Categories selection options not restricted by AccessLevel - [Fixed in 3.2.10]

[prashant]

Hi,

I have a peculiar problem.
I have configured a couple of 'restricted users' using groups and access levels.
Categories have been assigned access levels as per business requirements.
When a restricted user logs in, the 'options' in the 'category' listbox on the header are filtered as per access level.
BUT when I click on 'Add' to create a new download, the 'category' listbox in the PUBLISHING tab contains all categories instead of being filtered by access level.
Since I have configured most of the restrictions in the Global Settings, a restricted user is able to view only his/her own folder but can 'create download' on any of the visible folder.

Can we filter/restrict the PUBLISHING tab 'categories' also?

I am new to PHP and Joomla, but going by joomla developer documentation and through the component code, the following changes seemed to work for me.

In file components/com_jdownloads/views/form/tmpl/edit.php line 225 was commented and replaced by following code snippet
------ Begin snippet ---------
<!--                    <?php echo $this->form->getInput('cat_id'); ?>  -->
         <?php
                 $data = JDHelper::buildCategorySelectBox(0, 0, 0, $jlistConfig['view.empty.categories'], true);      
            $listbox = JHtml::_('select.genericlist', $data['options'], 'jform[cat_id]', 'id="jform_cat_id" class="inputbox"', 'value', 'text', $data['selected'] );
            echo $listbox
         ?>
------ End snippet ---------

I have put 0s for most of the params and am able to resolve my problem.
Personally I am against putting such hacks in local code - as one might not be aware of its impact on other places and such changes get easily forgotten over time causing maintenance nightmares.

Would appreciate if you could please fix this issue so that there is a clean solution in the source itself which would benefit the larger community.


jDownloads Version 3.2.8 Beta, Joomla 3.3.0


Thanks,
Regards,
Prashant

[Arno]

Hi,

BUT when I click on 'Add' to create a new download, the 'category' listbox in the PUBLISHING tab contains all categories instead of being filtered by access level.
Since I have configured most of the restrictions in the Global Settings, a restricted user is able to view only his/her own folder but can 'create download' on any of the visible folder.

Okay this seems to be a bug.
I will check it and fix it in next beta.  

jDownloads Version 3.2.8 Beta,

Please install the 3.2.9 version and use the new ranking values for the jD user groups.
Read here:
http://www.jdownloads.net/documentations/item/which-user-group-is-used

[Arno]

Please try this:
- copy the unzipped file (below) into your folder: \administrator\components\com_jdownloads\models\fields
- try it then again and post here your result
- thanks

[ColinM]

Arno
Think I have similar problem

This post modified because test setup view access was incorrect

When listing All Categories from front end all works well and only the relevant categories are shown.
This item is I believe the same as raised in     
"Add" button visual even though users have only download rights www.jdownloads.com/forum/index.php?topic=7197.msg27922

Colin

[Arno]

Hi Colin,
in your example is not viewed the category 'RegCat' in the 'select box' ?
What are here the permissions from your user and have he a 'view' access?

Sorry but i understand not all your problem descriptions. Maybe can you use more simple terms.  
It is not easy to understand your test when i not know the users and categories settings/permissions and so on.

I have applied the updated version of  jdcategoryselecteditfe.php i

This version get only categories where the current user may view it.
In the older version are the categories only tested on edit and create permissions.

[ColinM]

Arno
Have applied View Access permissions to sub-categories both with and without  updated version of  jdcategoryselecteditfe.php
results are as below.  I will write more about view access permissions elsewhere as it was very tiresome applying them.

Please see pic user-group-settings-12A.png which summaries the testing regime. (will be part of documentation)  The classifications Reg means 'regular users', sig means users of a 'Special Interest Group' and sig 2 are users of  'Special Interest Group 2'.

In List All Categories and List All Downloads only those that should have been shown were shown.   This includes those shown in the Categories pull downs on those pages - eg pic user-group-settings-07.png    .  Also uploading was not allowed for users in one or more of the 'downloaders only' groups  and allowed for users in an uploader permitted group 

In the Uploaders allowed groups the released version allowed access to all categories see pic user-group-settings-11-release.png  but even sadder the modified version of   jdcategoryselecteditfe.php only allowed access to   see pic user-group-settings-11-modified.png 

Colin



[gelöscht durch Administrator]

[Arno]

Hi Colin,
it is not easy for me to understand exactly your test scenario.
Maybe should you say me what exactly is wrong in your results (pics). Then i can try to reproduce it easier.  
Or give me an easier example with a wrong result in the 'select box'.  

Logical is for me this:
when a user has the permissions to create a new download:
- so it must exists in the 'categories select box' all categories where the user has the permissions to 'create'
- if so, then it should be clear that he should has also the 'view' permissions for this categories

We use for this the same functions as Joomla self for his categories or articles. Also the original jdcategoryselecteditfe.php.

Edit:
Perhaps must we use a new methode to get the correct permissions for every category.  

Edit2:
I have found a bug with the 'creation' page. Please wait a little bit...

[Arno]

Hi Colin,
i be today on work, but i will try to send you later today a new version with some fixes.

[ColinM]

Arno
Will try to set up a simpler test regime for you!
it is the View Access Level that is the key

Logical is for me this:
when a user has the permissions to create a new download:
- so it must exists in the 'categories select box' all categories where the user has the permissions to 'create'
- if so, then it should be clear that he should has also the 'view' permissions for this categories

A user-group may have permission to create (which is an action) but not have View Access.  Part of the challenge here is that user group permissions cascade so if user group A and User Group B have a parent group of Publisher then they will both have Create permissions, that is in principle they both have the ability to create.  But suppose the administrator wants user-group A is to be only allowed permission to create in categories CatA and its sub categories (set A).  Similarly user-group B to only create in CatB and its descendants (set B). 

Presently I am suggesting that the View Access to CatA and its descendants is restricted to the ViewCatA which has just user-group A as a member.  The same applies to user-group B with View Access to CatB and its descendants is restricted to the ViewCatB which has just user-group B as a member.  I have written the documentation around that scheme.

There is an alternative approach which uses the ACL Permissions on the Categories & Downloads.  For all those categories & downloads that are to allow create to user group A, that is set A, then one sets up the Category & Download permissions for user-group A as 'Allow'  and the user-group permissions on set A for user-group B as 'Denied'.  For  set B we need to 'Allow' for user-group B and for set A we need to 'Deny'.  However that does not seem to work!  This may be a bug but so far I have used View access as the controlling aspect as apart from the Pubish category pull down list it works.
Colin

[Arno]

I hope that i have fixed now the most problems with the 'categories select box'.
The result can you test (at latest tomorrow) in the new beta 3.2.10.