After we released our new site for public consumption, admin users couldn't change their own default editor easily. We also use Joomlashine PowerAdmin which makes changing it really easy from the user icon. However it would fail. Eventually I realized it was because the 'Disable editing backend users' properties' was set to true in the AdminTools firewall. I don't like to have to choose between non-security-related functionality in Joomla and hardening options. Can you alter this feature to prevent only changes that are security related and not 'safe' changes like the default editor?
#27917 'Disable editing backend users' properties' in firewall prevents changing default editor
Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket
Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.
Environment Information
Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a
Latest post by on Sunday, 09 July 2017 17:17 CDT
Thursday, 08 June 2017 11:23 CDT
user91085
Friday, 09 June 2017 01:40 CDT
nicholas
Akeeba Staff
Manager
No, I'm afraid we can't. There are technical limitations. They are not impossible to overcome but add a level of complexity in the code that doesn't make sense.
Also, even allowing the change of the editor is a security concern. Not all editors provide could ACL for all of their features - or have a good security policy implemented with regards to uploads. I know of site owners who want to limit less trusted copy editors to a specific editor which has been locked down to only allow certain things.
I do understand your use case. You want to switch from a WYSIWYG editor to an HTML source code editor. Using the default editor selection is, in my humble opinion, inelegant and cumbersome. The best way to do that is by using a WYSIWYG editor with a good source code editor option.
For example, JCE has three tabs: Editor, Code and Preview. The Editor tab is WYSIWYG. The Code tab is a real, syntax-highlighted, modern source code editor very similar to CodeMirror. The Preview tab is a much better version of TinyMCE's Preview feature. Moreover it includes good access control features and you can lock down the interface and features depending on Joomla! view access level, frontend/backend access and device type used. So, for example, you can have a radically different interface on front-end mobile editing for Publishers than the desktop back-end editing for Super Users. Clarification: JCE is not the only browser to support such features. I am only using it as an example since it's the one editor I'm most familiar with.
Also, even allowing the change of the editor is a security concern. Not all editors provide could ACL for all of their features - or have a good security policy implemented with regards to uploads. I know of site owners who want to limit less trusted copy editors to a specific editor which has been locked down to only allow certain things.
I do understand your use case. You want to switch from a WYSIWYG editor to an HTML source code editor. Using the default editor selection is, in my humble opinion, inelegant and cumbersome. The best way to do that is by using a WYSIWYG editor with a good source code editor option.
For example, JCE has three tabs: Editor, Code and Preview. The Editor tab is WYSIWYG. The Code tab is a real, syntax-highlighted, modern source code editor very similar to CodeMirror. The Preview tab is a much better version of TinyMCE's Preview feature. Moreover it includes good access control features and you can lock down the interface and features depending on Joomla! view access level, frontend/backend access and device type used. So, for example, you can have a radically different interface on front-end mobile editing for Publishers than the desktop back-end editing for Super Users. Clarification: JCE is not the only browser to support such features. I am only using it as an example since it's the one editor I'm most familiar with.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Sunday, 09 July 2017 17:17 CDT
System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.