This RFC is Obsolete: I am glad to inform you that the discussion on this RFC led to a new RFC that will be part of Joomla! version 3.8.7
Current implementation of com_fields has the possibility to limit the access to VALUES of the configured fields via the following config settings:
- Access: The access level group that is allowed to view this item
- Show on: On which part of the site should the field be shown (administrator, site, both)
- ACL permissions: Edit Custom Field Value
Access and ACL permissions can also be set on a field group level, show on needs to be configured om a per field basis.
In this RFC:
This RFC proposes to extend the configuration of com_fields to better control the displaying of Fields on (component edit / create) Forms. This functionality will greatly extend the use cases for com_fields in ‘real-life’ implementations.
Use Case com_fields and com_content:
I run a large blog site where the blogs are ‘enriched’ with custom fields to add credits, opengraph image / title / description, twitter card image / title / description to the blogs. The access to these field values must be set to public in order for visitors / facebook / twitter etc. to ‘see’ the given values.
These filling of these fields must be limited to the publisher role to avoid mis usage and to comply to site standards (for images).
The fields should be invisible to authors in order to avoid ‘support calls’: what are these fields for, why cannot I edit them, etc.
With the current configuration settings this is not possible:
- Setting the Access to publisher will prevent the fields from displaying on the article editing / creation form, but will also only display the values set in these fields to publisher only: public / guest will not see the values set.
- using show on administrator will partly work, but the publishers need to be able to login via the back-end. The show on parameter is ACL independent (simple toggle). Publishers do not have access to the back-end but need access to these fields via the front-end.
- setting the ACL to only allow publishers to Edit Custom Field Value, will display the fields on everybody’s article edit / creation form (including authors) as read-only except for the groups that have the correct permissions. This will clutter the article edit / creation form with a lot of read-only fields with the possibility that in the long list of fields some fields are read-only and some are editable.
Use Case com_fields and com_users:
I run a membership site where users subscribe to a service. Depending on their subscription, values can be set in their user profile via com_fields. The amount of fields for all subscriptions total up to 50 fields.
The values set in these fields should be visible on the front-end (via a special view that reads the user’s set value (via com_fields api)), the access to these fields must be set to public in order for public and guests to see the values for a specific user.
Specific fields should only be visible on the user profile edit form for the groups the user is member of and where these fields should be assigned to.
- Setting access to a field to the specific group that the fields belongs to does not work as this will also make the values set in these fields inaccessible to public. The values can only be seen by the users that have group membership the field access is set to
- using show on administrator will now work, because it is a generic toggle that is independent of group ACL membership: They are either all shown or all invisible. Furthermore no users have access to the back-end.
- Setting the ACL to only have specific user groups Edit Custom Field Value rights will display all fields on the user profile edit form: most read-only and some where values can be set. Only the fields where values can be set should be shown on the user edit profile form.
Furthermore: because the fields access is set to public, when a new user registers on the site, all (!) 50 fields are shown in the registration form as read-only, where the registering user needs to scroll down past all the read-only fields to reach the actual register button. Only the fields that are necessary in the form should be displayed.