[#7353] - Remove uneeded ACL checks in template manager
- Closed
- 10 Jul 2015
- Medium
- Build: staging
- Easy Test
- # 7353
- Diff
- Bakual:FixTemplatemanagerACL
- Success The Travis CI build passed Details
User tests: Successful: Unsuccessful:
Issue
Currently, the template manager will refuse access if you don't have core.admin permissions in the template manager. This is due to some pointless check done in the extension entry point. If any of the checks core.manager, core.edit, core.create or core.admin fails, access is refused.
The original plan was probably to fail if all of those checks fail, but it was written wrong.
Solution
This PR brings the checks in line with other backends where we only check for core.manage. Additional checks are performed already in the various tasks to make sure appropriate ACL checks are performed when needed.
Testing
- Create a user which has access to the template manager but is not able to change the permissions in there.
- Currently access will be refused.
- After applying this PR access will be granted. Depending on the permissions the user will be allowed to create/edit/whatever in the manager.
Note
Access to any file modification tasks (create overrides, edit files, ...) is restricted to global SuperUsers only. This is expected behavior as you can't really restrict a users permissions if that user has access to the files.
| Status | New | ⇒ | Pending |
joomla-cms-bot
- | Labels |
Added:
?
|
||
First of all, you should be able to create a user which is for example allowed to "create" and "edit", but not allowed to edit the options and permissions.
Currently that user will not be able to access the template manager at all. After this PR he will be able to access it.
From there, the "create" permission should allow him to duplicate (create) a template style and "edit" to edit the style.
The ACL rules only apply to template styles.
The template file editing is restricted hardcoded to global super user only due to security. Any other usergroup will only see the description and the preview button.
Hope that explains it better. If not, feel free to ask again 
| Category | ⇒ | ACL Administration |
| Easy | No | ⇒ | Yes |
| Milestone |
Added: |
||
Good change, thank you @Bakual!
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/7353.
Works for me
| Status | Pending | ⇒ | Ready to Commit |
RTC Thanks
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/7353.
| Labels |
Added:
?
|
||
rdeutz
- | Status | Ready to Commit | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2015-07-10 19:01:21 |
| Closed_By | ⇒ | rdeutz |
| Labels |
Removed:
?
|
||
Sorry for being thick but I dont see how to test