-
-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Access ignored in List All Categories menu item #16757
Comments
@sanderpotjer can you please look at this issue? |
|
@Webdongle I haven't been able to reproduce it on a fresh 3.7.x either, so far. I don't have anything that old, just recent backups. It worked fine in 3.6.5 - went directly to the latest 3.7.x Is there anything helpful I could do in debugging it? |
Can you Without the ability to replicate the error I am at a loss as how to test it. |
I've just created a fresh install of Joomla 3.6.5 here Upon your response, I'll go ahead and update to 3.7.3 .... |
When you can reproduce the issue then please post the method to reproduce it. |
After the update to 3.7.3 - all child categories displayed in a category blog, or category list now show when viewing as public (child-category-1 has permission set to registered). Clicking on child-category-1 results in a 403 error |
@Webdongle To reproduce: Fresh install 3.6.5 From front end - you will only see categories with public access, the category assigned to registered users does not show Upgrade to 3.7.3 |
Thanks for the assist in debugging this, @ImagesbyMurray ! I didn't yet try do it from an upgrade, and haven't had the chance to try anything with my own so far. |
@ImagesbyMurray After update the view/access level of the sub category is not honoured. Addendum |
The change happened between 3.6.5 and 3.7.0 Replace /com_content/models/category.php with the one from Joomla 3.6.5 and refresh the frontend view. The Access level is honoured and the the 'Extensions' category can no longer be seen. Line 347 has Line 190 has == replaced with === in the condition @sanderpotjer |
@Webdongle Verified - I've replaced category.php on my test site, behavior is as expected, child category with registered access is now hidden from view |
Also confirmed on my end: I replaced the |
@ImagesbyMurray @kpmueller Please revert only line 190 to state from Joomla! 3.6.5 and test if still works. |
I'll check my changes, but from a quick look, the changes in that file do not look suspicious to me. Will investigate further a bit later. |
Could someone try remarking line 347 |
So I checked, and found out that when remarking/removing line 347 it does work. |
@frankmayer Strange because I thought I had done that before with no avail. Must have edited the wrong copy before ? |
@Webdongle it could have been be a cache issue :) I always clean all caches (even if caching is off) when doing those kinds of tests. Back to the issue: It would be interesting to see what happens when the changes of PR https://github.com/joomla/joomla-cms/pull/11624/files would be applied to a 3.6.5 version. |
Will try and use patchtester on a 3.6.5 to apply https://github.com/joomla/joomla-cms/pull/11624/files |
@frankmayer When Hope that helps |
@Webdongle Thanks, that should confirm that the problem lies with that PR. |
In 3.8.2, without reverting to the old model category.php, I'm seeing the correct behavior seemingly now. Can anybody else confirm it's fixed now? |
Yes! 3.8.2 is handling non-public categories correctly. In Category list view, they are now hidden.
[1490819550689_ibm-logo[1].png]
John Murray
john@imagesbymurray.com<mailto:john@imagesbymurray.com> / 360 827 1089
Images by Murray
360 740 7894
120 Deer Fern Ln Chehalis, WA 98532
http://imagesbymurray.com<http://imagesbymurray.com/>
…________________________________
From: Karl Mueller <notifications@github.com>
Sent: Sunday, November 19, 2017 12:48 PM
To: joomla/joomla-cms
Cc: ImagesbyMurray; Mention
Subject: Re: [joomla/joomla-cms] Access ignored in List All Categories menu item (#16757)
In 3.8.2, without reverting to the old model category.php, I'm seeing the correct behavior seemingly now. Can anybody else confirm it's fixed now?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<#16757 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AcVm6ieFdb8XLW3S3SoYlKznaOxOTCqBks5s4JQhgaJpZM4N9tAG>.
|
OK, since everything seems fixed by #18408 , I'm going to close this issue! |
the bug has re-appeared in 3.8.3
[1490819550689_ibm-logo[1].png]
John Murray
john@imagesbymurray.com<mailto:john@imagesbymurray.com> / 360 827 1089
Images by Murray
360 740 7894
120 Deer Fern Ln Chehalis, WA 98532
http://imagesbymurray.com<http://imagesbymurray.com/>
…________________________________
From: Karl Mueller <notifications@github.com>
Sent: Sunday, November 19, 2017 12:48 PM
To: joomla/joomla-cms
Cc: ImagesbyMurray; Mention
Subject: Re: [joomla/joomla-cms] Access ignored in List All Categories menu item (#16757)
In 3.8.2, without reverting to the old model category.php, I'm seeing the correct behavior seemingly now. Can anybody else confirm it's fixed now?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<#16757 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AcVm6ieFdb8XLW3S3SoYlKznaOxOTCqBks5s4JQhgaJpZM4N9tAG>.
|
I'm not seeing a recurrence in my 3.8.3 install with the 3.8.3 category.php, as far as I can tell Could it be something different, or something which wasn't tested in their fix? |
I’ll work on replicating this on a reference site – but you can observe this on a production site:
https://armedcitizensnetwork.org/our-journal
February Journal link (this behavior will expire in a day or so)
From: Karl Mueller <notifications@github.com>
Reply-To: joomla/joomla-cms <reply@reply.github.com>
Date: Monday, January 29, 2018 at 3:49 PM
To: joomla/joomla-cms <joomla-cms@noreply.github.com>
Cc: John Murray <JOHN@IMAGESBYMURRAY.COM>, Mention <mention@noreply.github.com>
Subject: Re: [joomla/joomla-cms] Access ignored in List All Categories menu item (#16757)
I'm not seeing a recurrence in my 3.8.3 install with the 3.8.3 category.php, as far as I can tell
Could it be something different, or something which wasn't tested in their fix?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<#16757 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AcVm6oE_b8s9HV-EyW_NYHqtrNIW4SAkks5tPlkcgaJpZM4N9tAG>.
|
Joomla 3.8.5 fixed the issue - see thread: |
Steps to reproduce the issue
I haven't been able to reproduce it yet on a fresh 3.7.2 install
System information (as much as possible)
PHP 5.6, Centos 6.x latest, Joomla 3.7.2
This Joomla has been migrated and updated since 1.6
Additional comments
I have a hierarchical category structure with access levels and groups for each level.
I create a List All Categories menu item which points to a parent level, with an appropriate access level (let's call it P). Inside are additional subcategories, (S1, S2, S3, etc.) with matching access levels. Inside the subcategories are articles, with have their category's subcategory access level.
Before 3.7, the menu item, when clicked, would show only subcategories which the user has access to. The user in 3.7 sees all subcategories, regardless if they have access. If they click on a subcategory link they don't have access to, they get a forbidden error (correctly).
So, the problem is clearly in the view of the parent category, showing children regardless of access levels the user is related to.
I have shown this in the SQL commands as follows:
https://gist.github.com/kpmueller/df426df43a3d1199bb97b0e6aa40861a
This is one of the subcategory queries. In the query, it is limiting itself by access level.
https://gist.github.com/kpmueller/f87a9cd9047066ef20a2295e3fc6536a
This is the parent category query (from the List All Categories menu item). It has NO access level clause.
The stack trace involved:
https://gist.github.com/kpmueller/06a7a59900416974556587a786b6c0d8
I believe this should be set, here:
libraries/legacy/categories/categories.php:236
But, it seems there's not an
_options['access']
setting in the model.Earlier in the stack:
components/com_content/models/category.php:355
There should be an options['access'] being set, based on a parameter,
check_access_rights
. For some reason, this is not happening.This seems potentially to be related to an earlier PR, #11624
Unfortunately, I tried to reproduce this with a fresh joomla, and it seemed to be working properly, so I wonder if some kind of migrated data is involved. Nothing looked out of place. There must be somewhere further up where a parameter is not properly set, or lost?
If i can provide any more information, please let me know. I don't really know where to look next.
The text was updated successfully, but these errors were encountered: