No reply option in Komento
By Jordan Weinstein on Friday, 15 January 2016
Posted in Technical Issues
Replies 7
Likes 0
Views 1.2K
Votes 0
Hello,

Komento 2.0.5

Integration: K2, EasyBlog

Reply enabled in Layout > Comment Item > Enable Replies

Replies enabled in ACL for all levels including Public. Reply option option does not appear.

Any suggestions?

Jordan
My bad.

It was an ACL issue.

Interestingly, I have a user who is superadmin but who is also a member of a lower ACL group. The superadmins have access to all ACL functions in Komento, the lesser group members do not. However, in Komento's case, the superadmin did not have access to all because he was also a member of a lesser group. I think this is a bug in the ACL of Komento since the superadmin should trump/override the lower ACL of the lesser group.

Jordan
Jordan Weinstein
·
Friday, 15 January 2016 09:43
·
0 Likes
·
0 Votes
·
0 Comments
·
I have just experienced this again.

A superadmin who has 'edit' access by ACL settings was not allowed to edit a comment because that user was also a member of a user group without privileges to edit. So I do think this is a bug in the Komento ACL implementation since the users ACL rights should be calculated based on the highest privileges he has access to, not the lowest.
Jordan Weinstein
·
Friday, 15 January 2016 23:27
·
0 Likes
·
0 Votes
·
0 Comments
·
Hey Jordan,

This is actually a little tricky and we actually want to mimic the behavior of Joomla's ACL where deny rule always wins but it seems like this is a much more tedious setup.

Assuming that your user is assigned to 2 user groups, groupA and groupB.

groupA - Allows posting comments
groupB - Disallows posting comments

This user will then be disallowed to post comments. This is at least the behavior of Komento unlike EasyBlog and EasySocial where "allowed rules always wins".

I will discuss with the team on Monday if we should change this behavior by default but it's going to be tricky because since day 1 of Komento, deny always wins. By changing this, site owners who utilizes multiple groups need to start taking note about this as their ACL might be messed up.

What you can do temporarily is to edit the file /components/com_komento/helpers/acl.php and at line 174 locate the codes below:




						// This logics prioritizes FALSE

						if( (bool) $result[$key] )

						{

							$result[$key] = $value;

						}



						// This logics prioritizes TRUE

						/*if( !(bool) $result[$key] )

						{

							$result[$key] = $value;

						}*/


Replace it with,



						// // This logics prioritizes FALSE

						// if( (bool) $result[$key] )

						// {

						// 	$result[$key] = $value;

						// }



						// This logics prioritizes TRUE

						if( !(bool) $result[$key] )

						{

							$result[$key] = $value;

						}
Mark
·
Saturday, 16 January 2016 18:14
·
0 Likes
·
0 Votes
·
0 Comments
·
Hi Mark,

Thanks for your reply.

I now understand. As long as people understand the ACL calculation is different for Komento, then it might be ok.

As far as mimicking Joomla ACL; just as a simple example, a superadmin will obviously have access to login to a website backend, but if s/he was was also a member of a less user group (e.g. registered) than by Komento ACL logic, s/he would be blocked from accessing the backend. So Komento ACL does seem a bit inconsistent with Joomla's ACL.

Jordan
Jordan Weinstein
·
Saturday, 16 January 2016 20:20
·
0 Likes
·
0 Votes
·
0 Comments
·
Hey Jordan,

Thanks for the heads up on this. Will discuss with the team on Monday and see what we can do about this
Mark
·
Saturday, 16 January 2016 22:41
·
0 Likes
·
0 Votes
·
0 Comments
·
Thanks Mark.

As always,

Jordan
Jordan Weinstein
·
Sunday, 17 January 2016 06:44
·
0 Likes
·
0 Votes
·
0 Comments
·
You are most welcome
Mark
·
Sunday, 17 January 2016 13:41
·
0 Likes
·
0 Votes
·
0 Comments
·
View Full Post