New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[ACL] Don't explicit add the parent asset permissions on creating a new item + other issues #10894
Conversation
I have tested this item ✅ successfully on 58adad0 The 4 described scenarios are the ones we have in play as far as I can see. Although a 5th scenario could be added that is for Super Users as they don't play by any rule but their own ;) Job well done. This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/10894. |
We could set it RTC but better, as for the other one, get more testers on this. |
If you would wait a day and i would like to test this too |
I have tested Test 1 and Test 2 -> 1 without applying patch and found it is already working. using the staging branch. |
Also tested but didn't verify as wasn't clear on difference before or after patch, seemed to be same. Now @pritalpatel has confirmed my suspicion and quelled my confusion. Think test script: Should read: This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/10894. |
@pritalpatel @Bodge-IT yes Test 2, part 1, 2 and 3 shoudl already work fine in current staging. The reason i ask to test all the ACL inheritance system is, is because this PR rewrotes some part of the code that affect those parts, and those tests are to make sure there are no regressions on this. If you already made all tests with success please mark them as tested successfully.
updated |
I have tested this item ✅ successfully on 58adad0 This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/10894. |
I have tested this item ✅ successfully on 58adad0 Did not review code as per test 3. I'm not a coder. This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/10894. |
@ggppdk |
I have tested this item ✅ successfully on 58adad0 This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/10894. |
I have tested this item ✅ successfully on 58adad0 This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/10894. |
RTC. Thanks to all. This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/10894. |
While testing first Step after applying patch found JLIB_RULES_NOT_ALLOWED_INHERITED language variable missing. Without patch language variable working fine. This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/10894. |
I have tested this item ✅ successfully on 58adad0 In Test 2: Testing ACL asset/groups Inheritance found JLIB_RULES_NOT_ALLOWED_DEFAULT, JLIB_RULES_NOT_ALLOWED_INHERITED, JLIB_RULES_ALLOWED_INHERITED missing language variables. This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/10894. |
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/10894. |
It is not a successful test then On 24 June 2016 at 13:54, RonakParmar notifications@github.com wrote:
Brian Teeman |
Given steps are working fine as described. So, I have made it successful test. |
@RonakParmar are you using the latest staging? Those language vars were added in a recent PR. See |
If you are seeing untranslated strings then it is not a successful test |
Here is my System Information: Joomla! Version : Joomla! 3.6.0-beta2-dev Development [ Noether ] 9-June-2016 12:33 GMT This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/10894. |
@andrepereiradasilva Thank you to update me, I have downloaded current staging branch zip and installed in my system, Language variable are working fine with latest zip. |
ok thanks. so all ok. |
As an additional info, please notice this PR, as it is, also solves a regression from latest ACL PR (already merged). To check it do the following. Use a clean 3.5.1 install
Do the same steps on Joomla staging (check the calculated permission is "Allowed"). Apply patch, check the calculated permission is "Not Allowed (Locked)". |
Thanks guys |
Pull Request for ACL Issues (part 2).
Summary of Changes
What this PR does:
To get the explicit item ACL permission in a item <-> section(s) <-> component <-> global config scenario i had to change JAccess::getAssetRules() behaviour.
Mantainers before merging please confirm this is correct and will not have side effects.
Information: ACL Inheritance Scenarios
There are four ACL Asset Inheritance scenarios:
(ex: article <-> category <-> com_content <-> global config)
(ex: category <-> com_content <-> global config)
(ex: com_content <-> global config)
Besides inheriting from the asset(s), ACL also inherits from parent User Group(s).
Mantainers please confirm this are the scenarios at play.
Testing Instructions
Pre-requisites
Use latest staging.
Clean install.
Test 1: Testing default ACL Inheritance on creating a new iitem
This tests creating a new item without explicit inhreting permissions
Note: You can also check that before the patch the item(s) have explicity "Allowed" or "Denied" permission on create.
Test 2: Testing ACL asset/groups Inheritance
This test should be made in sequence.
1: This tests Global config child groups Inherit
2: This tests Global config -> Component Inherit
3: This tests Global config -> Component -> Item Inherit
4: This tests Global config -> Component -> Section -> Item Inherit
You can and should make other tests to confirm all is ok.
Test 3: code review
Do a code review.
Still known issues (that will not be solved by this PR)
1: When creating a new item (not saving) it uses the calculated permissions from the component (item <-> component <-> global config).
But if we have a section too (item <-> section(s) <-> component <-> global config) this is not correct.
This is a incorrect info bug.
2: In "1:", it uses the component permission, but should use the calculated permissions for achild of the component/section.
This is a incorrect info bug.
3: If a component as a permission that doesn't exists in global config (ex: frontend editing in com_modules) by default we get "Not Allowed (Inherited)" when we should get "Not Allowed (Default)".
In resume, if doesn't exist in the parent asset it can't Inherit from it.
This is a incorrect info bug.
4: When changing a permission of an item that doesn't have a row in the asset table the row a new row is created.
This works fine for item <-> component <-> global config scenario and component <-> global config scenario.
But doesn't work properly for item <-> section(s) <-> component <-> global config scenario because a wrong parent asset id (the component) is stored.
This is a incorrect ACL bug, happens when there is no row in the asset table (ex: deleted or not created on update).
Note: This known issues are marked in comments as todo in the code.
@infograf768 @roland-d thanks for all your help on checking this.
And please check.