-
-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[4.1] Split up com_users permissions into sections #24299
Comments
ghost
added
the
J4 Issue
label
Apr 4, 2019
Is this something you will be contributing? |
or should this be closed? |
@SniperSister any update? |
Drowning in work so didn't had time to tackle that issue, but it's definitely on my todo list |
Nice feature to add. @SniperSister This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/24299. |
Thsi should probably be retagged for 4.1 |
joomla-cms-bot
changed the title
[4.0] Split up com_users permissions into sections
[4.1] Split up com_users permissions into sections
Aug 24, 2021
Updated to retag (without a label at the moment) to revisit for 4.1 This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/24299. |
please add the new feature and j4 issue label |
4 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
Right now, there's just a global "edit" permission for com_users, meaning that if you want to allow someone to edit users, you also have to allow them to edit groups and view levels, which obviously isn't always wanted as a security implication in terms of ACL is associated to that.
Describe the solution you'd like
We should split up the "com_users" ACL right into multiple rights, just like we do in the rest of the CMS:
Tasks:
Additional context
JSST had an internal discussion about this topic, but as the current behavior is "by design" and any change would be a b/c break, we decided to open a ticket in the public tracker instead of handling it in a security release.
The text was updated successfully, but these errors were encountered: