| Status | Closed | ⇒ | New |
Solving this probably would need a rewrite of the plugin to use com_ajax for fetching the information. Then the AJAX method for fetching the updates would be located in the plugin itself, and not in the component.
At least in theory this could work.
@Bakual Can we please at least look into the possibility of an option to show the notices to the admin users, as for my purposes it would be sufficient for my client "administrator" users just to see the notices even if they cannot act upon them, as I need them to know when there is a core security update so that they can contact me to arrange to update their site.
For this clients that feel confident enough to do their own updates we will give them the access they need with a caveat that they take responsibility for ensuring that they backup their site etc before apply any updates.
If you can provide the code then it will be reviewed
On 4 November 2014 15:00, westiefan notifications@github.com wrote:
@Bakual https://github.com/Bakual Can we please at least look into the
possibility of an option to show the notices to the admin users, as for my
purposes it would be sufficient for my client "administrator" users just to
see the notices even if they cannot act upon them, as I need them to know
when there is a core security update so that they can contact me to arrange
to update their site.For this clients that feel confident enough to do their own updates we
will give them the access they need with a caveat that they take
responsibility for ensuring that they backup their site etc before apply
any updates.—
Reply to this email directly or view it on GitHub
#4982 (comment).
Brian Teeman
Co-founder Joomla! and OpenSourceMatters Inc.
http://brian.teeman.net/
@brianteeman I don't have access to the code you need for reviewing, surely as one of the co-founders of Joomla you have far better access to the code than I do. @Bakual can you help by providing the code?
I don't have access to the code you need for reviewing, surely as one of the co-founders of Joomla you have far better access to the code than I do.
Code is right here on GitHub. Brian doesn't have more access to it than you have. And he is not a developer (at least he says so usually).
can you help by providing the code?
As said, it's not as easy as I thought and it needs a bigger rewrite of the plugins to accomplish that.
If you need the notifications, you need to give access to the extension manager. Currently there is no other way.
If someone comes up with a solution, it can be considered.
Not a comment on the issue, but the practical problem westiefan has:
Have you tried Akeeba CMS Update? Since it is based on code that predates Joomla Update, I think there is a good chance the developer skipped on using extension manager. And it has that backup on update you wanted...
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/4982.
| Labels |
Added:
?
|
||
@westiefan thank you for your contribution. As there has been no significant activity on this issue for some time I am going to close it. When someone provides the code we can continue with the issue.
| Status | New | ⇒ | Closed |
| Closed_Date | 2014-11-04 06:55:18 | ⇒ | 2015-09-05 15:41:50 |
| Closed_By | ⇒ | roland-d |
See #4983
Currently, the quick icon notificaion plugin checks if you have access to the extension manager, which your administrator probably doesn't have. But it should check for the Joomla Update component which admins usually have access to.