Kunena 6.2.5 & module Kunena Latest 6.0.7 released

The Kunena team has announce the arrival of Kunena 6.2.5 [K 6.2.5] which is now available for download as a native Joomla extension for J! 4.3.x/4.4.x/5.0.x. This version addresses most of the issues that were discovered in K 6.1 / K 6.2 and issues discovered during the last development stages of K 6.2

Topics that are moved into this category are considered to be closed. Users may want to add additional information but these topics should not be resurrected in order to discuss new problems or unrelated matters.

Question Permissions Bug in Kunena Admin Interface

More
10 years 1 month ago - 10 years 1 month ago #1 by jimrowland
I am 99.9% certain this is a Kunena defect, and not a Joomla! defect, although I admit the .01% chance that it might be a J! issue. I've tried to re-create this problem in all other aspects of the J! admin interface area, and I cannot recreate the issue anywhere other than in the Kunena admin area.

What I want to do is give my moderators access to the Kunena User Manager so that they can see IP addresses of a given user, and compare that to other members who might be using the same IP. This information is visible in /administrator/index.php?option=com_kunena&view=user&layout=edit&userid=XXX

Here are the steps I took to give a specific Joomla usergroup access to this page:
1. Go into Global Config > Permissions Settings.
2. Select the Joomla usergroup in question
3. Set "Admin Logon" to "allowed"
4. Go into Global Config > Kunena Forum
5. Select the Joomla usergroup in question
6. Set "Access Administration Interface" to "allowed".
-- Note: The other setting, "Configure" is set to "inherited" with a calculated setting of "not allowed".
-- Note2: changing the Configure setting to implicitly "denied" does not alter the outcome.

So, now that my moderator can access the Kunena Forum User Manager interface, here is where the unexpected result (defect? bug?) happens:

The moderator cannot access any other Joomla Admin area except the Kunena Forum (this is expected behavior) nor make any changes anywhere in the Kunena Forum Manager (this is the expected behavior) except in the Category Manager page (here is the unexpected behavior).

When in the Category Manager, the "publish/unpublish button" in the "status" column is clickable, and changeable (it's a javascript link that makes the update as soon as it's clicked - no need to click the "save" button). The moderator usergroup can unpublished categories, even if they are NOT category moderators for that specific category.

I believe this is unexpected behavior (defect), because the user group is given implicit denied ability to make Configure changes, as per the permissions settings.

This message contains confidential information

Database collation check: The collation of your table fields are correct

Joomla! SEF: Enabled | Joomla! SEF rewrite: Enabled | FTP layer: Disabled |

This message contains confidential information
htaccess: Exists | PHP environment: Max execution time: 30 seconds | Max execution memory: 128M | Max file upload: 16M

Kunena menu details:

Warning: Spoiler!

Joomla default template details : fse_template | author: Kyle Ledbetter | version: 1.0 | creationdate: Unknown

Kunena default template details : Blue Eagle | author: Kunena Team | version: 3.0.4 | creationdate: 2013-12-22

Kunena version detailed: Kunena 3.0.4 | 2013-12-22 [ Ukko ]
| Kunena detailed configuration:

Warning: Spoiler!
| Kunena integration settings:
Warning: Spoiler!
| Joomla! detailed language files installed:
Warning: Spoiler!

Third-party components: CommunityBuilder 1.9.1 | UddeIM 3.3

Third-party SEF components: None

Plugins: None

Modules: None

Last edit: 10 years 1 month ago by jimrowland.

Please Log in or Create an account to join the conversation.

More
10 years 1 month ago #2 by 810
Hi,
I think its working, can you try "Configure" to allow. because editing a user is changing settings in the edit user. So i think there is your issue. but if you allow it, the mod can also change other settings, which is not requirement.

Regards 810

Please Log in or Create an account to join the conversation.

More
10 years 1 month ago #3 by jimrowland
Thank you for the reply, 810. I'm not sure that I'm understanding everything you're saying...

I think its working

You think it's working as intended, and that there is no bug?

can you try "Configure" to allow

I changed "Configure" to = "Allow". This had the expected results that the user from that usergroup could make any change he wanted inside the Kunena Administrative area.

But this is not what I want - I want him to "look but not touch". I think the "allow" access to interface combined with "deny" access to configure should achieve that result. ?? Since it does not, I think that's a bug?

So i think there is your issue.

I'm not clear what my issue is?

Thanks,
Jim

Please Log in or Create an account to join the conversation.

More
10 years 1 month ago #4 by jimrowland
Here is an interesting twist... if I give this usergroup the following permissions:
Global Permissiosn - Admin Logon - Allowed
Kunena Forum - Access Admin Interface - Allowed

Then the users in this user group now have "super user" permissions within the front-end forums. These users can now access every forum category, including ones in which they are intended to be locked out of. This "super user" access goes away when I "deny" their Kunena Admin Interface from the back-end global settings.


I think this behavior is also "not expected", and should qualify as a bug.

Please Log in or Create an account to join the conversation.

Time to create page: 0.376 seconds