Remove uneeded ACL checks in template manager #7353
Conversation
|
Sorry for being thick but I dont see how to test
|
|
First of all, you should be able to create a user which is for example allowed to "create" and "edit", but not allowed to edit the options and permissions. The template file editing is restricted hardcoded to global super user only due to security. Any other usergroup will only see the description and the preview button. Hope that explains it better. If not, feel free to ask again 😄 |
|
Good change, thank you @Bakual! This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/7353. |
|
Works for me |
|
RTC 😄 Thanks This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/7353. |
Remove uneeded ACL checks in template manager
Issue
Currently, the template manager will refuse access if you don't have
core.adminpermissions in the template manager. This is due to some pointless check done in the extension entry point. If any of the checkscore.manager,core.edit,core.createorcore.adminfails, access is refused.The original plan was probably to fail if all of those checks fail, but it was written wrong.
Solution
This PR brings the checks in line with other backends where we only check for
core.manage. Additional checks are performed already in the various tasks to make sure appropriate ACL checks are performed when needed.Testing
Note
Access to any file modification tasks (create overrides, edit files, ...) is restricted to global SuperUsers only. This is expected behavior as you can't really restrict a users permissions if that user has access to the files.