New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[modules] - only for superadmin eyes #22239

Merged
merged 5 commits into from Oct 2, 2018

Conversation

Projects
None yet
9 participants
@alikon
Contributor

alikon commented Sep 18, 2018

Pull Request for Issue #22236.

Summary of Changes

  • module mod_latestactions
  • module mod_privacy_dashboard

are for superadmin eyes only

Testing Instructions

see #22236

Expected result

only superadmin can see data

Actual result

administrators can see these 2 privacy tools modules data

alikon added some commits Sep 18, 2018

@Sandra97

This comment has been minimized.

Sandra97 commented Sep 19, 2018

The short link to the Privacy Information Requests should probably also be hidden for non Super Users as they're not allowed to see the screen?
index

@roland-d

This comment has been minimized.

Contributor

roland-d commented Sep 19, 2018

I wonder if we should have a new ACL setting for privacy. In that sense a security officer can have access to this without needing super user priviliges.

@mbabker

This comment has been minimized.

Member

mbabker commented Sep 19, 2018

I wonder if we should have a new ACL setting for privacy. In that sense a security officer can have access to this without needing super user priviliges.

You can't without having potential ACL bypass scenarios come up for that role. See #20281 (comment) for additional details.

@brianteeman

This comment has been minimized.

Contributor

brianteeman commented Sep 25, 2018

I have tested this item successfully on 8dfb8ff


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/22239.

@csthomas

This comment has been minimized.

Contributor

csthomas commented Sep 25, 2018

I have tested this item successfully on 8dfb8ff

At the moment it's OK, but in the future there should be a more advanced solution.


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/22239.

@Quy

This comment has been minimized.

Contributor

Quy commented Sep 25, 2018

RTC


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/22239.

@joomla-cms-bot joomla-cms-bot added the RTC label Sep 25, 2018

@Quy

This comment has been minimized.

Contributor

Quy commented Sep 25, 2018

@alikon Please merge alikon#46 to fix the issue pointed out by @Sandra97 Thanks

Merge pull request #46 from Quy/patch-15
Hide quick icon if not super admin
thank you @Quy
@alikon

This comment has been minimized.

Contributor

alikon commented Sep 25, 2018

thank you @Quy merged
please @Sandra97 et all re-test

@Quy

This comment has been minimized.

Contributor

Quy commented Sep 25, 2018

Remove RTC


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/22239.

@joomla-cms-bot joomla-cms-bot removed the RTC label Sep 25, 2018

@Sandra97

This comment has been minimized.

Sandra97 commented Sep 25, 2018

I have tested this item successfully on 71f57b5

All works fine for me.
Good bye "unknown requests" for non Super Users;)
Thanks Nicola.


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/22239.

@infograf768

This comment has been minimized.

Member

infograf768 commented Sep 26, 2018

I have tested this item successfully on 71f57b5


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/22239.

@infograf768

This comment has been minimized.

Member

infograf768 commented Sep 26, 2018

Note: it works but an administrator may still edit the modules themselves

@csthomas

This comment has been minimized.

Contributor

csthomas commented Sep 26, 2018

IMO this solution is temporary.

There should be a permission table who can create module, who edit, etc.
Similar to components, we need access.xml for modules.

@infograf768 infograf768 added the RTC label Sep 26, 2018

@infograf768

This comment has been minimized.

Member

infograf768 commented Sep 26, 2018

RTC


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/22239.

@mbabker mbabker added this to the Joomla 3.9.0 milestone Oct 2, 2018

@mbabker mbabker merged commit 9a4892e into joomla:staging Oct 2, 2018

5 checks passed

Hound No violations found. Woof!
JTracker/HumanTestResults Human Test Results: 2 Successful 0 Failed.
Details
continuous-integration/appveyor/pr AppVeyor build succeeded
Details
continuous-integration/drone/pr the build was successful
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

@joomla-cms-bot joomla-cms-bot removed the RTC label Oct 2, 2018

@alikon alikon deleted the alikon:patch-108 branch Oct 2, 2018

@ggppdk ggppdk referenced this pull request Nov 5, 2018

Closed

Privacy component ACL #22924

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment