diff --git a/administrator/components/com_fields/src/Model/GroupModel.php b/administrator/components/com_fields/src/Model/GroupModel.php index 69caf97134ff0..196b956b0d73d 100644 --- a/administrator/components/com_fields/src/Model/GroupModel.php +++ b/administrator/components/com_fields/src/Model/GroupModel.php @@ -120,14 +120,13 @@ public function getForm($data = [], $loadData = true) return false; } - // Modify the form based on Edit State access controls. - if (empty($data['context'])) { - $data['context'] = $context; - } + $record = new \stdClass(); + $record->context = $context; + $record->id = $jinput->get('id'); $user = $this->getCurrentUser(); - if (!$user->authorise('core.edit.state', $context . '.fieldgroup.' . $jinput->get('id'))) { + if (!$this->canEditState($record)) { // Disable fields for display. $form->setFieldAttribute('ordering', 'disabled', 'true'); $form->setFieldAttribute('state', 'disabled', 'true'); @@ -160,7 +159,9 @@ protected function canDelete($record) return false; } - return $this->getCurrentUser()->authorise('core.delete', $record->context . '.fieldgroup.' . (int) $record->id); + $component = explode('.', $record->context)[0]; + + return $this->getCurrentUser()->authorise('core.delete', $component . '.fieldgroup.' . (int) $record->id); } /** @@ -177,13 +178,15 @@ protected function canEditState($record) { $user = $this->getCurrentUser(); + $component = explode('.', $record->context)[0]; + // Check for existing fieldgroup. if (!empty($record->id)) { - return $user->authorise('core.edit.state', $record->context . '.fieldgroup.' . (int) $record->id); + return $user->authorise('core.edit.state', $component . '.fieldgroup.' . (int) $record->id); } // Default to component settings. - return $user->authorise('core.edit.state', $record->context); + return $user->authorise('core.edit.state', $component); } /**