- Posts: 78
- Thank you received: 5
Kunena 6.2.5 & module Kunena Latest 6.0.7 released
The Kunena team has announce the arrival of Kunena 6.2.5 [K 6.2.5] which is now available for download as a native Joomla extension for J! 4.3.x/4.4.x/5.0.x. This version addresses most of the issues that were discovered in K 6.1 / K 6.2 and issues discovered during the last development stages of K 6.2
Question Permissions Bug in Kunena Admin Interface
- jimrowland
- Topic Author
- Offline
- Senior Member
What I want to do is give my moderators access to the Kunena User Manager so that they can see IP addresses of a given user, and compare that to other members who might be using the same IP. This information is visible in /administrator/index.php?option=com_kunena&view=user&layout=edit&userid=XXX
Here are the steps I took to give a specific Joomla usergroup access to this page:
1. Go into Global Config > Permissions Settings.
2. Select the Joomla usergroup in question
3. Set "Admin Logon" to "allowed"
4. Go into Global Config > Kunena Forum
5. Select the Joomla usergroup in question
6. Set "Access Administration Interface" to "allowed".
-- Note: The other setting, "Configure" is set to "inherited" with a calculated setting of "not allowed".
-- Note2: changing the Configure setting to implicitly "denied" does not alter the outcome.
So, now that my moderator can access the Kunena Forum User Manager interface, here is where the unexpected result (defect? bug?) happens:
The moderator cannot access any other Joomla Admin area except the Kunena Forum (this is expected behavior) nor make any changes anywhere in the Kunena Forum Manager (this is the expected behavior) except in the Category Manager page (here is the unexpected behavior).
When in the Category Manager, the "publish/unpublish button" in the "status" column is clickable, and changeable (it's a javascript link that makes the update as soon as it's clicked - no need to click the "save" button). The moderator usergroup can unpublished categories, even if they are NOT category moderators for that specific category.
I believe this is unexpected behavior (defect), because the user group is given implicit denied ability to make Configure changes, as per the permissions settings.
Database collation check: The collation of your table fields are correct
Joomla! SEF: Enabled | Joomla! SEF rewrite: Enabled | FTP layer: Disabled |
This message contains confidential informationhtaccess: Exists | PHP environment: Max execution time: 30 seconds | Max execution memory: 128M | Max file upload: 16M
Kunena menu details:
Warning: Spoiler!
ID Name Menutype Link Path 114 Forum kunenamenu view=home&defaultmenu=116 forum 115 Index kunenamenu view=category&layout=list forum/index 116 Recent Topics kunenamenu view=topics&mode=replies forum/recent 117 New Topic kunenamenu view=topic&layout=create forum/newtopic 118 No Replies kunenamenu view=topics&mode=noreplies forum/noreplies 119 My Topics kunenamenu view=topics&layout=user&mode=default forum/mylatest 120 Profile kunenamenu view=user forum/profile 121 Help kunenamenu view=misc forum/help 122 Search kunenamenu view=search forum/search 123 Forum mainmenu view=home&defaultmenu=114 kunena 147 Index mainmenu view=category&layout=list&catid=0 kunena/index 148 View Recent Topics mainmenu view=topics&mode=replies kunena/view-recent-topics 149 View My Topics mainmenu view=topics&layout=user&mode=default kunena/view-my-topics 150 Search mainmenu view=search kunena/search 136 My Profile mainmenu view=user&layout=edit my-profile 142 Profile mainmenu view=user profile 175 forums mobile-menu view=category&layout=list&catid=0 forums
Joomla default template details : fse_template | author: Kyle Ledbetter | version: 1.0 | creationdate: Unknown
Kunena default template details : Blue Eagle | author: Kunena Team | version: 3.0.4 | creationdate: 2013-12-22
Kunena version detailed: Kunena 3.0.4 | 2013-12-22 [ Ukko ]
| Kunena detailed configuration:| Kunena integration settings:Warning: Spoiler!
Kunena config settings: board_offline 0 enablerss 1 threads_per_page 20 messages_per_page 25 messages_per_page_search 15 showhistory 1 historylimit 6 shownew 1 disemoticons 0 template blue_eagle showannouncement 1 avataroncat 0 catimagepath category_images showchildcaticon 1 rtewidth 600 rteheight 600 enableforumjump 1 reportmsg 1 username 1 askemail 0 showemail 1 showuserstats 1 showkarma 0 useredit 1 useredittime 0 useredittimegrace 600 editmarkup 1 allowsubscriptions 1 subscriptionschecked 0 allowfavorites 1 maxsubject 50 maxsig 300 regonly 0 pubwrite 0 floodprotection 0 mailmod 0 mailadmin 0 captcha 0 mailfull 1 allowavatarupload 1 allowavatargallery 1 avatarquality 75 avatarsize 250 imageheight 400 imagewidth 600 imagesize 150 filetypes txt,rtf,pdf,zip,tar.gz,tgz,tar.bz2 filesize 120 showranking 1 rankimages 1 userlist_rows 100 userlist_online 1 userlist_avatar 1 userlist_name 0 userlist_posts 1 userlist_karma 0 userlist_email 0 userlist_joindate 1 userlist_lastvisitdate 1 userlist_userhits 0 latestcategory showstats 1 showwhoisonline 1 showgenstats 1 showpopuserstats 0 popusercount 5 showpopsubjectstats 0 popsubjectcount 5 usernamechange 0 showspoilertag 1 showvideotag 1 showebaytag 0 trimlongurls 1 trimlongurlsfront 20 trimlongurlsback 20 autoembedyoutube 1 autoembedebay 0 ebaylanguagecode en-us sessiontimeout 1800 highlightcode 0 rss_type topic rss_timelimit month rss_limit 100 rss_included_categories rss_excluded_categories rss_specification rss2.0 rss_allow_html 1 rss_author_format name rss_author_in_title 1 rss_word_count 0 rss_old_titles 1 rss_cache 900 defaultpage recent default_sort asc sef 1 showimgforguest 1 showfileforguest 0 pollnboptions 10 pollallowvoteone 1 pollenabled 1 poppollscount 5 showpoppollstats 0 polltimebtvotes 00:15:00 pollnbvotesbyuser 100 pollresultsuserslist 1 maxpersotext 50 ordering_system mesid post_dateformat ago post_dateformat_hover datetime hide_ip 0 imagetypes jpg,jpeg,gif,png checkmimetypes 1 imagemimetypes image/jpeg,image/jpg,image/gif,image/png imagequality 50 thumbheight 32 thumbwidth 32 hideuserprofileinfo put_empty boxghostmessage 0 userdeletetmessage 0 latestcategory_in 1 topicicons 0 debug 0 catsautosubscribed 0 showbannedreason 0 version_check 1 showthankyou 0 showpopthankyoustats 0 popthankscount 5 mod_see_deleted 1 bbcode_img_secure text listcat_show_moderators 0 lightbox 1 show_list_time 720 show_session_type 1 show_session_starttime 0 userlist_allowed 1 userlist_count_users 1 enable_threaded_layouts 0 category_subscriptions topic topic_subscriptions first pubprofile 0 thankyou_max 10 email_recipient_count 0 email_recipient_privacy bcc captcha_post_limit 0 keywords 0 userkeywords 0 image_upload admin file_upload admin topic_layout flat time_to_create_page 1 show_imgfiles_manage_profile 1 hold_newusers_posts 0 hold_guest_posts 0 attachment_limit 8 pickup_category 0 article_display intro send_emails 1 fallback_english 1 cache 1 cache_time 60 iptracking 1 rss_feedburner_url autolink 1 access_component 1 statslink_allowed 0 | Joomla! detailed language files installed:Warning: Spoiler!Kunena - AlphaUserPoints Disabled
Kunena - Community Builder Enabled: access=1 login=1 activity=1 avatar=1 profile=1 private=1
Kunena - Gravatar Disabled
Kunena - JomSocial Disabled
Kunena - Joomla Enabled: access=1 login=1
Kunena - Kunena Enabled: avatar=1 profile=1
Kunena - UddeIM Enabled: private=1
Warning: Spoiler!
Joomla! languages installed: en-GB English (United Kingdom)
Third-party components: CommunityBuilder 1.9.1 | UddeIM 3.3
Third-party SEF components: None
Plugins: None
Modules: None
Please Log in or Create an account to join the conversation.
I think its working, can you try "Configure" to allow. because editing a user is changing settings in the edit user. So i think there is your issue. but if you allow it, the mod can also change other settings, which is not requirement.
Regards 810
Please Log in or Create an account to join the conversation.
- jimrowland
- Topic Author
- Offline
- Senior Member
- Posts: 78
- Thank you received: 5
You think it's working as intended, and that there is no bug?I think its working
I changed "Configure" to = "Allow". This had the expected results that the user from that usergroup could make any change he wanted inside the Kunena Administrative area.can you try "Configure" to allow
But this is not what I want - I want him to "look but not touch". I think the "allow" access to interface combined with "deny" access to configure should achieve that result. ?? Since it does not, I think that's a bug?
I'm not clear what my issue is?So i think there is your issue.
Thanks,
Jim
Please Log in or Create an account to join the conversation.
- jimrowland
- Topic Author
- Offline
- Senior Member
- Posts: 78
- Thank you received: 5
Global Permissiosn - Admin Logon - Allowed
Kunena Forum - Access Admin Interface - Allowed
Then the users in this user group now have "super user" permissions within the front-end forums. These users can now access every forum category, including ones in which they are intended to be locked out of. This "super user" access goes away when I "deny" their Kunena Admin Interface from the back-end global settings.
I think this behavior is also "not expected", and should qualify as a bug.
Please Log in or Create an account to join the conversation.