Quick code fix that doesnt require adding menu items, etc. (note that this is with the current Mambo version, but the code for this is still similar enough to work for Joomla):
The main problem I was having was the inability for logged in users to edit the front page content. Other pages in other areas worked fine. The buttons to edit would show up, but clicking them would give the "You are not authorized..." message. I already had a menu item going to the section/category of the content in question, and tried a menu item going directly to the content itself, but it was still complaining.
While looking around, I found the same code as mentioned above by omnialive (though a little more directly, I started at the top and found the mosNotAuth call in index.php before digging through includes). The menucheck is the root cause of this evilness, and Im guessing was implemented to keep people from being able to access unpublished items by calling them directly by specially crafted URLs. It either changed in recent versions to be more strict, or something else tickled it so that it bitches alot more than necessary, as I have a page running an older version that didnt have issues like the newer version Im now running does (or I just happend to get it right the first time). Anyway, a simple fix to bypass the mosNotAuth is to simply add to the conditional whatever you want to be allowed (or you can go add them to the menucheck function directly, which is probably the better way). So... I just added a quick check to see if the user was a logged-in/special user and was requesting something simple from com_content. Also added a check to see if the request was for the login function, as I dont have that published anywhere, or linked anywhere, and is only accessible by editing a URL to com_login (basically allowing specifically what menucheck was trying to prevent).
In index.php, around line 259 (in mambo, might be elsewhere in Joomla, wherever the if ($ret) { statement is:
Code: Select all
if ($ret) {
require( $path );
} else {
mosNotAuth();
}
Just add to the if():
Code: Select all
if ($ret || $option == 'com_login' || ( $option == 'com_content' && $my->usertype)) {
require($path);
}
else{
mosNotAuth();
}
Note: this punches a big hole in whatever security the menucheck provides, basically bypassing everything it does but what you add to the if(), so implement at your own risk. Check that the logic you add doesnt open it too wide like the goatse man.
$option is the value of ?option= in the URL, and the $my->usertype only returns for people logged in, and is set to what type of user they are ('Administrator','Super Administrator', etc, I actually added if ($my->usertype){ echo $my->usertype; } right before the if($ret) to print the logged in user's user status), so you can further restrict it if you like, and there are plenty of other variables and checks you can add in (the || is just an OR statement, and && is AND, for you non-coders).
Anyway, hope this helps
T