@aniket19491 can you add a bit more how we can test that? e.g. wit core componente code? Or a custom component? Else it is hard to test with out to be a developer that try to implement the feature ;)

@zero-24 You can test this using a custom component

Steps to follow
1- Create 2 content categories and set access level for 1st as "public" and for 2nd as "special".

title = Category1, Accesslevel = Public
title = Category2, Accesslevel = Special

Now add the below code in any front-end view of your custom component

<?php $userId = JFactory::getUser()->id; ?>

<?php $allowedViewLevels = JAccess::getAuthorisedViewLevels($userId); ?>

<?php echo JHtml::('select.options', JHtml::('category.options', 'com_content'), 'value', 'text'); ?>

Expected result for "Guest" user => Should only see category1 as per access level.
Current result for "Guest" user => Both the categories are shown.

Now if you change the last line with
<?php echo JHtml::('select.options', JHtml::('category.options', 'com_content', $config = array('filter.access' =>$allowedViewLevels)), 'value', 'text'); ?>

Expected result for "Guest" user => Should only see category1 as per access level.
Current result for "Guest" user => Only category1 is shown

Thank you for testing. :)

What I wonder is why you're passing the access levels to the method. Why don't you just look it up in JHtmlCategory itself based on a boolean? I can only see two possible scenarios: We either want to show all categories (no filtering, default as it's B/C) or only those allowed for the current user.

It'll be flexible this way eg: in a case where you want to fetch a list of categories for some other user.

Do we need to provide that flexibility? Couldn't the extension which needs that (for whatever unknown reason) do it themself?
It makes the useage of the method more complex because you need to fetch the levels yourself. And it also makes the method itself more complex because you need to check for string and array.

I agree with what coolbung said. While showing categories, only those should be seen to whom user has access to.

@Bakual .. I think we do need this flexibility as the method right now has the filter for "published" and "language". This change will be helpful for most of the custom component as they all need filtered (based on access level) categories on front-end.

Hi,

Background : A Extension using Joomla Category management. Lets say an event management system
Use Case : Set some ACL for categories. Say Corporate events should only accessible to Access levels Gold and Silver

Problem :
Right now the JHtml::_('category.options') returns categories irrespective of logged in user's ACL.

This PR makes it respect ACL>

Since the category manager infrastructure can be used by any extension, and we set the access level for the category in the category manager, it makes sense that the API method to return categories on the front end respect the category acl set in the backend. That way its uniform and each component doesn't have to do it on their own. So from my end to this

@zero-24 @Bakual ..Any updates on this?

I have tested this item ✅ successfully on b283c6f

With adding the "_" before the "(" in the last Line successfully tested.

@icampus Pizza, Bugs & Fun

I have tested this item ✅ successfully on b283c6f

I have tested this issue @icampus PBF with the addition of the filter and it works as its supposed to. I followed the suggested steps and got the same result as Curiensol. It showed all categories as guest and the patch filtered the "special" ones.

RTC as we have 2 successful tests and code looks good to go for me.