Bug: In the Helper's addSubmenu() method, custom admin views have the wrong permission names #910
Labels
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: joomla/Component-Builder#910
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Specifically, it uses the view name instead of the in-code name to generate the permissions. An example from one of my projects:
The line
$user->authorise('generate_northern_happenings.submenu', 'com_efevents')
should be:
$user->authorise('happenings.submenu', 'com_efevents')
I added custom REPLACE code to make that change in my project and it fixed it for me!
Just adding: to reproduce, you can't be logged in as a superuser. You have to be a lower-level user who has permission to access the backend and access the custom admin view.
If you're a superuser, authorise() will return true even if the permission doesn't exist.
There is already an issue open on this, we will keep the conversation on this issue 885
Okay seems like its not related... sorry. before I can say more. Your pointing out that the name is incorrect, yet this name can not be incorrect as it directly used the edit view name. So we will need to look closer at what your trying to do here.
Okay here are some more details. Here's my custom admin view settings:
And here is what a non-admin sees when using the component (they have all of the permissions):
You can see that the field "Generate Northern Happenings" is available in the menu up top, but it's not available in the sidebar menu below. I want it to appear in that submenu. I found out that in the helper JBC creates this function:
That last bit has the code:
$user->authorise('generate_northern_happenings.submenu', 'com_efevents')
. Andgenerate_northern_happenings.submenu
is where the problem is. It should sayhappenings.submenu
.Okay you may be aware of our predicament with "my" yearly years of creativity... lol. So we have a compiler that can only best be described as a beastly kind of a perfectionist, anyhow... to matters at hand, we have a methods called
setSubMenus
,addCustomSubMenu
, andsetCustomAdminSubMenu
in thee_Interpretation
class that really is the main actor in building the submenu. Since we can't view thee_Interpretation
class "the predicament" on github... (only here) You could also have a look at it on your local system...Now let us consider the matter, and you will see our actions are in fact correct... and that Joomla at its best day is a moving mass of self serving ambition of well meaning elephant like behavior that has but one result... deforestation! By that I mean, they break down things without admittance to the dependencies other may have of the now not so strong older trees... lol
Okay so the menu,
side-bar
work as expected, as this is how Joomla use to work... and so JCB controllers this side bar, and that is why it still works... o boy I am already frustrated at just the thought of this ingenious change...Where as the permissions and access layer of the internal menu of Joomla seems to have changed to no longer work the way it use to before. These two areas are actually unrelated... but okay in truth they should behave the same and this is how it use to work. To test, pull an old Joomla 3.9.x version up of Joomla and you will see what I mean.
Back to modern day elephant circus and its adventures... JCB does not control the main menu behavior, this is all Joomla based on the menus added to the XML of your component, for example this xml.
As you can see it makes use of the plural views name, and so all Joomla has to work with is this
view=
value to get permissions and all set, which should be okay, yet I see your component has theview name
, and not thecode name
as permissions....So looking at the the methods I mentioned above, this does not make sense as in all places we are working with the code name... which is making me wonder if you have some other view with the same name? admin view or custom menu? as this will explain the weird behavior... as at this point I can still not see any explanation for this wrong code
if ($user->authorise('generate_northern_happenings.submenu', 'com_efevents'))
as going over those methods... for years now I do not see the bug...Here we get the
$nameSingle
value...Here we build the permissions:
or here (depending on how you setup your permissions in the view)
Which in both cases use the correct
$nameSingle
value... so this makes me think it is a setup error, of another nature.So first lets make sure you have the following option set:
When adding the custom admin view to your component, do you have access selected?
I did not have access enabled! But I just enabled it and it didn't change anything in my project. I still can't see the submenu when logged in as a non-administrator (I checked to make sure the user had all the permissions).
That said, I messed around with JCB's compiler code and I think I narrowed it down to this line: https://git.vdm.dev/joomla/Component-Builder/src/branch/staging/admin/helpers/compiler/e_Interpretation.php#L23927
It is only run when, in the component, a custom admin view is added and "Order Before" is not set:
The reality is for me to debug this I need to see the xml access file generated, and to component xml file, and then it still may not be all that clear to me. At this point I do not consider this to be a bug... but a setting issue.
I can send a JCB Package for the component if that would help? If not, I'll at least attach those XML files:
xml files.zip
Please connect with me in the JCB group on Telegram, so we can arrange a chat.
As I think looking in a screen-share at your setup and may resolve this.... Telegram has these options and makes it very easy to quickly respond to your issue. As this does seem like a configuration issue, and not a bug.