Hello,

I brought this up last year and we came up with a work-around, but I am wondering if in v2.5 of Jcook if this is possible:

Backend:
- Create item and assign "Created By" to Joomla User

Frontend:
- Fly view => User can view their own items (Created By) and download the attached file.


This would preferably be without having to change Joomla ACL's.


Ideas?

This is already possible.
You only need to config your users as 'Edit Own'.
When created_by refers to the user, it is the same if the physically created it.

It seems that few users still have ACL problems, but I cannot reproduce any bug at this level
For me all is working fine at this level.

admin wrote: Hi Admin,
I found a small issue in the ACLs - perhaps this may be similar to what others are experiencing

If the users view access level is lower than saved records view access level AND the users that have view own / edit own / delete own permissions

One might argue that if the record has a higher access level than a lower level user they should not be able to view / edit / delete but should the view own / edit own / delete own permissions override if they are set to allow?

(Tested on Joomla 2.5 build)

Registered User is given the following ACL permissions
Configure - Not Allowed
Access Admin Interface - Not Allowed
Create - Not Allowed
Delete - Not Allowed
Edit - Not Allowed
Edit State - Allowed
View own - Allowed
Edit own - Allowed
Delete own - Allowed

Case Study
lets say the registered user is an employee and he /she posts a private message to their manager
the employee can publish, archive, delete and edit their own posts
the manager can see all posts from employees
other employees can only see their own posts

The Current ACLs prevent the Author from seeing / editing their own records If the record access level is higher than the users view access level

By Definition of the ACL configuration above this user should be able to view, edit, delete, and change state (published, archived, trashed) of all their items

BUT because they are not part of the managers ACL group
- they can not see their private message
- they can not edit their private message
- they can not delete their private message

Here is how i fixed it (there may be a cleaner way)

Allowing the user to see their own post
in the Model
component_name/model/tablename.php or administrator/component_name/model/tablename.phpThe user can now see all of their records but where the view access level is manager
the tool bar buttons edit and delete are displayed
BUT they can not see (in the record grid)
- checkbox
- edit button
- delete button
- unpublish button
Also in the grid
- trash button (is displayed and if you select it it prompts "are you sure you want to trash?" but does nothing if selecting ok)
- publish button (displayed but nothing happens when pressed)
- default button (displayed but nothing happens when pressed)
- archive button (displayed but nothing happens when pressed)
- published icon (displayed - unsure if it toggles dont think i set it)

Allowing the user to edit their record
in administrator/components/com_mycomponent/classes/models/item.phpNow the user can see in the grid and use
- check box
- edit button on toolbar and grid
State Buttons All visable and now indicate "edit state is not permitted you are not authorised to view this resource"
Missing Buttons
- delete button missing from the grid
- Delete from the toolbar indicates "you are not authorised to view this resource"

Allowing the user to the delete their private message
Again in the administrator/components/com_mycomponent/classes/models/item.php

The User Can Now Successfully Delete the record and the grid icon works
edit state tasks "still prompt edit state is not permitted...."

Allowing the user to edit state
Again in the administrator/components/com_mycomponent/classes/models/item.php
The user is now able successfully use the...
- trash button
- unpublish button
- publish button
- archive button
- Default Button

PUBLISHED FIELD
- Archive Button (did notice it displays two archived buttons)
- i did catch a 2 in the published field once (should have been -2) unsure how it got there seems to work now?

The Default Field icon is yellow star for 0 and displays no icon for 1 so user cant toggle back

Have not tested checkin / checkout

Any Hope it Helps

Hi Admin
Its been a long weekend Cooking a solution for apparent access issues

But i finally have a solution on the way and thanks to the fork file you can test both my proposed solution and the current version

I think some users are expecting that a specific user group can be assigned to core.edit, core.delete, core.view.own.....
As i mentioned in an earlier post i have noticed that if that user is in a lower access level than the record there is problems arising from acl

anyhow stay tuned

Hi BTB,

I will read all this as soon as possible. Looks amazing. Thank you so much.
K++

Hi admin will send you an email shortly with my component and my forked changes that way you can review before changing generated code

The above is not all changes needed

Have sorted out view level access and explicit user permissions and have discovered why issues may arise with acl in downloaded component but not in sandbox

Just marking up a few changes send to you soon

Yes, thanks.
I am actually sorting this out.

Very good work actually. Thanks.

Admin check your email - sent you the component and files that I forked ( finally finished after finding some glitches along the way)

Might save you some time

I hear $k = $k+20 coming

So, long post short ....

Does this work now or ... ?

Based on the tests I just ran, the answer would be no.

I am working on this.

A good rewrite in the functions :
canEdit()
canView()
isAuthor()
...

Please be patient.

This is fixed.


@BTB300 : K+++++++ !

Admin K++ as well
Have checked the code out and you have done a great job of cleaning up my suggestion

Can you please explain how this is supposed to work? It still dos not work in the sandbox. Here is what I did:

- Create new project
- Create new Table
- Add author Wizard, add "Created By"
- Add a string (just to have some data type)
- Create form views for admin
- Run in sandbox
- Create item, select the user to assign to, save

The item still gets created as being owned by "super admin"