Not allowed to core.manage? Use 403 exception (for remaning components)

[andrepereiradasilva]

Pull Request for Improvement.

Summary of Changes

This PR is the sequence of #11593.

Replace all remaining administrator components existing 404 JError for a 403 php exception (JAccessExceptionNotallowed) when the user does not have access to "Access Administration Interface" (core.manage).

Before

After

Testing Instructions

• Use latest staging
• Apply patch
• Create a user and add it to "Manager" group
• Go to to all components and set "Access Administration Interface" (core.manage) to "Denied" for "Manager" group in all remaning components (com_content, com_banners, com_contact, com_media, com_newsfeeds, com_search and com_finder)
• Try to access the following URL, you should see 403 errors now:

/administrator/index.php?option=com_banners
/administrator/index.php?option=com_cache
/administrator/index.php?option=com_categories
/administrator/index.php?option=com_categories&extention=com_content
/administrator/index.php?option=com_checkin
/administrator/index.php?option=com_contact
/administrator/index.php?option=com_content
/administrator/index.php?option=com_contenthistory&view=history (this one will give a layout not definied error)
/administrator/index.php?option=com_finder
/administrator/index.php?option=com_installer
/administrator/index.php?option=com_joomlaupdate
/administrator/index.php?option=com_languages
/administrator/index.php?option=com_media
/administrator/index.php?option=com_menus
/administrator/index.php?option=com_messages
/administrator/index.php?option=com_modules
/administrator/index.php?option=com_newsfeeds
/administrator/index.php?option=com_plugins
/administrator/index.php?option=com_redirect
/administrator/index.php?option=com_search
/administrator/index.php?option=com_tags
/administrator/index.php?option=com_templates
/administrator/index.php?option=com_users

• Code review.

Note the other admin components (com_admin, com_ajax, com_cpanel, com_postinstall) doesn't use this or already use exceptions.

Didn't touch com_config. This one needs another PR.

Documentation Changes Required

None.

[wilsonge]

OK so I'm going to be super nasty about this. I think this needs a different exception class - this is not an exception thrown in the controller therefore in my opinion JControllerExceptionNotallowed is the wrong exception to be used here

[andrepereiradasilva]

ok. i understand, so what do you recomend then?

[andrepereiradasilva]

Add a new JAccessExceptionNotallowed exception?

[wilsonge]

I think so - and thinking about it maybe extend the controller exception from that?

[andrepereiradasilva]

ok done.

Removed the JControllerExceptionNotAllowed since it doesn't make sense now (it was added yesterday so no B/C break)

[jeckodevelopment]

I have tested this item ✅ successfully on bb75a88

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/11608.}

[jeckodevelopment]

Works as expected.