- Posts: 63
- Thank you received: 1
Bad ACL how to limit access
- Russell Leigh
- Topic Author
- Offline
- Senior Member
-
Less
More
4 years 4 months ago #137040
by Russell Leigh
Bad ACL how to limit access was created by Russell Leigh
This plugin does not follow proper joomla standards and has configuration as part of the plugin instead of in the proper joomla options
In the joomla options are some settings for ACL but they do not work
I have set "Configure ACL & Options" to be only super admins but it has no effect. Admins can still edit the configuration
How can I limit access to the configuration page?
In the joomla options are some settings for ACL but they do not work
I have set "Configure ACL & Options" to be only super admins but it has no effect. Admins can still edit the configuration
How can I limit access to the configuration page?
Please Log in or Create an account to join the conversation.
- Mr. Dam
-
- Offline
- Administrator
-
Less
More
- Posts: 12818
- Thank you received: 1659
4 years 4 months ago #137045
by Mr. Dam
Replied by Mr. Dam on topic Bad ACL how to limit access
Hi,
Unfortunately, Joom Donation doesn't have feature to setup access levels to specific functions at Backend of component. I will consider to think about it for future improvement
Thanks
Dam
Unfortunately, Joom Donation doesn't have feature to setup access levels to specific functions at Backend of component. I will consider to think about it for future improvement
Thanks
Dam
Please Log in or Create an account to join the conversation.
- Russell Leigh
- Topic Author
- Offline
- Senior Member
-
Less
More
- Posts: 63
- Thank you received: 1
4 years 4 months ago #137046
by Russell Leigh
Replied by Russell Leigh on topic Bad ACL how to limit access
Why are the configuration options inside the component instead of done the proper Joomla way?
This is really practice bad as it stops you limiting access to the config options. Whats the point in joomla ACL if you just ignore it?
It's very easy to put those options in the proper config area. Please read and follow the documentation and proper joomla and best practices docs.joomla.org/J3.x:Developing_an_MVC_C...Adding_configuration
I'm still absolutely shocked and horrified at these extensions
This is really practice bad as it stops you limiting access to the config options. Whats the point in joomla ACL if you just ignore it?
It's very easy to put those options in the proper config area. Please read and follow the documentation and proper joomla and best practices docs.joomla.org/J3.x:Developing_an_MVC_C...Adding_configuration
I'm still absolutely shocked and horrified at these extensions
Please Log in or Create an account to join the conversation.
- Mr. Dam
-
- Offline
- Administrator
-
Less
More
- Posts: 12818
- Thank you received: 1659
4 years 4 months ago #137067
by Mr. Dam
Replied by Mr. Dam on topic Bad ACL how to limit access
Hi,
In fact, we know how to add ACL permissions for management tools at Backend of Joom Donation, but we haven't implemented it because we don't want to make customers confusing with a lot of ACL permissions at Backend side.
But ok, i will add option to allow administrator to manage access to Joom Donation Configuration page in next version of extension.
Thanks
Dam
In fact, we know how to add ACL permissions for management tools at Backend of Joom Donation, but we haven't implemented it because we don't want to make customers confusing with a lot of ACL permissions at Backend side.
But ok, i will add option to allow administrator to manage access to Joom Donation Configuration page in next version of extension.
Thanks
Dam
Please Log in or Create an account to join the conversation.
- Russell Leigh
- Topic Author
- Offline
- Senior Member
-
Less
More
- Posts: 63
- Thank you received: 1
4 years 4 months ago #137075
by Russell Leigh
Replied by Russell Leigh on topic Bad ACL how to limit access
If you know how why on earth haven't you done it properly? To make it easier for the user is a ridiculous excuse lol
Joomla has the ACL built in and nearly ALL other components and joomla core use it so how is it gonna make it more complicated for the user? It has default settings which the majority of users wont touch so won't make a difference to them. The config is normally as default in most joomla components limited to super user. In your plugin it has No ACL at all so that's really bad.
The way you have implemented config is a security concern. It is standard joomla practices to put the config in the config pages and have an options button so it is secured with ACL. It is very easy to implement and normal for joomla components to behave in this way.
I don't want to argue the point though. The coding in these plugins and the implementation is not following joomla standards and is simply very bad.
Joomla has the ACL built in and nearly ALL other components and joomla core use it so how is it gonna make it more complicated for the user? It has default settings which the majority of users wont touch so won't make a difference to them. The config is normally as default in most joomla components limited to super user. In your plugin it has No ACL at all so that's really bad.
The way you have implemented config is a security concern. It is standard joomla practices to put the config in the config pages and have an options button so it is secured with ACL. It is very easy to implement and normal for joomla components to behave in this way.
I don't want to argue the point though. The coding in these plugins and the implementation is not following joomla standards and is simply very bad.
Please Log in or Create an account to join the conversation.
Moderators: Mr. Dam, Dũng Nguyễn Việt
Support
Documentation
Information
Copyright © 2024 Joomla Extensions by Joomdonation. All Rights Reserved.
joomdonation.com is not affiliated with or endorsed by the Joomla! Project or Open Source Matters.
The Joomla! name and logo is used under a limited license granted by Open Source Matters the trademark holder in the United States and other countries.
The Joomla! name and logo is used under a limited license granted by Open Source Matters the trademark holder in the United States and other countries.