Skip to content

[com_plugins] User not allowed to core.manage? Use 403 php custom exception (instead of a 404 JError) #11593

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Aug 14, 2016
Merged

[com_plugins] User not allowed to core.manage? Use 403 php custom exception (instead of a 404 JError) #11593

merged 3 commits into from
Aug 14, 2016

Conversation

@andrepereiradasilva
Copy link
Contributor

@andrepereiradasilva andrepereiradasilva commented Aug 14, 2016
edited by jeckodevelopment
Loading

Pull Request for Improvement.

Summary of Changes

Replace com_plugins existing 404 JError for a 403 php exception when the user does not have access to "Access Administration Interface" (core.manage).

Also adds a custom exception JControllerExceptionNotallowed for this effect.

Before

image

After

image

Testing Instructions

  1. Use latest staging
  2. Create a user and add it to "Administrator" group
  3. Go to com_plugins and set "Access Administration Interface" (core.manage) to "Denied" for "Administrator" group
  4. Login with the Administrator user in a private window and go to /administrator/index.php?option=com_plugins
  5. See the red message (Before)
  6. Apply patch
  7. Repeat step 4, you'll see now a 403 error (After).

When/If merged i can do it for the other components.

thanks @mbabker

@alikon
Copy link
Contributor

alikon commented Aug 14, 2016

I have tested this item ✅ successfully on

This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/11593.

@jeckodevelopment
Copy link
Member

jeckodevelopment commented Aug 14, 2016

I have tested this item ✅ successfully on e1253ed

This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/11593.

@MATsxm
Copy link

MATsxm commented Aug 14, 2016

I have tested this item ✅ successfully on e1253ed

Thanks

This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/11593.

@jeckodevelopment
Copy link
Member

jeckodevelopment commented Aug 14, 2016

RTC please

This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/11593.

@joomla-cms-bot joomla-cms-bot added the RTC This Pull Request is Ready To Commit label Aug 14, 2016
@andrepereiradasilva andrepereiradasilva mentioned this pull request Aug 14, 2016
Merged
@rdeutz rdeutz added this to the Joomla 3.6.3 milestone Aug 14, 2016
@rdeutz rdeutz merged commit 98f0379 into joomla:staging Aug 14, 2016
@joomla-cms-bot joomla-cms-bot removed the RTC This Pull Request is Ready To Commit label Aug 14, 2016
@andrepereiradasilva andrepereiradasilva deleted the poc-exception-plugins branch August 14, 2016 16:29
This was referenced Aug 14, 2016
Merged
Merged
izharaazmi added a commit to izharaazmi/joomla-cms that referenced this pull request Aug 15, 2016
@izharaazmi
Merge branch 're-arrayhelper-min' into re-arrayhelper-minOLD
376f090 
* re-arrayhelper-min: (2467 commits)
  Minimize JArrayHelper methods `toInteger`, `pivot`, `arrayUnique` by using Joomla\Utilities\ArrayHelper internally. Leaving (reverting from joomla#7782) other four methods as is for b/c reasons as mentioned in joomla#8455.
  remove platform include (joomla#11615)
  [GitHub Templates] Make headings bigger (joomla#11607)
  [com_contact] Make ACL core.edit.own work (PR for 11466) (joomla#11503)
  Small review on docs & code structure in JModelLegacy library classes (joomla#11057)
  Obviously, this should be an array. (joomla#11610)
  Don't manually import JPlatform anymore (joomla#10841)
  Parse preprocess rules from component routers (joomla#8986)
  Add the correct exception after 11593 merge (was waiting for that merrge) (joomla#11606)
  Add missing clean line after joomla#9277 (joomla#11605)
  Deprecate the _PROFILER global var (joomla#10845)
  Spelling errors (joomla#11604)
  Moved travis javascript bash file to build/travis like joomla#11600 (joomla#11603)
  Regression: Fix edit check in backend articles manager, always denying edit after soft deny (joomla#11511)
  [com_plugins] User not allowed to core.manage? Use 403 php custom exception (instead of a 404 JError) (joomla#11593)
  [com_newsfeeds] Make ACL core.edit.own work (PR for 11466) (joomla#11502)
  $result-variable-undefined-given-default-value (joomla#9277)
  com_banners use exceptions. and not allowed is a 403 (joomla#11418)
  Frontend & plugins using the autoloader (joomla#10882)
  New version of PR 6788 (JText::_() Optimizations) (joomla#11235)
  ...
ggppdk pushed a commit to ggppdk/joomla-cms that referenced this pull request Aug 19, 2016
@andrepereiradasilva @ggppdk
[com_plugins] User not allowed to core.manage? Use 403 php custom exc…
98fe47b 
…eption (instead of a 404 JError) (joomla#11593)

* add exception

* lowercase

* lowercase
roland-d pushed a commit to roland-d/joomla-cms that referenced this pull request Sep 11, 2016
@andrepereiradasilva @roland-d
[com_plugins] User not allowed to core.manage? Use 403 php custom exc…
a1c6c48 
…eption (instead of a 404 JError) (joomla#11593)

* add exception

* lowercase

* lowercase
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

Joomla 3.6.3

Development

Successfully merging this pull request may close these issues.

6 participants

@andrepereiradasilva @alikon @jeckodevelopment @MATsxm @rdeutz @joomla-cms-bot