Welcome, Guest
Username: Password: Remember me
Forgot your password? Forgot your username? Create an account
Forum
Support forum
Built - Installation - Compatibilities
ACL - Can't add unless user has Global Create
  • Page:
  • 1

TOPIC:

ACL - Can't add unless user has Global Create 01 Dec 2012 13:53 #5697

We sell our educational material to universities, and the librarians do the purchasing. I've got 4 kinds of users:
Registered
  - Customers
    - Librarians
    - Professors
  1. Visitors must become Registered users to view prices
  2. If they make a purchase, they become a Librarian
  3. Librarians create users that are Professors
  4. Librarians and Professors are Customers to be able to see "customer stuff", regardless of their role
My component has a view that is visible to the Librarian,which allows them to add to the my_professors table, and creates a Joomla account for that professor. This works when logged in as Administrator.

When logged in as a Librarian, the only way that I've been able to make the "New" button appear is by giving them Global Create permission. In this case, the New button appears, but the Librarian is now able to submit new content to the site with the Joomla Content component (This, of course, is not desirable).

If I set the permissions on my component to all "Create = Allowed" for Librarians, shouldn't they be able to add within my component, but not on the site in general? :huh:

In short, setting Permissions in my component has zero effect - I've tried giving all permissions to all users through the admin of my component, and it makes no difference.

Please Log in or Create an account to join the conversation.

Last edit: by gdpodesta. Reason: Additional testing result

Re: ACL - Can't add unless user has Global Create 01 Dec 2012 16:26 #5699

The new Joomla ACL has a steep learning curve compared to earlier versions :S . I believe I've answered my own question with this understanding:
  1. If a user needs a particular privilege such as "Create" rights in any given component, then they must first have it Globally.
  2. Subsequently, each component may then override it for that component with it's own permission settings
.
If that is true, then the above should work for my component, but I must remove those Global rights at the Component level anywhere that I do not want them to Create items (such as com_content). :unsure:
The following user(s) said Thank You: admin

Please Log in or Create an account to join the conversation.

Last edit: by gdpodesta.

Re: ACL - Can't add unless user has Global Create 02 Dec 2012 21:41 #5748

  • admin
  • admin's Avatar
  • Offline
  • Administrator
  • Administrator
  • Chef
  • Posts: 3711
  • Thank you received: 986
Yes, exactly.
Good analysis, clearly undersantable for visitors.

I got this problem in sandboxes as well, and it was a pain in the ass, so at the end I had to hack the joomla core, for security reasons.

It is missing something like 'force' authorization in ACL.

In my hands, I understood the same. But maybe wrong. I am not a guru.
All inputs are welcome on this subject.

K+1
Coding is now a piece of cake

Please Log in or Create an account to join the conversation.
  • Page:
  • 1
Forum
Support forum
Built - Installation - Compatibilities
ACL - Can't add unless user has Global Create
Time to create page: 0.057 seconds

The j-cook project is one of the best of its kind and it is nice that we all try to contribute in little ways to make life easy for each other.

vlemos (Forum)  

Get Started

Log In Sign In