Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: [FIXED] Created By => Allow User View

Created By => Allow User View 02 Jul 2013 07:21 #7798

  • jcbenton
  • jcbenton's Avatar
  • Offline
  • Premium Member
  • Posts: 125
  • Thank you received: 9
  • Karma: 3
Hello,

I brought this up last year and we came up with a work-around, but I am wondering if in v2.5 of Jcook if this is possible:

Backend:
- Create item and assign "Created By" to Joomla User

Frontend:
- Fly view => User can view their own items (Created By) and download the attached file.


This would preferably be without having to change Joomla ACL's.


Ideas?
--
Jerry Benton
The administrator has disabled public write access.

Created By => Allow User View 04 Jul 2013 19:55 #7874

  • admin
  • admin's Avatar
  • Offline
  • Administrator
  • Chef
  • Posts: 3711
  • Thank you received: 987
  • Karma: 140
This is already possible.
You only need to config your users as 'Edit Own'.
When created_by refers to the user, it is the same if the physically created it.

It seems that few users still have ACL problems, but I cannot reproduce any bug at this level
For me all is working fine at this level.
Coding is now a piece of cake
The administrator has disabled public write access.

Created By => Allow User View 06 Jul 2013 02:21 #7887

  • BTB300
  • BTB300's Avatar
  • Offline
  • Moderator
  • Posts: 415
  • Thank you received: 132
  • Karma: 47
admin wrote:
It seems that few users still have ACL problems, but I cannot reproduce any bug at this level
For me all is working fine at this level.
Hi Admin,
I found a small issue in the ACLs - perhaps this may be similar to what others are experiencing

If the users view access level is lower than saved records view access level AND the users that have view own / edit own / delete own permissions

One might argue that if the record has a higher access level than a lower level user they should not be able to view / edit / delete but should the view own / edit own / delete own permissions override if they are set to allow?

(Tested on Joomla 2.5 build)

Registered User is given the following ACL permissions
Configure - Not Allowed
Access Admin Interface - Not Allowed
Create - Not Allowed
Delete - Not Allowed
Edit - Not Allowed
Edit State - Allowed
View own - Allowed
Edit own - Allowed
Delete own - Allowed

Case Study
lets say the registered user is an employee and he /she posts a private message to their manager
the employee can publish, archive, delete and edit their own posts
the manager can see all posts from employees
other employees can only see their own posts

The Current ACLs prevent the Author from seeing / editing their own records If the record access level is higher than the users view access level

By Definition of the ACL configuration above this user should be able to view, edit, delete, and change state (published, archived, trashed) of all their items

BUT because they are not part of the managers ACL group
- they can not see their private message
- they can not edit their private message
- they can not delete their private message

Here is how i fixed it (there may be a cleaner way)

Allowing the user to see their own post
in the Model
component_name/model/tablename.php or administrator/component_name/model/tablename.php
// WHERE : Implement View Level Access
if (!$acl->get('core.admin'))
{
	// HACK -------------------------------------------------------------------------
	//Allow the author to see its own unpublished/archived/trashed items
        // when in lower Viewlevel group
	$allowAuthor = '';
	if ($acl->get('core.edit.own') || $acl->get('core.view.own'))
		$allowAuthor = ' OR a.created_by = ' . (int)JFactory::getUser()->get('id');
		
	// end hack ----------------------------------------------------------------------
	$groups	= implode(',', JFactory::getUser()->getAuthorisedViewLevels());
	$query->where('a.access IN ('.$groups.')'.$allowAuthor); // ------ HACK TO ADD AUTHOR ------
	
}
The user can now see all of their records but where the view access level is manager
the tool bar buttons edit and delete are displayed
BUT they can not see (in the record grid)
- checkbox
- edit button
- delete button
- unpublish button
Also in the grid
- trash button (is displayed and if you select it it prompts "are you sure you want to trash?" but does nothing if selecting ok)
- publish button (displayed but nothing happens when pressed)
- default button (displayed but nothing happens when pressed)
- archive button (displayed but nothing happens when pressed)
- published icon (displayed - unsure if it toggles dont think i set it)

Allowing the user to edit their record
in administrator/components/com_mycomponent/classes/models/item.php
public function canEdit($record, $testNew = false)
{
	$acl = BtbtasksHelper::getActions();

	//Create instead of Edit if new item
	if($testNew && empty($record->id))
		return self::canCreate();

	//Check if can access
	if (!$this->canAccess($record))
	{  // hack dont forget braces

		// hack  -------------------------------------------------------------------------
                // to allow user to edit record when in lower Viewlevel group
 		//Check Author here
		if ($acl->get('core.edit.own'))
		{
			if ($this->isAuthor($record))
				return true;
		} 
               // end hack ----------------------------------------------------------------------
		
		return false;

	}       // hack dont forget braces

	//Check if already edited
	if (!$this->canCheck($record))
		return false;
       ..........
       ..........
       ..........
Now the user can see in the grid and use
- check box
- edit button on toolbar and grid
State Buttons All visable and now indicate "edit state is not permitted you are not authorised to view this resource"
Missing Buttons
- delete button missing from the grid
- Delete from the toolbar indicates "you are not authorised to view this resource"

Allowing the user to the delete their private message
Again in the administrator/components/com_mycomponent/classes/models/item.php
public function canDelete($record)
{
	$acl = BtbtasksHelper::getActions();

	//Check if can access
	if (!$this->canAccess($record))
       { // hack dont forget braces

		// HACK ----------------------------------------------------------------------
		//Check Author has delete own permission
		if ($acl->get('core.delete.own'))
		{
			if ($this->isAuthor($record))
			return true;
		}
		// End Hack ------------------------------------------------------------------
		return false;
	} // hack dont forget braces

	//Check if already edited
	if (!$this->canCheck($record))
		return false;
       .................
       ....................
       .......................

The User Can Now Successfully Delete the record and the grid icon works
edit state tasks "still prompt edit state is not permitted...."

Allowing the user to edit state
Again in the administrator/components/com_mycomponent/classes/models/item.php
public function canEditState($record)
	{
		$acl = BtbtasksHelper::getActions();

		//Check if can access
		if (!$this->canAccess($record))
		{ // hack dont forget braces

		// hack  -------------------------------------------------------------------------
                // to allow user to edit record when in lower Viewlevel group
 		//Check Author here
		if ($acl->get('core.edit.state'))
		{
			if ($this->isAuthor($record))
				return true;
		} 
               // end hack ----------------------------------------------------------------------
			return false;
		} // hack dont forget braces

		//Check if already edited
		if (!$this->canCheck($record))
			return false;
                ................
                ................
                .................

The user is now able successfully use the...
- trash button
- unpublish button
- publish button
- archive button
- Default Button

PUBLISHED FIELD
- Archive Button (did notice it displays two archived buttons)
- i did catch a 2 in the published field once (should have been -2) unsure how it got there seems to work now?

The Default Field icon is yellow star for 0 and displays no icon for 1 so user cant toggle back

Have not tested checkin / checkout

Any Hope it Helps
Last Edit: 06 Jul 2013 08:45 by BTB300. Reason: Typos
The administrator has disabled public write access.
The following user(s) said Thank You: admin

Created By => Allow User View 08 Jul 2013 05:48 #7907

  • BTB300
  • BTB300's Avatar
  • Offline
  • Moderator
  • Posts: 415
  • Thank you received: 132
  • Karma: 47
Hi Admin
Its been a long weekend Cooking a solution for apparent access issues

But i finally have a solution on the way and thanks to the fork file you can test both my proposed solution and the current version

I think some users are expecting that a specific user group can be assigned to core.edit, core.delete, core.view.own.....
As i mentioned in an earlier post i have noticed that if that user is in a lower access level than the record there is problems arising from acl

anyhow stay tuned
The administrator has disabled public write access.

Created By => Allow User View 08 Jul 2013 23:10 #7920

  • admin
  • admin's Avatar
  • Offline
  • Administrator
  • Chef
  • Posts: 3711
  • Thank you received: 987
  • Karma: 140
Hi BTB,

I will read all this as soon as possible. Looks amazing. Thank you so much.
K++
Coding is now a piece of cake
The administrator has disabled public write access.

Created By => Allow User View 09 Jul 2013 08:52 #7925

  • BTB300
  • BTB300's Avatar
  • Offline
  • Moderator
  • Posts: 415
  • Thank you received: 132
  • Karma: 47
Hi admin will send you an email shortly with my component and my forked changes that way you can review before changing generated code

The above is not all changes needed

Have sorted out view level access and explicit user permissions and have discovered why issues may arise with acl in downloaded component but not in sandbox

Just marking up a few changes send to you soon
The administrator has disabled public write access.

Created By => Allow User View 09 Jul 2013 10:42 #7927

  • admin
  • admin's Avatar
  • Offline
  • Administrator
  • Chef
  • Posts: 3711
  • Thank you received: 987
  • Karma: 140
Yes, thanks.
I am actually sorting this out.

Very good work actually. Thanks.
Coding is now a piece of cake
The administrator has disabled public write access.

Created By => Allow User View 10 Jul 2013 20:18 #7929

  • BTB300
  • BTB300's Avatar
  • Offline
  • Moderator
  • Posts: 415
  • Thank you received: 132
  • Karma: 47
Admin check your email - sent you the component and files that I forked ( finally finished after finding some glitches along the way)

Might save you some time ;)
The administrator has disabled public write access.

Created By => Allow User View 10 Jul 2013 20:56 #7931

  • VeCrea
  • VeCrea's Avatar
  • Offline
  • Platinum Member
  • Absolute JCook fan
  • Posts: 473
  • Thank you received: 100
  • Karma: 30
I hear $k = $k+20 coming ;)
The administrator has disabled public write access.

Created By => Allow User View 15 Jul 2013 06:56 #10465

  • jcbenton
  • jcbenton's Avatar
  • Offline
  • Premium Member
  • Posts: 125
  • Thank you received: 9
  • Karma: 3
So, long post short ....

Does this work now or ... ?
--
Jerry Benton
The administrator has disabled public write access.

Created By => Allow User View 15 Jul 2013 07:00 #10466

  • jcbenton
  • jcbenton's Avatar
  • Offline
  • Premium Member
  • Posts: 125
  • Thank you received: 9
  • Karma: 3
Based on the tests I just ran, the answer would be no.
--
Jerry Benton
The administrator has disabled public write access.

Created By => Allow User View 16 Jul 2013 01:10 #10473

  • admin
  • admin's Avatar
  • Offline
  • Administrator
  • Chef
  • Posts: 3711
  • Thank you received: 987
  • Karma: 140
I am working on this.

A good rewrite in the functions :
canEdit()
canView()
isAuthor()
...

Please be patient.
Coding is now a piece of cake
The administrator has disabled public write access.

Created By => Allow User View 30 Jul 2013 05:17 #10626

  • admin
  • admin's Avatar
  • Offline
  • Administrator
  • Chef
  • Posts: 3711
  • Thank you received: 987
  • Karma: 140
This is fixed.


@BTB300 : K+++++++ !
Coding is now a piece of cake
Last Edit: 30 Jul 2013 05:18 by admin.
The administrator has disabled public write access.

Created By => Allow User View 30 Jul 2013 13:08 #10629

  • BTB300
  • BTB300's Avatar
  • Offline
  • Moderator
  • Posts: 415
  • Thank you received: 132
  • Karma: 47
Admin K++ as well
Have checked the code out and you have done a great job of cleaning up my suggestion
The administrator has disabled public write access.

Created By => Allow User View 03 Aug 2013 23:31 #10671

  • jcbenton
  • jcbenton's Avatar
  • Offline
  • Premium Member
  • Posts: 125
  • Thank you received: 9
  • Karma: 3
Can you please explain how this is supposed to work? It still dos not work in the sandbox. Here is what I did:

- Create new project
- Create new Table
- Add author Wizard, add "Created By"
- Add a string (just to have some data type)
- Create form views for admin
- Run in sandbox
- Create item, select the user to assign to, save

The item still gets created as being owned by "super admin"
--
Jerry Benton
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.095 seconds

Get Started