Joomla! Issue Tracker | Joomla! CMS #8083 - Prevent create categories in first level if user is not allowed

Closed
7 May 2016
Medium
Build: staging
# 8083
Diff
n9iels:com-categories-acl

Pending

Pending continuous-integration/travis-ci/pr The Travis CI build is in progress Details

Pull Request for # 8069

User tests: Successful: Unsuccessful:

n9iels
13 Oct 2015

This PR will fix a part of the issues described in #8069

The issue

A user with ACL right to create, delete, edit, edit State, edit own in a specified category can also create new categories on the first level. (no parent)

How to test

Create a usergroup with registered as parent
Select that group in the "Special" view/access level
In Global configuration, allow Administrator Login for this group
In the Global options of Articles, Categories and Featured Articles set "Access Administrator interface" to Allowd for that group
Create a new category and set the permissions of hat categories for the new user group for the following item on allowed:
- Create
- Delete
- Edit
- Edit state
- Edit Own
Create a new user for the created user group
Login with the user on the back-end
Click on the create button and notice you can create a category for "no parent"
Apply patch, and notice you can't create categories for "no parent" any more

Note

Can someone please review if this is a good solution? I know it solves the issue, but I don't know exactly why that piece of code was placed

4f50046 13 Oct 2015

Prevent create categories in first level if user is not allowed

n9iels - open - 13 Oct 2015

n9iels - change - 13 Oct 2015

Status

New

⇒

Pending

joomla-cms-bot - change - 13 Oct 2015

Labels

Added: ?

zero-24 - change - 13 Oct 2015

Category

⇒

Administration UI/UX

zero-24 - change - 13 Oct 2015

Rel_Number	0	⇒	8069
Relation Type		⇒	Pull Request for
Easy	No	⇒	Yes

zero-24 - comment - 13 Oct 2015

@n9iels that code was added here by @sanderpotjer see #3401

_{This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/8083.}

n9iels - comment - 13 Oct 2015

@zero-24 thanks, I couldn't find that.

Difficult situation, the solution of #3401 cause this one.
So we have to find a solution that makes sure that:

Level 0 will not unset if the the parameter "Create" is set on allowed in: Article -> Permissions
Level 0 will unset in other situations (assuming that creating categories on level 0 is only allowed when you have full create access)

Webdongle - test_item - 13 Oct 2015 - Tested successfully

Webdongle - comment - 13 Oct 2015

I have tested this item successfully on 4f50046

Works as expected ... Prevents users creating Categories outside of the hierarchy of the Category they have Edit Permission for

_{This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/8083.}

Webdongle - test_item - 13 Oct 2015 - Tested successfully

n9iels - comment - 13 Oct 2015

@Webdongle Thanks for testing! But it seems like the solution for this issue is not ready yet. Please test again when we have good solution :)

Webdongle - comment - 13 Oct 2015

OK ... as soon as I get the email will test it

zero-24 - change - 20 Oct 2015

Status	Pending	⇒	Needs Review
Easy	Yes	⇒	No

designbengel - comment - 24 Oct 2015

I can´t access anything to create content (before applying the patch)

_{This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/8083.}

roland-d - comment - 14 Apr 2016

Hello @n9iels

Thank you for your contribution.

The last comment here was on 24th October 2015. So the question is, Is this issue/pull request still valid?
If no reply is received within 4 weeks we will close this issue.

Thanks for understanding!

_{This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/8083.}

roland-d - change - 7 May 2016

Status

Needs Review

⇒

Confirmed

roland-d - comment - 7 May 2016

No need for PLT to decide here yet. I have contacted Niels and asked him to update this issue. Let's wait a bit longer before closing this.

_{This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/8083.}

aa44ce9 7 May 2016

Merge branch 'staging' into com-categories-acl

joomla-cms-bot - comment - 7 May 2016

This PR has received new commits.

CC: @Webdongle

_{This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/8083.}

a319350 7 May 2016

Merge branch 'staging' into com-categories-acl

joomla-cms-bot - comment - 7 May 2016

This PR has received new commits.

CC: @Webdongle

_{This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/8083.}

051de3c 7 May 2016

New fix because the other one cause a conflict with another PR

5fe2931 7 May 2016

Solve conflicts

joomla-cms-bot - comment - 7 May 2016

This PR has received new commits.

CC: @Webdongle

_{This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/8083.}

5955b04 7 May 2016

Merge branch 'staging' of https://github.com/joomla/joomla-cms into com-categories-acl

joomla-cms-bot - comment - 7 May 2016

This PR has received new commits.

CC: @Webdongle

_{This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/8083.}

brianteeman - change - 7 May 2016

Status

Confirmed

⇒

Pending

n9iels - comment - 7 May 2016

Ignore the commit, there is on this moment no solution for this problem. Because the - no parent - (level 0) has no access right. So $user->authorise() can't determine if the current has is allowed to edit this level.

I close this PR now.

n9iels - close - 7 May 2016

n9iels - change - 7 May 2016

Status	Pending	⇒	Closed
Closed_Date	0000-00-00 00:00:00	⇒	2016-05-07 14:54:12
Closed_By		⇒	n9iels

Add a Comment

Older
Newer

Joomla! Issue Tracker - CMS

[#8083] - Prevent create categories in first level if user is not allowed

The issue

How to test

Note

Add a Comment