diff --git a/administrator/components/com_config/model/form/application.xml b/administrator/components/com_config/model/form/application.xml index 1dc1bc51543bb..dc7f0f8e09af5 100644 --- a/administrator/components/com_config/model/form/application.xml +++ b/administrator/components/com_config/model/form/application.xml @@ -1281,6 +1281,11 @@ title="JACTION_EDITOWN" description="COM_CONFIG_ACTION_EDITOWN_DESC" /> + +
@@ -24,12 +25,14 @@ +
+
- \ No newline at end of file + diff --git a/administrator/components/com_content/access.xml b/administrator/components/com_content/access.xml index 27f108a36e8e2..23c2a88f8c26d 100644 --- a/administrator/components/com_content/access.xml +++ b/administrator/components/com_content/access.xml @@ -9,6 +9,7 @@ +
@@ -29,12 +30,14 @@ +
+
diff --git a/administrator/components/com_fields/helpers/fields.php b/administrator/components/com_fields/helpers/fields.php index 25fb66d220956..1a06e822d40a4 100644 --- a/administrator/components/com_fields/helpers/fields.php +++ b/administrator/components/com_fields/helpers/fields.php @@ -365,6 +365,12 @@ function categoryHasChanged(element) { foreach ($fields as $field) { + if (!FieldsHelper::canDisplayField($field) && JFactory::getApplication()->isClient('site')) + { + // If logged in user (front-end) does NOT have display rights on Custom Field + continue; + } + if (!array_key_exists($field->type, $fieldTypes)) { // Field type is not available @@ -538,7 +544,28 @@ public static function canEditFieldValue($field) { $parts = self::extract($field->context); - return JFactory::getUser()->authorise('core.edit.value', $parts[0] . '.field.' . (int) $field->id); + if (JFactory::getUser()->authorise('core.display.field', $parts[0] . '.field.' . (int) $field->id)) + { + return JFactory::getUser()->authorise('core.edit.value', $parts[0] . '.field.' . (int) $field->id); + } + + return false; + } + + /** + * Return a boolean if the actual logged in user can display the given field. + * + * @param stdClass $field The field + * + * @return boolean + * + * @since 3.8.4 + */ + public static function canDisplayField($field) + { + $parts = self::extract($field->context); + + return JFactory::getUser()->authorise('core.display.field', $parts[0] . '.field.' . (int) $field->id); } /** diff --git a/administrator/components/com_users/access.xml b/administrator/components/com_users/access.xml index 01051d5e50fe5..28025271bc409 100644 --- a/administrator/components/com_users/access.xml +++ b/administrator/components/com_users/access.xml @@ -8,6 +8,7 @@ +
@@ -23,12 +24,14 @@ +
+
diff --git a/administrator/language/en-GB/en-GB.com_config.ini b/administrator/language/en-GB/en-GB.com_config.ini index d19fa8c8e2357..bbc88518b8440 100644 --- a/administrator/language/en-GB/en-GB.com_config.ini +++ b/administrator/language/en-GB/en-GB.com_config.ini @@ -9,6 +9,7 @@ COM_CONFIG_ACTION_CREATE_DESC="Allows users in the group to create any content i COM_CONFIG_ACTION_DELETE_DESC="Allows users in the group to delete any content in any extension." COM_CONFIG_ACTION_EDIT_DESC="Allows users in the group to edit any content in any extension." COM_CONFIG_ACTION_EDITOWN_DESC="Allows users in the group to edit any content they own in any extension." +COM_CONFIG_ACTION_DISPLAYFIELD_DESC="Allows users in the group to display custom fields in form editors in any extension." COM_CONFIG_ACTION_EDITVALUE_DESC="Allows users in the group to edit any value of custom fields submitted in any extension." COM_CONFIG_ACTION_EDITSTATE_DESC="Allows users in the group to edit the state of any content in any extension." COM_CONFIG_ACTION_LOGIN_ADMIN_DESC="Allows users in the group to login to the Backend Administrator site." diff --git a/administrator/language/en-GB/en-GB.com_fields.ini b/administrator/language/en-GB/en-GB.com_fields.ini index 0c202fec9a8a6..7db0d0d99eac6 100644 --- a/administrator/language/en-GB/en-GB.com_fields.ini +++ b/administrator/language/en-GB/en-GB.com_fields.ini @@ -36,6 +36,7 @@ COM_FIELDS_FIELD_NOTE_DESC="An optional note for the field." COM_FIELDS_FIELD_NOTE_LABEL="Note" COM_FIELDS_FIELD_PERMISSION_DELETE_DESC="New setting for delete actions on this field and the calculated setting based on the parent extension and group permissions." COM_FIELDS_FIELD_PERMISSION_EDITSTATE_DESC="New setting for edit state actions on this field and the calculated setting based on the parent extension and group permissions." +COM_FIELDS_FIELD_PERMISSION_DISPLAYFIELD_DESC="Who can display the custom field in the form editor?" COM_FIELDS_FIELD_PERMISSION_EDITVALUE_DESC="Who can edit the custom field value in the form editor?" COM_FIELDS_FIELD_PERMISSION_EDIT_DESC="New setting for edit actions on this field and the calculated setting based on the parent extension and group permissions." COM_FIELDS_FIELD_RENDER_CLASS_DESC="The class attributes of the field when the field is rendered. If multiple classes are needed, list them with spaces." @@ -54,6 +55,7 @@ COM_FIELDS_GROUP_PERMISSION_CREATE_DESC="New setting for create actions< COM_FIELDS_GROUP_PERMISSION_DELETE_DESC="New setting for delete actions on this field group and the calculated setting based on the parent extension permissions." COM_FIELDS_GROUP_PERMISSION_EDITOWN_DESC="New setting for edit own actions on this field group and the calculated setting based on the parent extension permissions." COM_FIELDS_GROUP_PERMISSION_EDITSTATE_DESC="New setting for edit state actions on this field group and the calculated setting based on the parent extension permissions." +COM_FIELDS_GROUP_PERMISSION_DISPLAYFIELD_DESC="Who can display the custom field in the form editor." COM_FIELDS_GROUP_PERMISSION_EDITVALUE_DESC="Who can edit the field value in the form editor." COM_FIELDS_GROUP_PERMISSION_EDIT_DESC="New setting for edit actions on this field group and the calculated setting based on the parent extension permissions." COM_FIELDS_MUSTCONTAIN_A_TITLE_FIELD="Field must have a title." diff --git a/administrator/language/en-GB/en-GB.ini b/administrator/language/en-GB/en-GB.ini index c1a5aa67d1e78..8d9a6a54b9605 100644 --- a/administrator/language/en-GB/en-GB.ini +++ b/administrator/language/en-GB/en-GB.ini @@ -146,6 +146,8 @@ JACTION_EDIT="Edit" JACTION_EDIT_COMPONENT_DESC="Allows users in the group to edit any content in this extension." JACTION_EDITOWN="Edit Own" JACTION_EDITOWN_COMPONENT_DESC="Allows users in the group to edit any content they submitted in this extension." +JACTION_DISPLAYFIELD="Display Custom Field" +JACTION_DISPLAYFIELD_COMPONENT_DESC="Allows users in the group to display custom fields in form editor in this extension." JACTION_EDITVALUE="Edit Custom Field Value" JACTION_EDITVALUE_COMPONENT_DESC="Allows users in the group to edit any value of custom fields submitted in this extension." JACTION_EDITSTATE="Edit State"