× Please submit new Bug Reports on GitHub: github.com/Jensen-Technologies/component-creator-issues/issues

Debate: handling unpublished items

9 Jahre 6 Monate her - 9 Jahre 6 Monate her #786 von Jonas Fagnastøl Henriksen
Debate: handling unpublished items wurde erstellt von Jonas Fagnastøl Henriksen
My view: 
There is a bug in component-creator that allows an unprivileged user access to items that are unpublished and trashed, through the direct link ( similar to http://mysite.no?option=com_mycomponent&view=myview&id=15 ). I regard this a serious issue, and has reported the bug to component-creator. However, Victor, handling the bug report at component-creator, means that the item should be available through the direct link, but not listed in category-listing or similar. He suggested I post the dispute to the forum, so here we are.

It should be noted that all core components in joomla deny unprivileged users to access unpublished and trashed items. 

Everyone in support of not allowing any users to view your trashed or unpublished items, raise your hands!
Letzte Änderung: 9 Jahre 6 Monate her von Jonas Fagnastøl Henriksen.

Bitte Anmelden oder Registrieren um der Konversation beizutreten.

9 Jahre 6 Monate her #787 von Andres Maeso
Andres Maeso antwortete auf Bug handling unpublished items
Hi Jonas!

Should I move to the Feature requests forum? I think it will get more traction. And instead of bug, I would write "Debate", so everybody understand their opinion is required.

Let me know and I will do it asap.
Andrés Maeso
Customer relations manager at Joomla Component Creator.

Diese E-Mail-Adresse ist vor Spambots geschützt! Zur Anzeige muss JavaScript eingeschaltet sein!

Bitte Anmelden oder Registrieren um der Konversation beizutreten.

9 Jahre 6 Monate her #795 von Randy Carey
Randy Carey antwortete auf Bug handling unpublished items
I know CC wants to build their components to be aligned with how core components do it.  

It is my understanding that (in core components) the front-end model will not serve up an article if it is not either published or archived.  Here is code from the article model that builds the SQL for retrieving the requested article:
if (is_numeric($published)) {
       $query->where('(a.state = ' . (int) $published . ' OR a.state =' . (int) $archived . ')');
}
Obviously, if a person has permission to edit, delete, or change state on this item, then this person should be able to see the item (at least backend, perhaps front-end as well).  But it seems to me that if an item is not either published or archived, then any front-end link to this item should not display the article (unless it is for the user to edit it), and the model should return an error message similar to how that core components do: 
if (empty($data)) {
     return JError::raiseError(404, JText::_('COM_CONTENT_ERROR_ARTICLE_NOT_FOUND'));
 }
Folgende Benutzer bedankten sich: Andres Maeso

Bitte Anmelden oder Registrieren um der Konversation beizutreten.

Ladezeit der Seite: 0.054 Sekunden
Powered by Kunena Forum

Wir verwenden eigene Cookies und Cookies von Drittanbietern, um Ihr Nutzererlebnis zu verbessern und Ihnen einen optimalen Service zu bieten. Wenn Sie die Website weiter nutzen, gehen wir davon aus, dass Sie mit unserer Cookie-Politik einverstanden sind.

Weitere infos.