Edit button only in records the user has edit rights?

[panoss]

I 'm developing a component.
In my list view I want the edit button to be appeared only on records on which the user has edit rights.
So, if the list shows 5 records, and the user has edit rights only for one record, the edit button to appear only on this record 's row, and not on the others.

In my template I used:

Code: Select all

if(JFactory::getUser()->authorise('core.edit', 'com_custom.adv.' . $item->id)){
   ...show Edit button
}

But it's not working.
In the assets table, field 'rules' things seem ok.
What should I check?

[panoss]

Here is a summary ( ) of my code that works(it's for both edit and delete buttons)!

Code: Select all

<?php foreach ($this->items as $i => $item) : ?>
    <?php $canEdit = $user->authorise('core.edit', 'com_custom'); ?>
    <?php $canDelete = $user->authorise('core.delete', 'com_custom'); ?>

    <?php if (!$canEdit && $user->authorise('core.edit.own', 'com_custom')): ?>
        <?php $canEdit = JFactory::getUser()->id == $item->created_by; ?>
    <?php endif; ?>

    <?php if (!$canDelete && $user->authorise('core.edit.own', 'com_custom')): ?>
        <?php $canDelete = JFactory::getUser()->id == $item->created_by; ?>
    <?php endif; ?>

    <?php if (isset($this->items[0]->id)): ?>
        <td class="center hidden-phone">
            <?php echo (int) $item->id; ?>
        </td>
    <?php endif; ?> 
    <td>
        <?php echo $item->name; ?>
    </td>                
    <td>
        <?php echo $item->content; ?>
    </td>

    <?php if ($canEdit || $canDelete): ?>
        <td class="center">
            <?php if ($canEdit): ?>
                <a href="<?php echo JRoute::_('index.php?option=com_custom&task=adv.edit&id=' . $item->id, false, 2); ?>" class="btn btn-mini" type="button"><i class="icon-edit" ></i></a>
            <?php endif; ?>
            <?php if ($canDelete): ?>
                <button data-item-id="<?php echo $item->id; ?>" class="btn btn-mini delete-button" type="button"><i class="icon-trash" ></i></button>
                <?php endif; ?>
        </td>
    <?php endif; ?>

    </tr>
<?php endforeach; ?>

I 'm not sure this part is correct:

Code: Select all

    <?php if (!$canDelete && $user->authorise('core.edit.own', 'com_custom')): ?>
        <?php $canDelete = JFactory::getUser()->id == $item->created_by; ?>
    <?php endif; ?>

What do you think?

[Per Yngve Berg]

The edit permission is not inherited from a parent level?

[panoss]

No, it 's not inhereted.
Parent is 'Registered', I think.

-Registered
--Author

-Registered
Action: Edit
inhereted
calculated setting: not allowed


-Registered
--Author
Action: Edit
allowed
calculated setting: Allowed

So group 'Registered' inherits 'Edit not allowed'.
Group 'Author' does not inherit 'Edit'. Sets it's own edit right to 'allowed'.

Which results to a calculated setting: 'Allowed' for edit action.

Although I've read much about ACL I'm not sure I understand much.
Are they correct?

[Per Yngve Berg]

You check the Authorisation against the Component Level, not the Item.

[panoss]

In my first post, I think I check against item level.

Code: Select all

JFactory::getUser()->authorise('core.edit', 'com_custom.adv.' . $item->id)

In my second post, I think I check against the component level.

Code: Select all

$canEdit = $user->authorise('core.edit', 'com_custom'); 

If I understand correctly, you 're suggesting that I should check against item level?
(that sounds logical to me but doesn't work, while against component level, it does work. I suppose I have wrong settings in ACL)

Edit: 'Author' is a subgroup of 'Registered'.
So when I changed Author 's setting for 'Edit' from 'inhereted' to 'allowed', joomla should alert me with a message that there is a conflict because it 's parent group ('Registered') has Edit to 'not allowed' (calculated) and new setting cannot be accepted.
Am I wrong?

[Per Yngve Berg]

Code: Select all

JFactory::getUser()->authorise('core.edit', 'com_custom.adv.' . $item->id)

This will work only when you put every Item into the Assets Table.

Code: Select all

<?php if (!$canDelete && $user->authorise('core.edit.own', 'com_custom')): ?>
        <?php $canDelete = JFactory::getUser()->id == $item->created_by; ?>
    <?php endif; ?>

This should work without having every item in the Assets Table.

[panoss]

Code: Select all

JFactory::getUser()->authorise('core.edit', 'com_custom.adv.' . $item->id)

This will work only when you put every Item into the Assets Table.

I do put every item in the Assets table.

But it doesn't work.