search

widgetfactory / jce

JCE - A Content Editor for Joomla
https://www.joomlacontenteditor.net
GNU General Public License v2.0
35 stars 12 forks source link

"Administrator" not able to edit profiles even with all rights set to "allow" #81

Closed TLWebdesign closed 3 years ago

TLWebdesign commented 3 years ago

Describe the bug I have a user from group "Administrator" that received full rights to JCE.

But when i try to edit a profile i get "403 You are not authorised to view this resource. "

It tries to search for a jce.profile rights but these don't exist. Only jce.profiles exist. So it's searching for a non-existent rights setting.

The problem lies in that there is no jce.profile rights. but you do search for one. Adding this manually in the db assets table fixed the issue so i believe it's quite clear that this is a bug.

Where? /administrator/components/com_jce/controller.php:98 throws the error because on line 97 you're doing a false check.

Expected behavior Able to edit profile.

Actual behaviour 403 forbidden error message.

ryandemmer commented 3 years ago

Fixed in commit - https://github.com/widgetfactory/jce/commit/b3aabb0036b2234d843ae523853aab936027105b

Thank you.