Support Forums

Support Offline : Mon - Fri / 10am - 6pm (GMT +6)

Your Time: Our Time:

Restricting user rights with user groups in SPPB 3.1

Featured Lock Resolved Issue
We currently use SPPB for creating various pages, by different users. Everything works perfect, but we have a little issue with the latest SPPB update.

Currently, we use different restrictions for our backend users based on groups. One group is allowed to edit pages only that they have created.

After the latest update, when a user tries to access and edit a page that that user created, instead of opening that page, we get an error (see attachment).

We rechecked all user permissions but everything is set okay.

Is it possible that this issue is connected to the latest update, or I'm missing something out here?

Any kind of help would be appreciated.

Thank you a lot,

Ivana
joomla.team

Attachments (1)

  • error-sppb-3.1.png
    error-sppb-3.1.png 50.2 KB

21 Answers

Toufiq - Staff

More than a month ago #Permalink
Hi,

Please watch the video for access control list.

https://drive.google.com/file/d/0B1JlaWHBrnKwRGdyUUhzNVNwVmc/view

-Thanks

joomla.team

More than a month ago #Permalink
Thank you, but I'm afraid we misunderstood each other.

The problem comes when we use "Edit Own" permission for special user group. We made sure that specific user from that group has created the page in SPPB.

ScreenHunter_245 Jan. 23 09.26.png

As you can see on the image above, user can only select the page that he created. The problem comes when user tries to open the same page. We get an error like this one:

ScreenHunter_246 Jan. 23 09.28.png

On previous versions of SPPB we haven't had problems like that and users could edit only their own pages. This problem came up with 3.1 PRO version.


Thank you once again,

joomla.team

Attachments (2)

  • ScreenHunter_245 Jan. 23 09.26.png
    ScreenHunter_245 Jan. 23 09.26.png 11.4 KB
  • ScreenHunter_246 Jan. 23 09.28.png
    ScreenHunter_246 Jan. 23 09.28.png 13.4 KB

Toufiq - Staff

More than a month ago #Permalink
Hi,

I have checked and ACL working fine.

https://prnt.sc/i4e9io

-Thanks

joomla.team

More than a month ago #Permalink
Thank you Toufiq,

As you can see on the image below, we've set up specific user group permissions. "Edit Own" is set to allowed and the user is assigned to this user group.

ScreenHunter_249 Jan. 23 14.51.png

When I open SP Page Builder > Pages as the user with restricted permissions and try to edit the page that I created I get this error:

ScreenHunter_246 Jan. 23 09.28.png

Note: only the pages I created are clickable, other are marked grey, again, the problem persists and I get the error each time I try to open page that is clickable (i.e. I created it)

I have checked Permission Options on that single page (as Super User) and they are as following for the limited access group:

ScreenHunter_250 Jan. 23 15.03.png

Is it possible that this has an effect to why the restricted user cannot edit own pages?

Thanks,

joomla.team

Attachments (3)

  • ScreenHunter_249 Jan. 23 14.51.png
    ScreenHunter_249 Jan. 23 14.51.png 87.4 KB
  • ScreenHunter_246 Jan. 23 09.28.png
    ScreenHunter_246 Jan. 23 09.28.png 13.4 KB
  • ScreenHunter_250 Jan. 23 15.03.png
    ScreenHunter_250 Jan. 23 15.03.png 50.8 KB

Toufiq - Staff

More than a month ago #Permalink
Hi, Please send me the Joomla administrator access via pm. Thanks

Toufiq - Staff

More than a month ago #Permalink
Hi there, Your Joomla ACL has the problem. Because of that, i have done the same thing on my end no problem found. Thanks

joomla.team

More than a month ago #Permalink
Hi there Toufiq,

Thanks for your response, unfortunately this really doesn't help us further. We have repeated the same steps on a completely unrelated website and this issue - along with other apparent issues with SPPB and ACL - occured exactly as with the site mentioned above.

It would certainly be helpful if you could provide us with a little bit more information than just telling us "your Joomla ACL has the problem" :)

What we tried (on a separate website):

1. Created user group TEST

2. Configured permissions for the user group TEST for SPPB as follows:
- Configure ACL (denied)
- Access Administration Interface (allowed)
- Create (allowed)
- Delete (denied)
- Edit (denied)
- Edit state (denied)
- Edit own (allowed)

3. Created a new user and assigned it only to the user group TEST

4. Logged out of Joomla and back in with this user
=> User couldn't create a SPPB page!
=> User couldn't edit a page for which he was author!

This seems very much like a bug in the newest SPPB version, since we had an identical set up with the last 2.x version and these same permissions worked fine.

Thanks for taking the time to test this properly - if you cannot reproduce the error please provide us access to your own test environment and we will be happy to reproduce the same error on that page to illustrate the issue.

Cheers
jt

Toufiq - Staff

More than a month ago #Permalink
Hi,

Thanks for your reply. I have checked fresh Helix3 and Joomla. Yes, there has some issue. Besides, i have created a video please check your pm. We will fix it as soon as possible.

-Thanks

joomla.team

More than a month ago #Permalink
Hi,

Thanks for your reply. I have checked fresh Helix3 and Joomla. Yes, there has some issue. Besides, i have created a video please check your pm. We will fix it as soon as possible.

-Thanks


Hi Toufiq,

thank you for looking deeper into this issue. Please notify us as soon as this issue is fixed.

Cheers,
jt

Toufiq - Staff

More than a month ago #Permalink
Hi,

Thanks for your reply. I have checked fresh Helix3 and Joomla. Yes, there has some issue. Besides, i have created a video please check your pm. We will fix it as soon as possible.

-Thanks


Hi Toufiq,

thank you for looking deeper into this issue. Please notify us as soon as this issue is fixed.

Cheers,
jt


Hi, I have added this issue in our working board. Thanks

joomla.team

More than a month ago #Permalink
Hi Toufiq,

any news about this issue?

Cheers,
jt

Toufiq - Staff

More than a month ago #Permalink
Hi Toufiq,

any news about this issue?

Cheers,
jt


Hi there,

Happy to see you follow up the issue. But, this issue is queue. We have the plan to fix it. Please keep in touch with us we will fix it as soon as possible.

-Thanks

joomla.team

More than a month ago #Permalink
Hello Toufiq,

can you tell me when to expect the issue to be solved?
Or to expect at all...

Thanks,
jt

Toufiq - Staff

More than a month ago #Permalink
Hi there,

I have added our working board. We will fix it as soon as possible.

-Thanks

Austin Ramsdale

More than a month ago #Permalink
Cross-posting from the 2.x thread:

I've been able to solve this on my own... A ton of the work has already been done with respect to checking for core.edit and core.edit.own - so I'm not sure why they limited the functionality??

There are two files that need to be edited, one for the page editor, and one for the frontpage editor...

In /[root joomla]/components/com_sppagebuilder/controllers/page.php
Change line 18 from:

$authorised = $user->authorise('core.edit', 'com_sppagebuilder');


to

$authorised = $user->authorise('core.edit', 'com_sppagebuilder') || $user->authorise('core.edit.own', 'com_sppagebuilder.page.' . $recordID);


And In /[root joomla]/administrator/components/com_sppagebuilder/controllers/page.php
Change line 24 from:

if ($user->authorise('core.edit', 'com_sppagebuilder.page.' . $recordId)


to

if ($user->authorise('core.edit', 'com_sppagebuilder.page.' . $recordId) || $user->authorise('core.edit.own', 'com_sppagebuilder.page.' . $recordID))




I can now create a user with a "Designer" role, who can only Create and Edit Own. With some additional work on the ACLs, they now log into the admin panel, and only see the Pages and New Page icon. Inside of the Pages view, they see bolded items which they can edit, or use the frontpage editor on, the ones created by others, they can preview, but are unable to use the frontpage editor. They can, however, use the basic editor and see how a page works, but will not be able to save any changes. They will receive an unauthorized error.

Hope this helps some people. This is a much needed feature!

Version 3.3 Update:

With the latest update, menus are now editable by users. This can create a security risk if you have designers, but want to ultimately maintain control over what pages get actively pushed to your menus!

I've edited /[root joomla]/components/com_sppagebuilder/controllers/page.php
Under "public function addToMenu(){" change $output = array(); to:

$output = array();
$app = JFactory::getApplication();

$user = JFactory::getUser();
$authorised = $user->authorise('core.edit', 'com_sppagebuilder');

if (!$authorised) {
$output['status'] = false;
$output['error'] = 'Not Authorized to Edit Menus';
die(json_encode($output));
}


Now users that don't have full edit capability won't be able to make menu assignments, but will still be able to create pages, edit their own, and full-editors can still have the functionality!

joomla.team

More than a month ago #Permalink
Hi Toufiq,

could you update me if you have an official solution?

What Austin is suggesting is to change SPPB core files. This is not ideal since you (Joomshaper) are pushing regular updates and we update each time :D


Tnx,
jt

Austin Ramsdale

More than a month ago #Permalink
To your point, there have been several updates lately - I've slacked since 3.3.2, but finally upgraded today, and have recertified that these changes appear to work as expected.

Updating post.

joomla.team

More than a month ago #Permalink
Tnx Austin, but I would really appreciate an answer from Joomshaper, since I couldn't find the confirmation on your forum post as well.

Is this solution an official solution, and would SPPB updates have any effect if I implement this ?

Cheers,
jt

Austin Ramsdale

More than a month ago #Permalink
Hi JT,

I agree - I'd like an official answer on when this code change can either be included or an official solution. I think I can answer your question though.

Since this isn't an official solution, it gets overwritten each time a new update comes out. It does not, however, impact your ability to get updates. The update system works just as it did before, I just always have to go back in and adjust those two files.

Best,

Austin

joomla.team

More than a month ago #Permalink
Hi Austin,

:D :D :D :D :D (missing the cwl moji) tnx for the answer. That's exactly what I'm talking about.
It's okay (depends how one sees it) to change a core file for one or 2 websites... How ever, we have reached a bigger number of websites we monitor (20ish and counting). Updating those 2 files manually after every update would be tedious.
Sooo, we wait than for an official answer, but have the solution at hand :D

Cheers,
Ivana from jt

Toufiq - Staff

More than a month ago #Permalink
Hi there,

We have done some feature already. Besides, we are working for more effective.

-Thanks


There are no replies made for this post yet.
Be one of the first to reply to this post!

Leaderboard (30 days)

Sifat

Sifat

Total Accepted Answers: 132
Paul Frankowski

Paul Frankowski

Total Accepted Answers: 93
Toufiq

Toufiq

Total Accepted Answers: 24
Pavel

Pavel

Total Accepted Answers: 4
Al Mamun

Al Mamun

Total Accepted Answers: 3

113

Templates

289650

Community Users

Newsletter

Don’t miss any updates of our new templates and extensions and all the astonishing offers we bring for you.
We never spam

Joomla! ® name is used under a limited license from Open Source Matters in the United States and other countries. JoomShaper.com is not affiliated with or endorsed by Open Source Matters or the Joomla! Project.

Connect Us