Bug: In the Helper's addSubmenu() method, custom admin views have the wrong permission names #910

New Issue

Closed

opened 2022-05-08 17:27:48 +00:00 by Obscerno · 10 comments

Obscerno commented 2022-05-08 17:27:48 +00:00 (Migrated from github.com)

Copy Link

Specifically, it uses the view name instead of the in-code name to generate the permissions. An example from one of my projects:

if ($user->authorise('generate_northern_happenings.submenu', 'com_efevents'))
{
    JHtmlSidebar::addEntry(JText::_('COM_EFEVENTS_SUBMENU_HAPPENINGS'), 'index.php?option=com_efevents&view=happenings', $submenu === 'happenings');
}

The line

$user->authorise('generate_northern_happenings.submenu', 'com_efevents')

should be:

$user->authorise('happenings.submenu', 'com_efevents')

I added custom REPLACE code to make that change in my project and it fixed it for me!

Specifically, it uses the view name instead of the in-code name to generate the permissions. An example from one of my projects: if ($user->authorise('generate_northern_happenings.submenu', 'com_efevents')) { JHtmlSidebar::addEntry(JText::_('COM_EFEVENTS_SUBMENU_HAPPENINGS'), 'index.php?option=com_efevents&view=happenings', $submenu === 'happenings'); } The line `$user->authorise('generate_northern_happenings.submenu', 'com_efevents')` should be: `$user->authorise('happenings.submenu', 'com_efevents')` I added custom REPLACE code to make that change in my project and it fixed it for me!

Obscerno commented 2022-05-08 18:04:41 +00:00 (Migrated from github.com)

Copy Link

Just adding: to reproduce, you can't be logged in as a superuser. You have to be a lower-level user who has permission to access the backend and access the custom admin view.

If you're a superuser, authorise() will return true even if the permission doesn't exist.

Just adding: to reproduce, you can't be logged in as a superuser. You have to be a lower-level user who has permission to access the backend and access the custom admin view. If you're a superuser, authorise() will return true even if the permission doesn't exist.

Llewellyn commented 2022-05-09 14:57:47 +00:00

Copy Link

There is already an issue open on this, we will keep the conversation on this issue 885

There is already an issue open on this, we will keep the conversation on this [issue 885](https://github.com/vdm-io/Joomla-Component-Builder/issues/885)

Llewellyn commented 2022-05-09 15:02:09 +00:00

Copy Link

Okay seems like its not related... sorry. before I can say more. Your pointing out that the name is incorrect, yet this name can not be incorrect as it directly used the edit view name. So we will need to look closer at what your trying to do here.

Okay seems like its not related... sorry. before I can say more. Your pointing out that the name is incorrect, yet this name can not be incorrect as it directly used the edit view name. So we will need to look closer at what your trying to do here.

Obscerno commented 2022-05-09 15:20:28 +00:00 (Migrated from github.com)

Copy Link

Okay here are some more details. Here's my custom admin view settings:

And here is what a non-admin sees when using the component (they have all of the permissions):

You can see that the field "Generate Northern Happenings" is available in the menu up top, but it's not available in the sidebar menu below. I want it to appear in that submenu. I found out that in the helper JBC creates this function:

/**
 * Configure the Linkbar.
 */
public static function addSubmenu($submenu)
{
	// load user for access menus
	$user = JFactory::getUser();
	// load the submenus to sidebar

	if ($user->authorise('event.access', 'com_efevents') && $user->authorise('event.submenu', 'com_efevents'))
	{
		JHtmlSidebar::addEntry(JText::_('COM_EFEVENTS_SUBMENU_EVENTS'), 'index.php?option=com_efevents&view=events', $submenu === 'events');
		JHtmlSidebar::addEntry(JText::_('COM_EFEVENTS_EVENT_EVENTS_CATEGORIES'), 'index.php?option=com_categories&view=categories&extension=com_efevents.event', $submenu === 'categories.event');
	}
	if ($user->authorise('location.access', 'com_efevents') && $user->authorise('location.submenu', 'com_efevents'))
	{
		JHtmlSidebar::addEntry(JText::_('COM_EFEVENTS_SUBMENU_LOCATIONS'), 'index.php?option=com_efevents&view=locations', $submenu === 'locations');
	}
	if ($user->authorise('generate_northern_happenings.submenu', 'com_efevents'))
	{
		JHtmlSidebar::addEntry(JText::_('COM_EFEVENTS_SUBMENU_HAPPENINGS'), 'index.php?option=com_efevents&view=happenings', $submenu === 'happenings');
	}
}

That last bit has the code: $user->authorise('generate_northern_happenings.submenu', 'com_efevents'). And generate_northern_happenings.submenu is where the problem is. It should say happenings.submenu.

Okay here are some more details. Here's my custom admin view settings:  And here is what a non-admin sees when using the component (they have all of the permissions):  You can see that the field "Generate Northern Happenings" is available in the menu up top, but it's not available in the sidebar menu below. I want it to appear in that submenu. I found out that in the helper JBC creates this function: /** * Configure the Linkbar. */ public static function addSubmenu($submenu) { // load user for access menus $user = JFactory::getUser(); // load the submenus to sidebar if ($user->authorise('event.access', 'com_efevents') && $user->authorise('event.submenu', 'com_efevents')) { JHtmlSidebar::addEntry(JText::_('COM_EFEVENTS_SUBMENU_EVENTS'), 'index.php?option=com_efevents&view=events', $submenu === 'events'); JHtmlSidebar::addEntry(JText::_('COM_EFEVENTS_EVENT_EVENTS_CATEGORIES'), 'index.php?option=com_categories&view=categories&extension=com_efevents.event', $submenu === 'categories.event'); } if ($user->authorise('location.access', 'com_efevents') && $user->authorise('location.submenu', 'com_efevents')) { JHtmlSidebar::addEntry(JText::_('COM_EFEVENTS_SUBMENU_LOCATIONS'), 'index.php?option=com_efevents&view=locations', $submenu === 'locations'); } if ($user->authorise('generate_northern_happenings.submenu', 'com_efevents')) { JHtmlSidebar::addEntry(JText::_('COM_EFEVENTS_SUBMENU_HAPPENINGS'), 'index.php?option=com_efevents&view=happenings', $submenu === 'happenings'); } } That last bit has the code: `$user->authorise('generate_northern_happenings.submenu', 'com_efevents')`. And `generate_northern_happenings.submenu` is where the problem is. It should say `happenings.submenu`.

Llewellyn commented 2022-05-10 07:28:06 +00:00

Copy Link

Okay you may be aware of our predicament with "my" yearly years of creativity... lol. So we have a compiler that can only best be described as a beastly kind of a perfectionist, anyhow... to matters at hand, we have a methods called setSubMenus, addCustomSubMenu, and setCustomAdminSubMenu in the e_Interpretation class that really is the main actor in building the submenu. Since we can't view the e_Interpretation class "the predicament" on github... (only here) You could also have a look at it on your local system...

Now let us consider the matter, and you will see our actions are in fact correct... and that Joomla at its best day is a moving mass of self serving ambition of well meaning elephant like behavior that has but one result... deforestation! By that I mean, they break down things without admittance to the dependencies other may have of the now not so strong older trees... lol

Okay so the menu, side-bar work as expected, as this is how Joomla use to work... and so JCB controllers this side bar, and that is why it still works... o boy I am already frustrated at just the thought of this ingenious change...

Where as the permissions and access layer of the internal menu of Joomla seems to have changed to no longer work the way it use to before. These two areas are actually unrelated... but okay in truth they should behave the same and this is how it use to work. To test, pull an old Joomla 3.9.x version up of Joomla and you will see what I mean.

Back to modern day elephant circus and its adventures... JCB does not control the main menu behavior, this is all Joomla based on the menus added to the XML of your component, for example this xml.

As you can see it makes use of the plural views name, and so all Joomla has to work with is this view= value to get permissions and all set, which should be okay, yet I see your component has the view name, and not the code name as permissions....

So looking at the the methods I mentioned above, this does not make sense as in all places we are working with the code name... which is making me wonder if you have some other view with the same name? admin view or custom menu? as this will explain the weird behavior... as at this point I can still not see any explanation for this wrong code if ($user->authorise('generate_northern_happenings.submenu', 'com_efevents')) as going over those methods... for years now I do not see the bug...

Here we get the $nameSingle value...

Here we build the permissions:

or here (depending on how you setup your permissions in the view)

Which in both cases use the correct $nameSingle value... so this makes me think it is a setup error, of another nature.

So first lets make sure you have the following option set:

When adding the custom admin view to your component, do you have access selected?

Okay you may be aware of our predicament with "my" yearly years of creativity... lol. So we have a compiler that can only best be described as a beastly kind of a perfectionist, anyhow... to matters at hand, we have a methods called `setSubMenus`, `addCustomSubMenu`, and `setCustomAdminSubMenu` in the `e_Interpretation` class that really is the main actor in building the submenu. Since we can't view the `e_Interpretation` class "the predicament" on github... ([only here](https://git.vdm.dev/joomla/Component-Builder/src/branch/staging/admin/helpers/compiler/e_Interpretation.php)) You could also have a look at it on your local system... Now let us consider the matter, and you will see our actions are in fact correct... and that Joomla at its best day is a moving mass of self serving ambition of well meaning elephant like behavior that has but one result... deforestation! By that I mean, they break down things without admittance to the dependencies other may have of the now not so strong older trees... lol Okay so the menu, `side-bar` work as expected, as this is **how Joomla use to work**... and so JCB controllers this **_side bar_**, and that is why it still works... o boy I am already frustrated at just the thought of this ingenious change... Where as the permissions and access layer of the internal menu of Joomla seems to have changed to no longer work the way it use to before. These two areas are actually unrelated... but okay in truth they should behave the same and this is how it use to work. To test, pull an old Joomla 3.9.x version up of Joomla and you will see what I mean. Back to modern day elephant circus and its adventures... JCB does not control the main menu behavior, this is all Joomla based on the menus added to the XML of your component, for [example this xml](https://github.com/Llewellynvdm/Joomla-Sermon-Distributor/blob/master/sermondistributor.xml#L75). As you can see it makes use of the plural views name, and so all Joomla has to work with is this `view=` value to get permissions and all set, which should be okay, yet I see your component has the `view name`, and not the `code name` as permissions.... So looking at the the methods I mentioned above, this does not make sense as in all places we are working with the code name... which is making me wonder if you have some other view with the same name? admin view or custom menu? as this will explain the weird behavior... as at this point I can still not see any explanation for this wrong code `if ($user->authorise('generate_northern_happenings.submenu', 'com_efevents'))` as going over those methods... for years now I do not see the bug... Here we get the `$nameSingle` value...  Here we build the permissions:  or here (depending on how you setup your permissions in the view)  Which in both cases use the correct `$nameSingle` value... so this makes me think it is a setup error, of another nature. So first lets make sure you have the following option set:  When adding the custom admin view to your component, do you have access selected?

Obscerno commented 2022-05-10 17:56:10 +00:00 (Migrated from github.com)

Copy Link

I did not have access enabled! But I just enabled it and it didn't change anything in my project. I still can't see the submenu when logged in as a non-administrator (I checked to make sure the user had all the permissions).

That said, I messed around with JCB's compiler code and I think I narrowed it down to this line: https://git.vdm.dev/joomla/Component-Builder/src/branch/staging/admin/helpers/compiler/e_Interpretation.php#L23927

It is only run when, in the component, a custom admin view is added and "Order Before" is not set:

I did not have access enabled! But I just enabled it and it didn't change anything in my project. I still can't see the submenu when logged in as a non-administrator (I checked to make sure the user had all the permissions). That said, I messed around with JCB's compiler code and I think I narrowed it down to this line: https://git.vdm.dev/joomla/Component-Builder/src/branch/staging/admin/helpers/compiler/e_Interpretation.php#L23927 It is only run when, in the component, a custom admin view is added and "Order Before" is not set: 

Llewellyn commented 2022-05-11 08:31:35 +00:00

Copy Link

The reality is for me to debug this I need to see the xml access file generated, and to component xml file, and then it still may not be all that clear to me. At this point I do not consider this to be a bug... but a setting issue.

The reality is for me to debug this I need to see the xml access file generated, and to component xml file, and then it still may not be all that clear to me. At this point I do not consider this to be a bug... but a setting issue.

Obscerno commented 2022-05-11 15:26:47 +00:00 (Migrated from github.com)

Copy Link

I can send a JCB Package for the component if that would help? If not, I'll at least attach those XML files:

xml files.zip

I can send a JCB Package for the component if that would help? If not, I'll at least attach those XML files: [xml files.zip](https://github.com/vdm-io/Joomla-Component-Builder/files/8671285/xml.files.zip)

Llewellyn commented 2022-05-18 05:23:00 +00:00

Copy Link

Please connect with me in the JCB group on Telegram, so we can arrange a chat.

Please connect with me in the [JCB group on Telegram](https://t.me/jcb_group), so we can arrange a chat.

Llewellyn commented 2022-05-18 05:24:55 +00:00

Copy Link

As I think looking in a screen-share at your setup and may resolve this.... Telegram has these options and makes it very easy to quickly respond to your issue. As this does seem like a configuration issue, and not a bug.

As I think looking in a screen-share at your setup and may resolve this.... Telegram has these options and makes it very easy to quickly respond to your issue. As this does seem like a configuration issue, and not a bug.

Llewellyn closed this issue 2024-03-26 10:08:40 +00:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

5.x

4.x

3.x

master

staging

v5.0.0-rc2

v4.0.0-rc2

v3.2.1-rc2

v5.0.0-rc1

v4.0.0-rc1

v3.2.1-rc1

v5.0.0-beta5

v4.0.0-beta5

v3.2.1-beta3

v3.2.1-beta2

v5.0.0-beta4

v4.0.0-beta4

v3.2.1-beta1

v5.0.0-beta3

v4.0.0-beta3

v3.2.1-alpha4

v5.0.0-beta2

v4.0.0-beta2

v3.2.1-alpha3

v3.2.1-alpha2

v5.0.0-beta1

v4.0.0-beta1

v5.0.0-alpha8

v4.0.0-alpha8

v3.2.1-alpha1

v3.2.0

v5.0.0-alpha7

v4.0.0-alpha7

v3.2.0-beta10

v5.0.0-alpha6

v4.0.0-alpha6

v3.2.0-beta9

v5.0.0-alpha5

v4.0.0-alpha5

v3.2.0-beta8

v5.0.0-alpha4

v4.0.0-alpha4

v3.2.0-beta7

v5.0.0-alpha3

v4.0.0-alpha3

v5.0.0-alpha2

v4.0.0-alpha2

v3.2.0-beta6

v5.0.0-alpha1

v4.0.0-alpha1

v3.2.0-beta5

v3.2.0-beta4

v3.2.0-beta3

v3.2.0-beta2

v3.2.0-beta1

v3.1.28

v3.1.27

v3.1.24

v3.1.19

v3.1.17

v3.1.15

v3.1.12

v3.1.11

v3.1.10

v3.1.9

v3.1.8

v3.1.7

v3.1.6

v3.1.5

v3.1.4

v3.1.3

v3.1.2

v2.13.1

v2.13.0

v2.12.16

v2.12.15

v2.12.14

v2.12.10

v2.12.9

v2.12.8

v2.12.7

v2.12.6

v2.12.4

v2.12.3

v2.12.2

v2.11.7

v2.11.4

v2.11.3

v2.11.2

v2.11.0

v2.10.13

v2.10.11

v2.10.9

v2.10.5

v2.10.1

v2.10.0

v2.9.21

v2.9.18

v2.9.14

v2.9.11

v2.9.10

v2.9.8

v2.9.7

v2.9.1

v2.9.0

v2.8.5

v2.8.4

v2.8.2

v2.8.0

v2.7.10

v2.7.7

v2.7.6

v2.7.5

v2.7.4

v2.7.1

v2.7.0

v2.6.17

v2.6.16

v2.6.15

v2.6.14

v2.6.13

v2.6.12

v2.6.11

v2.6.10

v2.6.9

v2.6.8

v2.6.7

v2.6.6

v2.6.5

v2.6.3

v2.6.2

v2.6.1

v2.6.0

v2.5.8

v2.5.6

v2.5.5

v2.5.4

v2.5.1

v2.5.0

v2.4.10

v2.4.9

v2.4.8

v2.4.7

v2.4.6

v2.4.5

v2.4.4

v2.4.3

v2.4.2

v2.4.1

v2.4.0

v2.3.10

v2.3.9

v2.3.8

v2.3.7

v2.3.6

v2.3.5

v2.3.4

v2.3.2

v2.3.1

v2.3.0

v2.2.10

v2.2.9

v2.2.6

v2.2.5

v2.2.4

v2.2.3

v2.2.2

v2.2.0

v2.1.21

v2.1.20

v2.1.19

v2.1.18

v2.1.17

v2.1.16

v2.1.14

v2.1.13

v2.1.12

v2.1.11

v2.1.10

v2.1.9

v2.1.8

v2.1.7

v2.1.6

v2.1.5

v2.1.4

v2.1.3

v2.1.2

v2.1.1

v2.1.0

v2.0.9

v2.0.8

Labels

Clear labels   

Beta

Issues related to the a beta release

  

Bug

  

Documentation

  

enhancement

  

help wanted

  

invalid

  

joomla

Joomla related changes

  

question

  

URGENT

  

wontfix

No Label

Beta

Bug

Documentation

enhancement

help wanted

invalid

joomla

question

URGENT

wontfix

Milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: joomla/Component-Builder#910

No description provided.