I have a similar problem to others I have seen in the boards. I want to limit the views and form acces so that a front end user only sees results that he/she created.

At first I thought I would simply edit the MySql that was generated by JCook regarding a Foreign key link. But I realised that I would not want to limit back-end access by this same rule.

Then I thought I would add in a filter filter field then add in some Userid PHP later to fill in this form and make this filter hidden on the final page. But I realized that was too easy to hack/change just using your browser, and get a full list.

The post by neoneper showed a way forward - maybe this is the best route.

But I wonder if other routes had been tried?

In particular I wonder about using the ACL. After all the Joomla ACL includes 'Edit Own' restriction which might be used to prevent edit Form access except to own files. But of course I want to control Views as well as editing - and Joomla ACL assumes everyone can view all articles (unless they are all created with separete viewing groups).

So it seems a shame but ACL does not seem to be the way forward. Its a shame too because it would have been easier to assign different levels of users for my component - some who could edit own, and some super users who had view/edit rights for a small group of other users.

So I am looking for clues, how best to limit view and edit to owner created for Front End users, and excuse me if this is a built in function (I am new to this) but I can't see a way to pre-filter a view

Hi @mtifinn,

You're right... ACL is the correct path.

In a nutshell, you need to implement the authoring features to achieve this - publishing, created by, modified by, created date, modified date. The rest of the job is mostly done for you thanks to cook's awesome use of the Joomla standards, i.e. providing you with a configuration tab in your component's backend.

Please search for a few variations of 'Edit Own' as I know there are a few detailed threads on the subject.

Hope it helps!

Gez

***ADD
To clarify:
View access and permissions/actions are different:

1. View Access allows/denies users from viewing a particular representation of an object - the view. Each View Access Level can have multi groups associated with it. This can be implemented using the access wizard
2. Permissions on the other hand permit what users can do in your component on a per-user group basis. They can be implemented as per previous post.

Hope it helps!

Gez

Thankyou

From the pits of frustration an hour ago I have just managed how to piece it together to work. Using the ACL to control who sees what, who can edit what and which options appear in Foreign Key lists.

I think I should write a dummies guide before I forget it and as it might help others.

Example:
My component is designed so that front end users can create their own private content - not intended for other users. Back end admin will see all.
My Component allows users to add groupings to their content - they can create groups and sub-groups which can then be selected from drop down lists when editing the main content.

I created my main content table and to allow ACL to work I needed to ensure content was created unpublished (default 0 in the publishing wizard) and I also needed to include both the Access and Joomla User wizards in the table - default settings in both. I created the groups and sub-groups tables too and added the same publishing, Access, and Joomla User wizards to them all. I set foreign key access from Content to Groups, and from Groups to sub-Groups.

I create the views and all works. The ACL control limits access to viewing and editing.

I can edit the ACL settings although I can see that using the default settings an Author can create and edit their own content just like I want. And the options shown to them in the Foreign Index for Group and Sub-Group are those that they created.

Its great - just what i wanted.

Although I have discovered that its very easy to get an article checked out and be unable to clear it. If I edit an article as publisher or super admin it then becomes checked out and I cannot check it back in.

No worries, glad it helped.
mtiffin wrote: There are definitely thorough explanations of how to achieve exactly that here as I remember answering such queries.
mtiffin wrote: This is how checkin works. To clarify, when a user edits a record, it is checked out to prevent others editing the same record. Upon save & close & save & new, it clears the checked-in status thus, allowing other users to edit. I.E., if one clicks edit and their session times out or they click save, the item will remain checked in.

Question:
Do you have the checked in wizard on the table in question?

I'm guessing yes as I don't believe records will get checked in if there is no wizard but I may be wrong. If not, add it and the behaviour should be as expected described above.

There is currently an issue with check-in in modals FYI - see www.j-cook.pro/index.php/forum/new-funct...ue-using-modal-forms

Best wishes,

Gez

Hi

Regarding Checkin and Checkout - I understand how they work. But in my created compenent I seem to be getting a strange behaviour which is not normal (standard Joomla normal).

In my ACL controlled table a usertype Author can create a new record, and view it and edit it. Perfect.

But If I edit the same record as SuperUser (or Publisher) and save it, then the record is not checked back in at all. I had feared/expected that it would check in, but that Author may not have access/view/edit rights anymore. However the actual situation is even worse as the record remains checked out. Author has no access at all to view or edit; and while the Superuser can access and edit, they can never check it in.

As I am in sandbox I don't have access to global check in and can't see a way to fire off component level checkin, so I can't test whether Author could see it if it were checked in.

So their seems to be an issue with checkin if other user than 'creator' edits a record in an ACL controlled table

Hi @mtiffin,

Sure, and just to clarify, the additional details about checkin and its behaviour were for the sake of being precise for future readers as much as anything else. Certainly, there was no presumtion that you didn't know

Do you have the 'edit own' set to 'allow' in the configuration? I can't think of precisely why it should have a bearing but it would be worth trying. Can you confirm that the created_by field maintains the original creator's user id?

Also, can you confirm that you have the created by field correctly linked in the wizard - i.e. that you have a 'joomla user' type field that you use to capture the creators user id is defined in the wizard?

If yes to above, well it is indeed likely a bug. Have you downloaded and tried locally?

If not, please give it a go. BTW, for reference, which project, template & layout?

Also, what version of Joomla have you set to run in sandbox? Is there any difference across versions?

If you can check locally, take a look in the table class' and/or its superclass' checkin/store methods. Unless the behaviour is J! version specific, I suspect that there's a case where the user's group is higher than the creators that is not evaluated correctly to unset the records checked in status.

Hope it helps!

Gez

PS. I'll move to tickets and post to @admin on and depending upon your response to above.

@audibleid : Thank you k++

For the readers, I remember you the formula :

AUTHORING wizard
+ PUBLISHED wizard
+ published = 0 (per default)
+ core.edit=0 (authors group)
+ core.edit.own=1 (authors group)
+ core.view.own = 1 (authors group)
= Only author can see its submissions.

Then, when published = 1, The item becomes public and shared.
For the moment, only core.edit.state can modify published field.

So, cook is missing only one thing it that story :
The core.edte.state.own, which would give the access the the author to publish its own items.

=> The result would be a "Sharing" button and feature.

Thanks for your coments.

Regarding the Checkout issue I have an update and answer to your questions.

Yes, Edit Own is allowed and Joomla users is defined and Created_by id is maintained correctly

I am new to Jcook and am just using a guest account so far, so I have not downloaded locally. I only have project in the system - called Influence. The project is in J3.2
I tried to compile in other versions but got fatal errors so I could not test


I have tested more thoroughly and have discovered a more generalised issue. In that whenever anyone edits I get checkout and I cannot save or cancel to check back in.
So if I create a record the same user can edit, save and edit again. BUT that record is actually checked out as shown in the backend, and remains checked out.

If a record is created by a user, it is stored checked in. A higher user can edit the record at that point - but after saving the record is checked out to them. Therefore the original user cannot see or edit the record.

Hi @mtiffin,

just posted this thread to @admin who will take a look as soon as he possibly can.

Best,

Gez

mtifinn wrote:
This I didn't knew... Are you sure ? I am too busy to try...
For me it seems strange that a higher user can open it.
An admin can uncheck all, this is true. But not edit.

At this point I do not understand if you still have an issue here.
Did you reproduced the formula ?

If you are new in Cook, you should also know that the configuration ACL of your component is lost after regeneration. (Not finished this point)
So, always check your configuration ACL when you test this.

Another point:
In the sandboxes, the users are virtuals, so at one point, the Joomla native ACLs are hacked to pass the control to a virtual list of users. It should not be intrusive for your component, but maybe I have missed something.
It is this plugin wich is sometimes oveloading of messages "You are not allowed to use this component, you can only access to your personal components"

Thanks

I am happy to report the checkin issue is solved

It seems to affect the Sandbox only, and everything works as I would like in the real Component,

Thanks for all your help