?
avatar Ruud68
Ruud68
30 Oct 2015

Hi,
Just ran into the following issue on Joomla 3.4.5
I have a user account 'Ruud' who has 'author' rights. when logged in as Ruud I can create and edit (my own) articles. So far so good.
Now when in the article editor on the front-end when I am logged in as Ruud and press the versions button, the modal pop ups giving me a 500 server error. Investigating this error gives me the following call stack information:

Call stack	
#		Function		Location	
1		JApplicationCms->execute()		/var/www/html/och_test/index.php:45	
2		JApplicationSite->doExecute()		/var/www/html/och_test/libraries/cms/application/cms.php:252	
3		JApplicationSite->dispatch()		/var/www/html/och_test/libraries/cms/application/site.php:230	
4		JComponentHelper::renderComponent()		/var/www/html/och_test/libraries/cms/application/site.php:191	
5		JComponentHelper::executeComponent()		/var/www/html/och_test/libraries/cms/component/helper.php:372	
6		require_once()		/var/www/html/och_test/libraries/cms/component/helper.php:392	
7		require_once()		/var/www/html/och_test/components/com_contenthistory/contenthistory.php:18	
8		JControllerLegacy->execute()		/var/www/html/och_test/administrator/components/com_contenthistory/contenthistory.php:19	
9		JControllerLegacy->display()		/var/www/html/och_test/libraries/legacy/controller/legacy.php:728	
10		ContenthistoryViewHistory->display()		/var/www/html/och_test/libraries/legacy/controller/legacy.php:690	
11		JError::raiseError()		/var/www/html/och_test/administrator/components/com_contenthistory/views/history/view.html.php:43	
12		JError::raise()		/var/www/html/och_test/libraries/legacy/error/error.php:254

As it turns out, I can reproduce this error on other Joomla websites (also with 3.4.5)
When I give Editor rights to user Ruud, the popup shows the correct versions information. Reverting the editor rights (so only author) for user Ruud, the error 500 is displayed again :(

I am not a developer but do have test environment(s) and have time to help out in any way :)
Hope this helps!

avatar Ruud68 Ruud68 - open - 30 Oct 2015
avatar Bakual
Bakual - comment - 30 Oct 2015

There was a security issue in previous Joomla versions. With Joomla 3.4.5 there is now an ACL check for accessing the versioning component which requires edit permissions. so far that sounds like expected behaviour (given the background).
I guess we need to implement the edit.own into the ACL check, or we just hide the version button for anyone not having edit permissions.

avatar Ruud68
Ruud68 - comment - 30 Oct 2015

Hi, thanks. I didn't now these details :)
although expected, it is a functionality used by our bloggers very frequently (Now they call me to give them an overview of what I (site maintainer) changed to their blogs. With the versions they could see for them selves AND they could learn what to do different the next time :)

So my suggestion would be to implement :)

avatar zero-24 zero-24 - change - 30 Oct 2015
Status New Confirmed
Labels Added: ?
avatar zero-24 zero-24 - change - 30 Oct 2015
Category Administration
avatar thongredweb
thongredweb - comment - 6 Nov 2015

After digg on this bug, I found that: There could not an bug.

In scenario of Ruud68, he forget to set permission for "Author" group to enable "core.edit" permission. Default, this group just have "core.create" permission for Article.


This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/8216.

avatar Ruud68
Ruud68 - comment - 6 Nov 2015

Hi, thanks for looking into this
I have set acl group to author (default joomla group): in articles this group has both create and edit own rights.

from the documentation:
Author - This group allows a user to post content, usually via a link in the User Menu. They can submit new content, select options to show the item on the front page and select dates for publishing but they cannot directly publish any content. When content is submitted by an Author level user, they receive the message, “Thanks for your submission. Your submission will now be reviewed before being posted to the site.” They can edit only their own articles but only when that article has been published and is visible.

When I set edit group as well, they cannot only edit their own but also other peoples articles (and that is not what you want)
from the documentation:
Editor - This group allows a user to post and edit any (not just their own) content item from the Frontend. They can also edit content that has not been published. If your site uses the default installation’s menu option “News”, which is a Table List – Content Section type, Editors will see unpublished articles in the list that they can select for editing, where as an Author or Public (unregistered) user will not even see the unpublished items in the list. Still, Editor users cannot, publish or change the publishing status of any articles, even their own.

avatar brianteeman brianteeman - change - 10 Mar 2016
Category Administration ACL Administration
avatar tonypartridge
tonypartridge - comment - 3 Jun 2017

Looking into


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/8216.

avatar tonypartridge
tonypartridge - comment - 3 Jun 2017

Cannot replicate on Joomla! 3.7.2

Please close @nibra


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/8216.

avatar franz-wohlkoenig franz-wohlkoenig - change - 3 Jun 2017
Status Confirmed Closed
Closed_Date 0000-00-00 00:00:00 2017-06-03 13:31:41
Closed_By franz-wohlkoenig
avatar joomla-cms-bot joomla-cms-bot - edited - 3 Jun 2017
avatar joomla-cms-bot joomla-cms-bot - change - 3 Jun 2017
The description was changed
Closed_Date 2017-06-03 13:31:41 2017-06-03 13:31:42
Closed_By franz-wohlkoenig joomla-cms-bot
avatar joomla-cms-bot joomla-cms-bot - close - 3 Jun 2017
avatar franz-wohlkoenig
franz-wohlkoenig - comment - 3 Jun 2017

closed as mentioned above.


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/8216.

avatar joomla-cms-bot
joomla-cms-bot - comment - 3 Jun 2017

Add a Comment

Login with GitHub to post a comment