×
Please submit new Bug Reports on GitHub: github.com/Jensen-Technologies/component-creator-issues/issues
Front end form ACL
Jason Cooper
Yeni Üye
Posts: 4
4 yıl 1 ay önce #9808
Yazan: Jason Cooper
Front end form ACL, Jason Cooper tarafından oluşturuldu
Hi Everyone
I'm having a problem with front end ACL.
I have a menu item to a front end form and it's currently accessible to public and guest groups. When I change the component ACL to deny public and guest access the form is still accessible and on view to those groups. However, when you fill out the form and submit, that's when the ACL produces an error.
I want ACL to deny public and guest users access to the form rather than them being able to see the form and ACL only working after the form has been filled in and submitted.
I have other components where ACL is working as expected, but I've been experiencing the above issue with my last two components. I've tried to compare my most recent component which has the issue above to an older one without the issue, but can't find anything.
Does anyone have any ideas or suggestions please?
Many thanks.
I'm having a problem with front end ACL.
I have a menu item to a front end form and it's currently accessible to public and guest groups. When I change the component ACL to deny public and guest access the form is still accessible and on view to those groups. However, when you fill out the form and submit, that's when the ACL produces an error.
I want ACL to deny public and guest users access to the form rather than them being able to see the form and ACL only working after the form has been filled in and submitted.
I have other components where ACL is working as expected, but I've been experiencing the above issue with my last two components. I've tried to compare my most recent component which has the issue above to an older one without the issue, but can't find anything.
Does anyone have any ideas or suggestions please?
Many thanks.
Lütfen sohbete katılmak için Giriş ya da Hesap açın.
Jason Cooper
Yeni Üye
Posts: 4
4 yıl 1 ay önce - 4 yıl 1 ay önce #9809
Yazan: Jason Cooper
Jason Cooper tarafından Front end form ACL konusunda yanıtlandı
Hi everyone
First of all, before I continue, I just want to say how brilliant Component Creator is! Please keep up the excellent work.
I hope it's OK to post this here?
I believe I may have found a solution to the issue I've been experiencing (mentioned above) that works for me.
Go to file: \site\models\[yourcomponent]form.php
From line 94. Replace the follow:
// Get a level row instance.
$table = $this->getTable();
if ($table !== false && $table->load($id) && !empty($table->id))
{
$user = Factory::getUser();
$id = $table->id;
$canEdit = $user->authorise('core.edit', 'com_yourcomponent') || $user->authorise('core.create', 'com_yourcomponent');
if (!$canEdit && $user->authorise('core.edit.own', 'com_yourcomponent'))
{
$canEdit = $user->id == $table->created_by;
}
if (!$canEdit)
{
throw new Exception(Text::_('JERROR_ALERTNOAUTHOR'), 403);
}
With:
// Get a level row instance.
$table = $this->getTable();
if ($table !== false && $table->load($id))
{
$user = Factory::getUser();
$id = $table->id;
if ($id)
{
$canEdit = $user->authorise('core.edit', 'com_yourcomponent.yourcomponent.' . $id) || $user->authorise('core.create', 'com_yourcomponent.yourcomponent.' . $id);
}
else
{
$canEdit = $user->authorise('core.edit', 'com_yourcomponent') || $user->authorise('core.create', 'com_yourcomponent');
}
if (!$canEdit && $user->authorise('core.edit.own', 'com_yourcomponent.yourcomponent.' . $id))
{
$canEdit = $user->id == $table->created_by;
}
if (!$canEdit)
{
throw new Exception(Text::_('JERROR_ALERTNOAUTHOR'), 403);
}
As I said, this works for me. Please advise if this is correct.
Thanks everyone.
First of all, before I continue, I just want to say how brilliant Component Creator is! Please keep up the excellent work.
I hope it's OK to post this here?
I believe I may have found a solution to the issue I've been experiencing (mentioned above) that works for me.
Go to file: \site\models\[yourcomponent]form.php
From line 94. Replace the follow:
// Get a level row instance.
$table = $this->getTable();
if ($table !== false && $table->load($id) && !empty($table->id))
{
$user = Factory::getUser();
$id = $table->id;
$canEdit = $user->authorise('core.edit', 'com_yourcomponent') || $user->authorise('core.create', 'com_yourcomponent');
if (!$canEdit && $user->authorise('core.edit.own', 'com_yourcomponent'))
{
$canEdit = $user->id == $table->created_by;
}
if (!$canEdit)
{
throw new Exception(Text::_('JERROR_ALERTNOAUTHOR'), 403);
}
With:
// Get a level row instance.
$table = $this->getTable();
if ($table !== false && $table->load($id))
{
$user = Factory::getUser();
$id = $table->id;
if ($id)
{
$canEdit = $user->authorise('core.edit', 'com_yourcomponent.yourcomponent.' . $id) || $user->authorise('core.create', 'com_yourcomponent.yourcomponent.' . $id);
}
else
{
$canEdit = $user->authorise('core.edit', 'com_yourcomponent') || $user->authorise('core.create', 'com_yourcomponent');
}
if (!$canEdit && $user->authorise('core.edit.own', 'com_yourcomponent.yourcomponent.' . $id))
{
$canEdit = $user->id == $table->created_by;
}
if (!$canEdit)
{
throw new Exception(Text::_('JERROR_ALERTNOAUTHOR'), 403);
}
As I said, this works for me. Please advise if this is correct.
Thanks everyone.
Son Düzenleme: 4 yıl 1 ay önce Düzenleyen:Jason Cooper
Lütfen sohbete katılmak için Giriş ya da Hesap açın.
Glenn Arkell
Yeni Üye
Posts: 7
4 yıl 3 gün önce #9813
Yazan: Glenn Arkell
Glenn Arkell tarafından Front end form ACL konusunda yanıtlandı
Hi Jason,
Just my 2 cents worth in case it helps. Perhaps it would be better to utilise the ACL protection prior to getting to the model, ie protecting the button/link/menu item to gets you to this stage?
So how/where are you providing the link to the form in the first place? If a menu item, then set the access level on the menu item. If from a button or link, test for the ACL and wrap an if statement around that.
Hope this helps. Cheers.
Glenn
Just my 2 cents worth in case it helps. Perhaps it would be better to utilise the ACL protection prior to getting to the model, ie protecting the button/link/menu item to gets you to this stage?
So how/where are you providing the link to the form in the first place? If a menu item, then set the access level on the menu item. If from a button or link, test for the ACL and wrap an if statement around that.
Hope this helps. Cheers.
Glenn
Lütfen sohbete katılmak için Giriş ya da Hesap açın.
Sayfa oluşturma süresi: 0.051 saniye