Method to prevent tampering with article versions?

Post Reply
User avatar
NormanSmit
Joomla! Apprentice
Joomla! Apprentice
Posts: 16
Joined: Wed Feb 15, 2012 10:08 pm
Location: NC
Contact:

Method to prevent tampering with article versions?

Post by NormanSmit » Thu May 14, 2020 8:04 pm

In Articles: Options I have article versions enabled and set to retain 10 versions of an article. This is on a site that has multiple users contributing to the same article to more easily track changes and edits. I have discovered one user (Access Level - Publisher) is deleting previous versions of articles in the Versions. These are useful records of work completed during annually reviews, especially in disputes. She's been told not to do so and it's been brought to management's attention, but what I'd like to do, is revoke the ability for all users other than superusers from being able to delete previous versions, while retaining all other versioning functionality available natively in Joomla. Even better would be assigning this ability to delete previous versions of any article to a single superuser, but just being able to limit article version deletion to the superuser access level would be valuable. I've looked in Articles: Options; as well as the Advanced Permissions for Publishers; and Users:Options (Publishers) but haven't seen anywhere where I can either prevent users from being able to delete versions or limit it to superusers only.

I'd prefer not having a core code hack on this.

Any suggestions?

User avatar
toivo
Joomla! Master
Joomla! Master
Posts: 13261
Joined: Thu Feb 15, 2007 5:48 am
Location: Zagreb, Croatia

Re: Method to prevent tampering with article versions?

Post by toivo » Fri May 15, 2020 6:12 am

There is no need to hack the Joomla core when overrides can be used. Create the following sub folders in the html folder of your front end template: com_contenthistory/history

Copy the following file to that sub folder:
administrator/components/com_contenthistory/views/history/tmpl/modal.php

Edit the file {your template}/html/com_contenthistory/history/modal.php, adding one line before and one line after the button block:

Before:

Code: Select all

		<button onclick="if (document.adminForm.boxchecked.value==0){<?php echo $deleteMessage; ?>}else{ Joomla.submitbutton('history.delete')}" class="btn pointer hasTooltip" aria-label="<?php echo JText::_('COM_CONTENTHISTORY_BUTTON_DELETE_DESC'); ?>" title="<?php echo JText::_('COM_CONTENTHISTORY_BUTTON_DELETE_DESC'); ?>">
			<span class="icon-delete" aria-hidden="true"></span><span class="hidden-phone"><?php echo JText::_('COM_CONTENTHISTORY_BUTTON_DELETE'); ?></span></button>
After:

Code: Select all

		<?php if (JFactory::getUser()->authorise('core.admin')) { ?>
		<button onclick="if (document.adminForm.boxchecked.value==0){<?php echo $deleteMessage; ?>}else{ Joomla.submitbutton('history.delete')}" class="btn pointer hasTooltip" aria-label="<?php echo JText::_('COM_CONTENTHISTORY_BUTTON_DELETE_DESC'); ?>" title="<?php echo JText::_('COM_CONTENTHISTORY_BUTTON_DELETE_DESC'); ?>">
			<span class="icon-delete" aria-hidden="true"></span><span class="hidden-phone"><?php echo JText::_('COM_CONTENTHISTORY_BUTTON_DELETE'); ?></span></button>
		<?php } ?>
That's it. If you want only a particular Super User to access the Delete button from the back end, copy the same, modified file modal.php to the folder administrator/templates/isis/html/com_contenthistory/history and modify that file. Change the line with the if statement to the following two lines, where 999 is the id of the authorised Super User:

Code: Select all

			$user = JFactory::getUser();
			if ($user->id == 999) { 
Toivo Talikka, Global Moderator


Post Reply

Return to “Access Control List (ACL) in Joomla! 3.x”