[4.1] Split up com_users permissions into sections

[SniperSister]

Is your feature request related to a problem? Please describe.

Right now, there's just a global "edit" permission for com_users, meaning that if you want to allow someone to edit users, you also have to allow them to edit groups and view levels, which obviously isn't always wanted as a security implication in terms of ACL is associated to that.

Describe the solution you'd like

We should split up the "com_users" ACL right into multiple rights, just like we do in the rest of the CMS:

Tasks:

• split up com_users into com_users.users, com_users.groups, com_users.viewlevels
• adjust permission level checks (so far checking for com_users) throughout the system
• update default permissions to make sure that groups and viewlevels is allowed for Super Admins only
• figure out a 3.x to 4.x migration path

Additional context

JSST had an internal discussion about this topic, but as the current behavior is "by design" and any change would be a b/c break, we decided to open a ticket in the public tracker instead of handling it in a security release.

[brianteeman]

Is this something you will be contributing?

[brianteeman]

or should this be closed?

[brianteeman]

@SniperSister any update?

[SniperSister]

Drowning in work so didn't had time to tackle that issue, but it's definitely on my todo list

[alexandreelise]

Nice feature to add. @SniperSister

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/24299.}

[brianteeman]

Thsi should probably be retagged for 4.1

[jwaisner]

Updated to retag (without a label at the moment) to revisit for 4.1

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/24299.}

[brianteeman]

please add the new feature and j4 issue label