This RFC is Obsolete: I am glad to inform you that the discussion on this RFC led to a new RFC that will be part of Joomla! version 3.8.7
(https://issues.joomla.org/tracker/joomla-cms/20068)

Introduction

Current implementation of com_fields has the possibility to limit the access to VALUES of the configured fields via the following config settings:

  1. Access: The access level group that is allowed to view this item
  2. Show on: On which part of the site should the field be shown (administrator, site, both)
  3. ACL permissions: Edit Custom Field Value

Access and ACL permissions can also be set on a field group level, show on needs to be configured om a per field basis.

In this RFC:

This RFC proposes to extend the configuration of com_fields to better control the displaying of Fields on (component edit / create) Forms. This functionality will greatly extend the use cases for com_fields in ‘real-life’ implementations.

Use Case com_fields and com_content:

I run a large blog site where the blogs are ‘enriched’ with custom fields to add credits, opengraph image / title / description, twitter card image / title / description to the blogs. The access to these field values must be set to public in order for visitors / facebook / twitter etc. to ‘see’ the given values.

These filling of these fields must be limited to the publisher role to avoid mis usage and to comply to site standards (for images).

The fields should be invisible to authors in order to avoid ‘support calls’: what are these fields for, why cannot I edit them, etc.

With the current configuration settings this is not possible:

  1. Setting the Access to publisher will prevent the fields from displaying on the article editing / creation form, but will also only display the values set in these fields to publisher only: public / guest will not see the values set.
  2. using show on administrator will partly work, but the publishers need to be able to login via the back-end. The show on parameter is ACL independent (simple toggle). Publishers do not have access to the back-end but need access to these fields via the front-end.
  3. setting the ACL to only allow publishers to Edit Custom Field Value, will display the fields on everybody’s article edit / creation form (including authors) as read-only except for the groups that have the correct permissions. This will clutter the article edit / creation form with a lot of read-only fields with the possibility that in the long list of fields some fields are read-only and some are editable.

 

Use Case com_fields and com_users:

I run a membership site where users subscribe to a service. Depending on their subscription, values can be set in their user profile via com_fields. The amount of fields for all subscriptions total up to 50 fields.

The values set in these fields should be visible on the front-end (via a special view that reads the user’s set value (via com_fields api)), the access to these fields must be set to public in order for public and guests to see the values for a specific user.

Specific fields should only be visible on the user profile edit form for the groups the user is member of and where these fields should be assigned to.

  1. Setting access to a field to the specific group that the fields belongs to does not work as this will also make the values set in these fields inaccessible to public. The values can only be seen by the users that have group membership the field access is set to
  2. using show on administrator will now work, because it is a generic toggle that is independent of group ACL membership: They are either all shown or all invisible. Furthermore no users have access to the back-end.
  3. Setting the ACL to only have specific user groups Edit Custom Field Value rights will display all fields on the user profile edit form: most read-only and some where values can be set. Only the fields where values can be set should be shown on the user edit profile form.

Furthermore: because the fields access is set to public, when a new user registers on the site, all (!) 50 fields are shown in the registration form as read-only, where the registering user needs to scroll down past all the read-only fields to reach the actual register button. Only the fields that are necessary in the form should be displayed.

The current limitation lies in the fact that the access field is used for both the form AND for the values.

I propose to extend com_fields with an additional access view level: Access Form

The Access Form holds the ACL group that a user needs to be member of in order to be able to see the field on the form.

The Access Form can be set on field level AND on group level, making the maintenance of large field sets easier as not every field needs to be modified when the Access Form value changes (can be set on fields group level).

Use Case com_fields and com_content:

With the proposed change, the following configuration can be set for the com_content fields:

  1. Access = Public (as the values set need to be displayed to visitors)
  2. Show on: both (as the fields should be BOTH editable via the back-end AND front-end)
  3. ACL permission: set Edit Custom Field Value permission to publisher (only members of the publisher acl can set and edit the field values)
  4. (proposed setting) Access Form: set to publisher (only publishers will have the fields on the article edit / creation form.

Users that do not have sufficient Access rights to edit the fields will also not see these fields on the article edit / creation form. This will make the edit / create form very UX friendly as only relevant fields are displayed on the form!

Use Case com_fields and com_users:

With the proposed change, the following configuration can be set for the com_users fields:

  1. Access = Public (as the values set need to be displayed to visitors)
  2. Show on: both (as the fields should be BOTH editable via the back-end AND front-end)
  3. ACL permission: set Edit Custom Field Value permission to public (only members of the public acl can set and edit the field values)
  4. (proposed setting) Access Form: set to ‘subscription group’ (only subscribers to the ‘subscription group’ will have the fields on their user profile edit form.

The benefit here is that users that do not have sufficient Access rights to edit the fields will also not see these fields on their user profile edit form. This will make the edit form very UX friendly as only relevant fields are displayed on the form!

There are no Backwards Incompatibility changes: the newly created configuration option Access Form defaults to Public. This results in the same behavior as in the current implementation with the Access Form field.

Administrator Fields Groups overview

groups overview

Administrator Fields overview

fields overview

Administrator Edit Field Group

group edit

Administrator Edit Field

field edit

This RFC requires PR #19884 [com_fields] Normalise the request com_fields data

As this PR (#19884) is in currently in staging for Joomla! 3.8.7 it is ‘cherry-picked’ into this RFC to be able to test this RFC via the Joomla Patch Tester component.

Before testing the following two tables need to be altered:

Changes to the tables

  • #__fields

    • Add: `access_form` int(11) NOT NULL DEFAULT '1'

  • #__fields_groups

    • Add: `access_form` int(11) NOT NULL DEFAULT '1'

Test Case: com_users

  1. in com_users create a fields group:
    1. title: user details
    2. permissions: Edit Custom Field Value > public > allowed
    3. Access Form (new field): Public
  2. in Com_users create 3 new fields:
    1. title: address, type text, access form: registered, field group: user details
    2. title: town, type text, access form: registered, field group: user details
    3. title: country, type: text, access form: public, field group: user details
  3. In the front-end: register a new user account
    Without this PR: fields address, town and country are visible on registration form
    With this PR: only field country is visible on registration form
  4. In the front-end: login with user account en edit user profile
    all fields: address, town, country are visible
  5. In back-end:change com_user field town > Access Form = Author
  6. In the front-end: login with user account and edit user profile
    Fields: address and country are visible, town is not visible for this user
  7. change user group access to author, login with this user and edit user profile:
    all fields: address, town, country are visible

Test Case: com_content

  1. in com_user: create Viewing Access Levels for Author and Publisher
  2. in com_content create a fields group:
    1. title: Blog info
    2. permissions: Edit Custom Field Value > Author > allowed
    3. Access Form (new field): Author
  3. in com_content create 3 new fields:
    1. title: opengraph image, type: media, access form: publisher, field group: Blog info
    2. title: opengraph description, type: editor, access form: publisher, field group: Blog info
    3. title: credits, type: editor, access form: author, field group: Blog info
  4. Login on the front-end with a user account with author (no editor/ publisher etc.) rights and edit an article created by this user
    Without this PR, a tab Blog Info will be shown with all fields on it
    With this PR, a tab Blog Info will be shown with only the field 'Credits' shown
  5. In the back-end change the group for the user to publisher
  6. Repeat step 3
    A tab Blog info is shown with all three fields on it.


Interesting blog? Like it on Facebook, Post it or share this article on other bookmarking websites.

Written by:
Pro-BloggerTop BloggerThought Leader

With a solid background in ICT (operational, tactical and strategic) and years of experience in the community life, I see in communities and community thinking the future for companies.

This future requires another way of thinking and doing; both for executives and employees. It's not about me; it's about you. Your well-being and your (personal) growth.

'What comes around - goes around'

In the world of communities, the old 'management laws' no longer work and are even counterproductive.

I coach leaders and organizations in their quest for how new and servant leadership can contribute to communities and community thinking, and as a result to the growth of the organization.

I do this from the following initiatives:

 


INFO: You are posting the message as a 'Guest'
ochCaptcha Initializing... Please wait...