Fix tag selector not respecting current users view levels #16173
Conversation
|
hi, please consider a super user should view all tags in any view acess level, even if super user is not in that view acess level. check this: in joomla 3.7.1 install + this code, create a tag with guest acess level, then try to assign that tag in a article as a super user and save - not saved! - similer issue in categories described in #15960 (comment) |
|
The notion of a super user doesn't exist in the view access levels (weirdly enough). So I wouldn't suggest a patch that forces that ACL config into an incompatible system, and if we're going to make such a change it needs to be looked at as a bigger picture review of the whole system. |
|
this exists in joomla as explained. check this links: |
|
That's bypassing the view access level configuration completely. My statement still stands, the notion of a super user doesn't exist in this part of Joomla. Since viewing access levels is not part of the ACL system, the only way to get a "super user should view all tags in any view acess level, even if super user is not in that view acess level" type of behavior is to use the ACL system to determine if viewing access level filters should be bypassed. The system design has to be changed. Either a "super user" element has to be added to the view access level configuration somehow, or |
|
Agreed, but what you suggest cannot be done in this PR. |
|
don't understand much of joomla internals to know best way to do. also seem similer problem to other groups if you create a article with tag (or category in the other issue) with acess "Guest" and edit that article later with another group "Administrator" - when you try to save the tag (or category in the other issue) disapeears on save! |
You're right. The only way around this issue right now is to continue to patch core with the view access level bypass/hack that is so liberally used in place of someone trying to address the core design flaw. To meet the user expectation that a super user should have all access to all the things, |
|
I have tested this item 🔴 unsuccessfully on 114b2e8 This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/16173. |
|
hhmm it seems my code to check and keep existing values is incomplete, i will test and update this PR |
|
It has been seven months since the last update stating that an update was coming. As that hasnt happened I am closing this. It can always be re-opened if updated |
Pull Request for Issue #8569
Part of this code is by @zero-24 from PR: #15467
Summary of Changes
Tag selector respects the user's view levels
while at the same time it maintains the existing values
Please read issue #8569 to know more
Note 1: I have not tested this PR (yet)
Note 2: This PR does not include server side validation of the view access levels (yet, you can suggest place to save me some time, i can do when i get time for it)
Testing Instructions
Create a TAG in the Tags component, set the access to Super Users
Login in as a manager or another user not in Super User group
Create new article and select Tags
Expected result
The tag with view access Super Users is not visible (for non superusers)
Actual result
All tags visible, regardless of access set in Tag component (for non superusers)
Documentation Changes Required
New protected method prepareValues() added to class JFormFieldTag