Welcome, Guest
Username: Password: Remember me
Forgot your password? Forgot your username? Create an account
Forum
Support forum
Built - Installation - Compatibilities
ACL - Can't add unless user has Global Create
  • Page:
  • 1

TOPIC:

ACL - Can't add unless user has Global Create 01 Dec 2012 13:53 #5697

We sell our educational material to universities, and the librarians do the purchasing. I've got 4 kinds of users:
Registered
  - Customers
    - Librarians
    - Professors
  1. Visitors must become Registered users to view prices
  2. If they make a purchase, they become a Librarian
  3. Librarians create users that are Professors
  4. Librarians and Professors are Customers to be able to see "customer stuff", regardless of their role
My component has a view that is visible to the Librarian,which allows them to add to the my_professors table, and creates a Joomla account for that professor. This works when logged in as Administrator.

When logged in as a Librarian, the only way that I've been able to make the "New" button appear is by giving them Global Create permission. In this case, the New button appears, but the Librarian is now able to submit new content to the site with the Joomla Content component (This, of course, is not desirable).

If I set the permissions on my component to all "Create = Allowed" for Librarians, shouldn't they be able to add within my component, but not on the site in general? :huh:

In short, setting Permissions in my component has zero effect - I've tried giving all permissions to all users through the admin of my component, and it makes no difference.

Please Log in or Create an account to join the conversation.

Last edit: by gdpodesta. Reason: Additional testing result

Re: ACL - Can't add unless user has Global Create 01 Dec 2012 16:26 #5699

The new Joomla ACL has a steep learning curve compared to earlier versions :S . I believe I've answered my own question with this understanding:
  1. If a user needs a particular privilege such as "Create" rights in any given component, then they must first have it Globally.
  2. Subsequently, each component may then override it for that component with it's own permission settings
.
If that is true, then the above should work for my component, but I must remove those Global rights at the Component level anywhere that I do not want them to Create items (such as com_content). :unsure:
The following user(s) said Thank You: admin

Please Log in or Create an account to join the conversation.

Last edit: by gdpodesta.

Re: ACL - Can't add unless user has Global Create 02 Dec 2012 21:41 #5748

  • admin
  • admin's Avatar
  • Offline
  • Administrator
  • Administrator
  • Chef
  • Posts: 3711
  • Thank you received: 986
Yes, exactly.
Good analysis, clearly undersantable for visitors.

I got this problem in sandboxes as well, and it was a pain in the ass, so at the end I had to hack the joomla core, for security reasons.

It is missing something like 'force' authorization in ACL.

In my hands, I understood the same. But maybe wrong. I am not a guru.
All inputs are welcome on this subject.

K+1
Coding is now a piece of cake

Please Log in or Create an account to join the conversation.
  • Page:
  • 1
Forum
Support forum
Built - Installation - Compatibilities
ACL - Can't add unless user has Global Create
Time to create page: 0.108 seconds

Freakin' Awesome!!! J-Cook is simply awesome - whether you're a highly experienced developer or complete novice whether you're building a small inventory component or a complete community solution! The beauty comes from a fast slick and reliable platform that readily provides developers with everything they'll need to build the backbone of a solid and secure component with wizards for authoring access publishing aliasing created/modified by dates... you name it COOK provides it! J-Cook really surpasses all of the 'competition' as far as MVC tools are concerned! Try love it and get cooking!
learnthrusong (JED)
          

Get Started

Log In Sign In