diff --git a/administrator/components/com_config/model/form/application.xml b/administrator/components/com_config/model/form/application.xml
index 1dc1bc51543bb..dc7f0f8e09af5 100644
--- a/administrator/components/com_config/model/form/application.xml
+++ b/administrator/components/com_config/model/form/application.xml
@@ -1281,6 +1281,11 @@
title="JACTION_EDITOWN"
description="COM_CONFIG_ACTION_EDITOWN_DESC"
/>
+
+
-
\ No newline at end of file
+
diff --git a/administrator/components/com_content/access.xml b/administrator/components/com_content/access.xml
index 27f108a36e8e2..23c2a88f8c26d 100644
--- a/administrator/components/com_content/access.xml
+++ b/administrator/components/com_content/access.xml
@@ -9,6 +9,7 @@
+
diff --git a/administrator/components/com_fields/helpers/fields.php b/administrator/components/com_fields/helpers/fields.php
index 25fb66d220956..1a06e822d40a4 100644
--- a/administrator/components/com_fields/helpers/fields.php
+++ b/administrator/components/com_fields/helpers/fields.php
@@ -365,6 +365,12 @@ function categoryHasChanged(element) {
foreach ($fields as $field)
{
+ if (!FieldsHelper::canDisplayField($field) && JFactory::getApplication()->isClient('site'))
+ {
+ // If logged in user (front-end) does NOT have display rights on Custom Field
+ continue;
+ }
+
if (!array_key_exists($field->type, $fieldTypes))
{
// Field type is not available
@@ -538,7 +544,28 @@ public static function canEditFieldValue($field)
{
$parts = self::extract($field->context);
- return JFactory::getUser()->authorise('core.edit.value', $parts[0] . '.field.' . (int) $field->id);
+ if (JFactory::getUser()->authorise('core.display.field', $parts[0] . '.field.' . (int) $field->id))
+ {
+ return JFactory::getUser()->authorise('core.edit.value', $parts[0] . '.field.' . (int) $field->id);
+ }
+
+ return false;
+ }
+
+ /**
+ * Return a boolean if the actual logged in user can display the given field.
+ *
+ * @param stdClass $field The field
+ *
+ * @return boolean
+ *
+ * @since 3.8.4
+ */
+ public static function canDisplayField($field)
+ {
+ $parts = self::extract($field->context);
+
+ return JFactory::getUser()->authorise('core.display.field', $parts[0] . '.field.' . (int) $field->id);
}
/**
diff --git a/administrator/components/com_users/access.xml b/administrator/components/com_users/access.xml
index 01051d5e50fe5..28025271bc409 100644
--- a/administrator/components/com_users/access.xml
+++ b/administrator/components/com_users/access.xml
@@ -8,6 +8,7 @@
+
diff --git a/administrator/language/en-GB/en-GB.com_config.ini b/administrator/language/en-GB/en-GB.com_config.ini
index d19fa8c8e2357..bbc88518b8440 100644
--- a/administrator/language/en-GB/en-GB.com_config.ini
+++ b/administrator/language/en-GB/en-GB.com_config.ini
@@ -9,6 +9,7 @@ COM_CONFIG_ACTION_CREATE_DESC="Allows users in the group to create any content i
COM_CONFIG_ACTION_DELETE_DESC="Allows users in the group to delete any content in any extension."
COM_CONFIG_ACTION_EDIT_DESC="Allows users in the group to edit any content in any extension."
COM_CONFIG_ACTION_EDITOWN_DESC="Allows users in the group to edit any content they own in any extension."
+COM_CONFIG_ACTION_DISPLAYFIELD_DESC="Allows users in the group to display custom fields in form editors in any extension."
COM_CONFIG_ACTION_EDITVALUE_DESC="Allows users in the group to edit any value of custom fields submitted in any extension."
COM_CONFIG_ACTION_EDITSTATE_DESC="Allows users in the group to edit the state of any content in any extension."
COM_CONFIG_ACTION_LOGIN_ADMIN_DESC="Allows users in the group to login to the Backend Administrator site."
diff --git a/administrator/language/en-GB/en-GB.com_fields.ini b/administrator/language/en-GB/en-GB.com_fields.ini
index 0c202fec9a8a6..7db0d0d99eac6 100644
--- a/administrator/language/en-GB/en-GB.com_fields.ini
+++ b/administrator/language/en-GB/en-GB.com_fields.ini
@@ -36,6 +36,7 @@ COM_FIELDS_FIELD_NOTE_DESC="An optional note for the field."
COM_FIELDS_FIELD_NOTE_LABEL="Note"
COM_FIELDS_FIELD_PERMISSION_DELETE_DESC="New setting for delete actions on this field and the calculated setting based on the parent extension and group permissions."
COM_FIELDS_FIELD_PERMISSION_EDITSTATE_DESC="New setting for edit state actions on this field and the calculated setting based on the parent extension and group permissions."
+COM_FIELDS_FIELD_PERMISSION_DISPLAYFIELD_DESC="Who can display the custom field in the form editor?"
COM_FIELDS_FIELD_PERMISSION_EDITVALUE_DESC="Who can edit the custom field value in the form editor?"
COM_FIELDS_FIELD_PERMISSION_EDIT_DESC="New setting for edit actions on this field and the calculated setting based on the parent extension and group permissions."
COM_FIELDS_FIELD_RENDER_CLASS_DESC="The class attributes of the field when the field is rendered. If multiple classes are needed, list them with spaces."
@@ -54,6 +55,7 @@ COM_FIELDS_GROUP_PERMISSION_CREATE_DESC="New setting for create actions<
COM_FIELDS_GROUP_PERMISSION_DELETE_DESC="New setting for delete actions on this field group and the calculated setting based on the parent extension permissions."
COM_FIELDS_GROUP_PERMISSION_EDITOWN_DESC="New setting for edit own actions on this field group and the calculated setting based on the parent extension permissions."
COM_FIELDS_GROUP_PERMISSION_EDITSTATE_DESC="New setting for edit state actions on this field group and the calculated setting based on the parent extension permissions."
+COM_FIELDS_GROUP_PERMISSION_DISPLAYFIELD_DESC="Who can display the custom field in the form editor."
COM_FIELDS_GROUP_PERMISSION_EDITVALUE_DESC="Who can edit the field value in the form editor."
COM_FIELDS_GROUP_PERMISSION_EDIT_DESC="New setting for edit actions on this field group and the calculated setting based on the parent extension permissions."
COM_FIELDS_MUSTCONTAIN_A_TITLE_FIELD="Field must have a title."
diff --git a/administrator/language/en-GB/en-GB.ini b/administrator/language/en-GB/en-GB.ini
index c1a5aa67d1e78..8d9a6a54b9605 100644
--- a/administrator/language/en-GB/en-GB.ini
+++ b/administrator/language/en-GB/en-GB.ini
@@ -146,6 +146,8 @@ JACTION_EDIT="Edit"
JACTION_EDIT_COMPONENT_DESC="Allows users in the group to edit any content in this extension."
JACTION_EDITOWN="Edit Own"
JACTION_EDITOWN_COMPONENT_DESC="Allows users in the group to edit any content they submitted in this extension."
+JACTION_DISPLAYFIELD="Display Custom Field"
+JACTION_DISPLAYFIELD_COMPONENT_DESC="Allows users in the group to display custom fields in form editor in this extension."
JACTION_EDITVALUE="Edit Custom Field Value"
JACTION_EDITVALUE_COMPONENT_DESC="Allows users in the group to edit any value of custom fields submitted in this extension."
JACTION_EDITSTATE="Edit State"