Account Options

  1. Sign in
The old Google Groups will be going away soon, but your browser is incompatible with the new version.
Google Groups Home
« Groups Home
Joomla! General Development
Home
About this group
Apply for group membership
$user->authorise return null
Options
There are currently too many topics in this group that display first. To make this topic appear first, remove this option from another topic.
There was an error processing your request. Please try again.
flag
   17 messages - Collapse all  -  Translate all to Translated (View all originals)
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
Luis Galárraga  
View profile  
 More options Jun 25 2012, 6:57 pm
From: Luis Galárraga <shamant...@gmail.com>
Date: Tue, 26 Jun 2012 00:57:47 +0200
Local: Mon, Jun 25 2012 6:57 pm
Subject: $user->authorise return null
Print | Individual message | Show original | Report this message | Find messages by this author

Dear Joomla! community:

I am porting my component J!Research to work in Joomla! 2.5 but I have a
small problem regarding the ACL and after a while I have been unable to
solve it. I have some table called #__jresearch_member which includes the
asset_id column. I have checked its records and they seem to match the id
in the #__assets table. The point is that for user besides the super
administrator, the method $user->authorise returns null. File s1.png shows
some records from my assets table. Pay attention to the row with id 189,
its rule column has the following value:

{"core.staff.edit.state":{"1":0,"6":0,"7":0,"2":0,"3":0,"4":0,"5":1,"10":0, "12":0,"8":0},"core.staff.edit":{"1":0,"6":0,"7":0,"2":0,"3":0,"4":0,"5":1, "10":0,"12":0,"8":0},"core.staff.delete":{"1":0,"6":0,"7":0,"2":0,"3":0,"4" :0,"5":1,"10":0,"12":0,"8":0}}

s2.png contains a screenhost of my form, as well as its source code
(member.xml). Note that I get a conflict for the "Publisher" group even
though my global configurations are set to allow the specified actions to
member of that group. The global configuration (config.xml) as well as my
access.xml are also attached. s3.png shows my current global configuration.

When a user of the group "Publisher" tries to edit the item from frontend,
the $user->authorise method returns null for all possible actions. I have
debugged the application and the asset_name matches my item
("com_jresearch.member.3" in my example) and everything seems to be in
order in my understanding.

Does anybody have an idea about the cause of the problem? I would really
appreciate your help since this bug is causing a lot of trouble to my
users. Thanks in advance!

All the best,
Luis

PD: The rules column of my component asset (id=187) is

{"core.admin":[],"core.manage":{"5":1},"core.publications.create":{"5":1}," core.publications.edit":{"5":1},"core.publications.edit.own":{"5":1},"core. publications.edit.state":{"5":1},"core.publications.delete":{"5":1},"core.s taff.create":{"5":1},"core.staff.edit":{"5":1},"core.staff.edit.own":{"5":1 },"core.staff.delete":{"5":1},"core.researchareas.create":{"5":1},"core.res earchareas.edit":{"5":1},"core.researchareas.edit.own":{"5":1},"core.resear chareas.delete":{"5":1}}

so everything seems to be in order in the database.

  access.xml
3K Download

  config.xml
8K Download

  s1.png
402K Download

  s2.png
383K Download

  s3.png
368K Download

 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
elin  
View profile   Translate to Translated (View Original)
 More options Jun 26 2012, 6:55 am
From: elin <elin.war...@gmail.com>
Date: Tue, 26 Jun 2012 03:55:14 -0700 (PDT)
Local: Tues, Jun 26 2012 6:55 am
Subject: Re: $user->authorise return null
Print | Individual message | Show original | Report this message | Find messages by this author

You don't need the middle part of the name .... just have core.edit,
core.edit.state. That way the values are inherited from the global
configurations and categories.  You don't need to specify the asset type,
that is already known from the context and asset table (name field).

Elin


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
elin  
View profile   Translate to Translated (View Original)
 More options Jun 26 2012, 7:17 am
From: elin <elin.war...@gmail.com>
Date: Tue, 26 Jun 2012 04:17:15 -0700 (PDT)
Local: Tues, Jun 26 2012 7:17 am
Subject: Re: $user->authorise return null
Print | Individual message | Show original | Report this message | Find messages by this author

Oh, I see  ... questions first, are you using categories? Do you want the
permissions inherited from the core permissions?

Elin


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Luis Galárraga  
View profile   Translate to Translated (View Original)
 More options Jun 26 2012, 6:15 pm
From: Luis Galárraga <shamant...@gmail.com>
Date: Wed, 27 Jun 2012 00:15:58 +0200
Local: Tues, Jun 26 2012 6:15 pm
Subject: Re: [jgen] Re: $user->authorise return null
Print | Individual message | Show original | Report this message | Find messages by this author

Hi Elin:

Thanks for your prompt response. I am not using the Joomla! categories at
all (at least it is not my intention). Do you see any anomaly in my ACL
files?

Regards,
Luis

2012/6/26 elin <elin.war...@gmail.com>


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
elin  
View profile   Translate to Translated (View Original)
 More options Jun 26 2012, 10:25 pm
From: elin <elin.war...@gmail.com>
Date: Tue, 26 Jun 2012 19:25:50 -0700 (PDT)
Local: Tues, Jun 26 2012 10:25 pm
Subject: Re: [jgen] Re: $user->authorise return null
Print | Individual message | Show original | Report this message | Find messages by this author

Can you post the json strings for authors, editors and registered also
please?

Elin


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
elin  
View profile   Translate to Translated (View Original)
 More options Jun 27 2012, 7:00 am
From: elin <elin.war...@gmail.com>
Date: Wed, 27 Jun 2012 04:00:36 -0700 (PDT)
Local: Wed, Jun 27 2012 7:00 am
Subject: Re: [jgen] Re: $user->authorise return null
Print | Individual message | Show original | Report this message | Find messages by this author

Oh staring right at it ... your publishers are locked because your editors
are denied as is everyone else in the branch. Those should be not set
rather than denied. You can not over ride  an explicit deny.

{"core.staff.edit.state":{"5":1},"core.staff.edit":{"5":1},"core.staff.dele te":{"5":1}}

Try to avoid explicit denies and only do them once in a branch.

Elin


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Luis Galárraga  
View profile  
 More options Jun 28 2012, 6:28 pm
From: Luis Galárraga <shamant...@gmail.com>
Date: Fri, 29 Jun 2012 00:28:32 +0200
Local: Thurs, Jun 28 2012 6:28 pm
Subject: Re: [jgen] Re: $user->authorise return null
Print | Individual message | Show original | Report this message | Find messages by this author

Hi Elin:

I tried with the text you attached me and the rules effectively turned
green in the edition form for the item and now the authorise method returns
true for the mentioned actions, however when I save the item, the explicit
denies are there again! What is the default behavior regarding the content
of the rules column for an asset? Is there any Joomla! standard way to
avoid these explicit denies?

I really appreciate your help. Now I have at least the clue about the cause
of the problem. Thanks a lot!

Regards,
Luis

2012/6/27 elin <elin.war...@gmail.com>


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
elin  
View profile  
 More options Jun 30 2012, 8:38 am
From: elin <elin.war...@gmail.com>
Date: Sat, 30 Jun 2012 05:38:15 -0700 (PDT)
Local: Sat, Jun 30 2012 8:38 am
Subject: Re: [jgen] Re: $user->authorise return null
Print | Individual message | Show original | Report this message | Find messages by this author

Hi Luis,

Notice that parent column in your asset table. Everything has a parent of
1!  You have totally different action names than global config (asset 1).
That means that no inheritance from the component is going on at all.   The
asset name is being created correctly so all is good there, the problem is
in how the parent is set.

As a short term solution, what I would do is to add a category for each of
your sections and force all of your records into that (that means adding a
category field to each table but you can use a hidden field if you don't
want to use categories). We know that working through the category system
works. However do not attempt to make dot separated groups of categories I
can tell you from experience that you will end up with the same problem of
parenting to 1.  Just make a master category for each type.

I think that the way the CMS has implemented ACL you really either need to
buy into the categories structure or you need to completely set the asset
record each time at the item level. In your case that is what is happening
and everything is defaulting to denied on the first save.   You could give
up the dot separated action names and let each record inherit defaults from
the global configuration.  

I tend to think/remember looking back that the total reliance on the
categories was something of a workaround to this issue.

I think alternatively you could change your tables to save with the correct
parent asset.
Here's the query the category table uses to find the correct parent for the
asset table, in your case you already know the name of the extension.  
https://github.com/joomla/joomla-platform/blob/staging/libraries/lega...

Elin


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Luis Galárraga  
View profile  
 More options Jul 2 2012, 6:47 pm
From: Luis Galárraga <shamant...@gmail.com>
Date: Tue, 3 Jul 2012 00:47:16 +0200
Local: Mon, Jul 2 2012 6:47 pm
Subject: Re: [jgen] Re: $user->authorise return null
Print | Individual message | Show original | Report this message | Find messages by this author

Dear Elin:

Thank you so much for your help. I checked and there was a small bug in my
routine to get the asset parent id and now it is correct for all my assets.
All my items have the component configuration as parent asset. This
actually solves the problem for my users but there is still some issues.
Before trying the categories solution, I tried to save per item rules but
the problem still persists.

My component asset has this value for the rules:

{"core.admin":[],"core.manage"
:{"5":1},"core.publications.create":{"5":1},"core.publications.edit":{"5":1 },"core.publications.edit.own":{"5":1},"core.publications.edit.state":{"5": 1},"core.publications.delete":{"5":1},"core.staff.create":{"5":1},"core.sta ff.edit":{"5":1},"core.staff.edit.own":{"5":1},"core.staff.delete":{"5":1}, "core.researchareas.create":{"5":1},"core.researchareas.edit":{"5":1},"core .researchareas.edit.own":{"5":1},"core.researchareas.delete":{"5":1}}

On the other hand the asset row corresponding to my item produces this
value *if only if I explicitly say "Allowed" for all actions* like depicted
in the picture s1.png:

{"core.staff.edit.state":{"1":0,"6":0,"7":0,"2":0,"3":0,"4":0,"5":1,"10":0, "12":0,"8":0},"core.staff.edit":{"1":0,"6":0,"7":0,"2":0,"3":0,"4":0,"5":1, "10":0,"12":0,"8":0},"core.staff.delete":{"1":0,"6":0,"7":0,"2":0,"3":0,"4" :0,"5":1,"10":0,"12":0,"8":0}}

As you can see the values are effectively saved, but if I select "Inherit",
the string always ends in "Deny" and the 1s are replaced by 0s. I would
expect to inherit those values from the parent asset (which is correctly
set this time). *Is there anything missing from my side or does the option
"inherit" in the rules control always refer to the category permissions?* I
just wanted to be sure as I might have to make several changes. Thanks in
advance for your guidance!

Cheers,
Luis

2012/6/30 elin <elin.war...@gmail.com>

...

read more »

  s1.png
384K Download

 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Luis Galárraga  
View profile  
 More options Jul 3 2012, 6:35 pm
From: Luis Galárraga <shamant...@gmail.com>
Date: Wed, 4 Jul 2012 00:35:57 +0200
Local: Tues, Jul 3 2012 6:35 pm
Subject: Re: [jgen] Re: $user->authorise return null
Print | Individual message | Show original | Report this message | Find messages by this author

Hi Elin:

A question, if I use the categories system, must the parent_id in the
assets columns point to the asset of the parent category? I have tried with
this, but I still have problems with inheritance. Normally inherited rules
show a [] but I keep getting explicit denials when I save my items. Here is
my new access.xml.

Luis,

2012/7/3 Luis Galárraga <shamant...@gmail.com>

...

read more »

  access.xml
1K Download

 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
elin  
View profile  
 More options Jul 4 2012, 9:20 am
From: elin <elin.war...@gmail.com>
Date: Wed, 4 Jul 2012 06:20:46 -0700 (PDT)
Local: Wed, Jul 4 2012 9:20 am
Subject: Re: [jgen] Re: $user->authorise return null
Print | Individual message | Show original | Report this message | Find messages by this author

Do you want there to be separate defaults for each type or do you want all
types to use the component defaults?

Would you want to send me a zip of the component or can I get a copy from
github or svn?

Elin

...

read more »


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Luis Galárraga  
View profile  
 More options Jul 4 2012, 3:32 pm
From: Luis Galárraga <shamant...@gmail.com>
Date: Wed, 4 Jul 2012 21:32:38 +0200
Local: Wed, Jul 4 2012 3:32 pm
Subject: Re: [jgen] Re: $user->authorise return null
Print | Individual message | Show original | Report this message | Find messages by this author

Hi Elin:

Do you want there to be separate defaults for each type or do you want all

> types to use the component defaults?

Yes, as you will see my access.xml tries to do that.

Would you want to send me a zip of the component or can I get a copy from

> github or svn?

I have updated the repository so you can download the latest version with:

svn co http://joomlacode.org/svn/jresearch/trunk/src

You can make the path installer point directly to your working copy and
install the component. I have restored the code to its initial state so I
am not using the categories system anymore. On the other hand, the bug in
the function to retrieve the parent asset is solved. Just a couple of
things:

- All my tables inherit from JResearchTable which inherits from JTable
- Since this is just in progress, most of the types do not work, so try
creating items on the Staff section.

I hope you can help me. Really thanks for your support!!!

All the best,
Luis

2012/7/4 elin <elin.war...@gmail.com>

...

read more »


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
elin  
View profile   Translate to Translated (View Original)
 More options Jul 8 2012, 9:21 am
From: elin <elin.war...@gmail.com>
Date: Sun, 8 Jul 2012 06:21:19 -0700 (PDT)
Local: Sun, Jul 8 2012 9:21 am
Subject: Re: [jgen] Re: $user->authorise return null
Print | Individual message | Show original | Report this message | Find messages by this author

Hi Luis,

So a couple of points.
First you probably want to look more carefully at JTableContent as a model
for your tables.  However, in doing so you will want to notice this:

https://github.com/joomla/joomla-platform/blob/staging/libraries/lega...

the _getParentAsset function. You want to set the parent asset you want
there. Most likely it will be either com_research or some thing like
com_research.staff if you want there to be separate default permissions for
each type.

So if you really want to independently make default configurations for each
type you need to set up some way to be able to do that.  So that means you
need a table something like #__research_types  that will hold a record for
each of your asset types enabling you to have a view which will let you set
the permissions via a rules field.  Each type would then have an asset in
the asset table that would be something like  com_research.type.x where x
is the id for the type. The model for types would then parent the type to
com_research (also like in JTableContent _getParentAsset()). Then your
individual assets like staff would be parented to the type.  

Also as I mentioned before, you should just have core.create, core.edit etc
if you want to be able to inherit from core.create, core.edit etc going up
the asset tree. if the action names do not match exactly there can be no
inheritance.

Elin

...

read more »


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Luis Galárraga  
View profile  
 More options Jul 11 2012, 5:31 pm
From: Luis Galárraga <shamant...@gmail.com>
Date: Wed, 11 Jul 2012 23:31:04 +0200
Local: Wed, Jul 11 2012 5:31 pm
Subject: Re: [jgen] Re: $user->authorise return null
Print | Individual message | Show original | Report this message | Find messages by this author

Dear Elin:

Thanks for your support. I will follow your advice and let you know the
outcome as soon as I find a moment to solve this issue.

All the best,
Luis

2012/7/8 elin <elin.war...@gmail.com>

...

read more »


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
elin  
View profile  
 More options Jul 28 2012, 12:12 am
From: elin <elin.war...@gmail.com>
Date: Fri, 27 Jul 2012 21:12:03 -0700 (PDT)
Local: Sat, Jul 28 2012 12:12 am
Subject: Re: [jgen] Re: $user->authorise return null
Print | Individual message | Show original | Report this message | Find messages by this author

I think I found the reason that it is not inheriting from the global and I
posted a fix. We'll see what the platform team thinks.

https://github.com/joomla/joomla-platform/issues?state=open

Elin

...

read more »


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Antanas Vipartas  
View profile  
 More options Aug 10 2012, 3:17 am
From: Antanas Vipartas <vipanto...@gmail.com>
Date: Fri, 10 Aug 2012 00:17:48 -0700 (PDT)
Local: Fri, Aug 10 2012 3:17 am
Subject: Re: [jgen] Re: $user->authorise return null
Print | Individual message | Show original | Report this message | Find messages by this author

@Luis: I have the same problem. Did you manage to solve it?


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Luis Galárraga  
View profile  
 More options Aug 19 2012, 4:39 pm
From: Luis Galárraga <shamant...@gmail.com>
Date: Sun, 19 Aug 2012 22:39:01 +0200
Local: Sun, Aug 19 2012 4:39 pm
Subject: Re: [jgen] Re: $user->authorise return null
Print | Individual message | Show original | Report this message | Find messages by this author

Hi everybody:

@Elin: Sorry for my late reply, I appreciate your help. I will wait for a
definite solution and try again. @Antanas: As I did not manage to inherit
permissions, I have removed per-item access rules for the sake of my latest
release, so that the my users can define only rules over all items. However
I intend to provide this functionality as soon as the problem is solved.

Cheers,
Luis

2012/8/10 Antanas Vipartas <vipanto...@gmail.com>


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
End of messages
« Back to Discussions « Newer topic     Older topic »

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2013 Google