-
Notifications
You must be signed in to change notification settings - Fork 63
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Files for documentation for code PR 41496 "Control Access to Component Preferences Individually" #266
base: main
Are you sure you want to change the base?
Conversation
Add reference to new section.
Spelling & style corrections
Hi, sorry for the delay in looking in detail at this PR. I was having a look at this with a view to merging it, and have been trying out what you suggest. However I can't get working what you show in your documentation. If I expand the com_users access.xml file to include those extra lines then I can see the additional permissions in the com_users configuration ok. However, I can't see how you can limit the number of tabs in the com_users config. Is there not more code required to make that work? Wouldn't com_users need to check one of those tab permissions before displaying that particular tab? Also wouldn't com_config need to change to check those permissions before allowing the Save of a particular configuration option? A configuration option might not be displayed if its associated tab isn't displayed, but a malicious user could send an HTTP request using eg curl for that option, bypassing the fact that its tab is not displayed on the form. |
Hi @robbiejackson, sorry to be so slow getting back to this. I don't remember seeing a notification, perhaps I just missed it. |
Perhaps the code PR #41496 should have been titled "Control Access to Component Preference Tabs Individually".
Since this is my first PR into the manual, I understand there may be further work required. Please inform me what's required if this is so.