?
avatar geejay101
geejay101
6 Jun 2015

Problem:

It is not possible to create admin groups which have the ability to deactivate / activate other users, but not change any other user rights. An administrator/user with only EditState permission for the Administration User component cannot deactivate / activate other users. When clicking on block/unblock in the userlist, the status of the user doesnt change.

The problem occurs because the tick-boxes in the userlist are not shown when the administrator has only EditState permission. The tickbox is only shown when the administrator has also Edit permission.

Solution:
administrator/components/com_users/views/users/tmpl/default.php
must be patched in line 94:
old code in Joomla 3.4.1: <?php if ($canEdit) : ?>
New: <?php if ($canEdit || $canChange) : ?>

Steps to reproduce the issue

Create a user / group so that the user has the following calculated settings in the user com_user administration component.

Configure ACL & Options: Not Allowed
Access Administration Interface: Allowed
Create: Allowed
Delete: Not Allowed.
Edit: Not Allowed.
Edit: State Allowed

Log into the administrator backend with that user and access the user administration.

Expected result

The user should be able to block/unblock other users with the switches in the "enabled" column

Actual result

The user can see the block/unblock switches in the "Enabled" column but when clicking the status of the user is not changing.

The problem occurs because the tick-boxes in the userlist are not shown when the administrator has only EditState permission.

System information (as much as possible)

Any Joomla version from Joomla 2.5.28 until 3.4.1

Solution:
patch administrator/components/com_users/views/users/tmpl/default.php
in line 94:
old code in Joomla 3.4.1: <?php if ($canEdit) : ?>
New: <?php if ($canEdit || $canChange) : ?>

avatar geejay101 geejay101 - open - 6 Jun 2015
avatar joomla-cms-bot joomla-cms-bot - change - 6 Jun 2015
Labels Added: ?
avatar geejay101 geejay101 - change - 6 Jun 2015
Build 3.4.1 staging
avatar geejay101 geejay101 - change - 6 Jun 2015
Title
User Admin with editstate permission cannot block/unblock users
Fix: User Admin with editstate permission cannot block/unblock users
avatar geejay101 geejay101 - change - 6 Jun 2015
Title
User Admin with editstate permission cannot block/unblock users
Fix: User Admin with editstate permission cannot block/unblock users
avatar brianteeman brianteeman - change - 6 Jun 2015
Priority Urgent Medium
avatar brianteeman
brianteeman - comment - 6 Jun 2015

Reset priority according to documentation https://docs.joomla.org/Priority


This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/7131.

avatar Bakual
Bakual - comment - 6 Jun 2015

@geejay101 Since you already propose a code change, can you do a Pull Request? It's really easy to do. See https://docs.joomla.org/Using_the_Github_UI_to_Make_Pull_Requests

After it is tested and merged, you will get listed as a contributor for the release :smile:

avatar geejay101
geejay101 - comment - 7 Jun 2015

I am closing this issue because I created a pull request under a new issue
http://issues.joomla.org/tracker/joomla-cms/7134

avatar geejay101 geejay101 - change - 7 Jun 2015
Status New Closed
Closed_Date 0000-00-00 00:00:00 2015-06-07 06:21:25
Closed_By geejay101
Build master staging
avatar geejay101 geejay101 - close - 7 Jun 2015

Add a Comment

Login with GitHub to post a comment