Support

Admin Tools

#30215 J3.9 com_privacy & Backend users

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by on Wednesday, 10 October 2018 17:17 CDT

Sunday, 09 September 2018 15:20 CDT

Twincarb
Hi,

I have just been working with J3.9 and the new features, I couldn't figure out why I was not able to accept the privacy policy within the profile edit...

It only struck me when I checked my emails and could see there were security exemptions being set due to editing a backend user in the front end.

The solution was simple, to disable the blocking of editing backend users to allow me to save the page, then going to the backend and setting it back to the restrictive but securer setting.

When the time comes to push out 3.9 to the sites I maintain, it would be handy to have a method that would allow backend users from editing this one parameter. I can't think of a suitable method of stop it being a nightmare for the end users with backend access though.
Regards,

Dave

Monday, 10 September 2018 01:44 CDT

nicholas
It would make sense for backend users to have to log in to the backend of the site to accept the privacy policy.

Alternatively, they can send you a signed letter indicating they accept the policy and you can check that box for them (you are legally covered by their letter).

Alternatively, disable the feature in Admin Tools. Then have all backend users come to your site and accept the privacy policy. Then enable this feature again.

There are no plans of adding backdoors to that feature. It's a slippery slope. If you add an exception for the privacy policy would you also add an exception for the address, or this arbitrary custom field and that one and... It's an endless slide to complexity and absurdity. I'd much rather remove the feature if people complain than go down that rabbit hole. I've been there, I've done that and I have a discontinued product to show for my saying 'yes' to such changes that led to overcomplicated and impossible to reasonably maintain software :)

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Monday, 10 September 2018 03:00 CDT

Twincarb
Morning Nicholas,

I fully agree with not putting in a bypass, I will pose a suggestion on the J issue tracker to suggest a method for accepting the Privacy issues in the administrator area as that would solve the issue with sites using admin tools.

The 2 other suggestions both work for me and would be easy to implement as well.

Monday, 10 September 2018 03:22 CDT

nicholas
I don't think you'll find a different solution. Core Joomla will always be in favor of using user profile fields. Profile fields can be used for all sorts of information, therefore they are caught by the blanket ban in the Admin Tools feature. They will tell you -- very correctly in my opinion -- that you should not use the third party software's feature or talk to its developer, which you already did. Some may tell you it's a bug in Admin Tools, which is not, it's a preference. It's about noting what is your preferred approach: consistently preventing modifications of privileged users from the front-end or let them manage some / all of their profile preferences through the frontend? These are two opposing views. Only one can be applied to your site at one time.

I'd also like to point out that it's not just com_privacy triggering the Admin Tools protection. If you have, for example, Akeeba Subscriptions with its optional user profile integration you run into the same issue when a privileged user buys a subscription. The need to keep consistency of the user profile of privileged users overrides other needs of the site.

Hence my recommendation to have your backend user go through the backend first to accept the privacy policy. This is the correct way to deal with it. If you want to be consistent in enforcing a policy of non-modification of privileged users through the front-end of the site you need to cooperate with the privileged users of your site.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 10 October 2018 17:17 CDT

System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.
Edited by on 2018-10-10 17:17 CDT

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!