Support

Admin Tools

#27917 'Disable editing backend users' properties' in firewall prevents changing default editor

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by on Sunday, 09 July 2017 17:17 CDT

user91085
After we released our new site for public consumption, admin users couldn't change their own default editor easily. We also use Joomlashine PowerAdmin which makes changing it really easy from the user icon. However it would fail. Eventually I realized it was because the 'Disable editing backend users' properties' was set to true in the AdminTools firewall. I don't like to have to choose between non-security-related functionality in Joomla and hardening options. Can you alter this feature to prevent only changes that are security related and not 'safe' changes like the default editor?

nicholas
Akeeba Staff
Manager
No, I'm afraid we can't. There are technical limitations. They are not impossible to overcome but add a level of complexity in the code that doesn't make sense.

Also, even allowing the change of the editor is a security concern. Not all editors provide could ACL for all of their features - or have a good security policy implemented with regards to uploads. I know of site owners who want to limit less trusted copy editors to a specific editor which has been locked down to only allow certain things.

I do understand your use case. You want to switch from a WYSIWYG editor to an HTML source code editor. Using the default editor selection is, in my humble opinion, inelegant and cumbersome. The best way to do that is by using a WYSIWYG editor with a good source code editor option.

For example, JCE has three tabs: Editor, Code and Preview. The Editor tab is WYSIWYG. The Code tab is a real, syntax-highlighted, modern source code editor very similar to CodeMirror. The Preview tab is a much better version of TinyMCE's Preview feature. Moreover it includes good access control features and you can lock down the interface and features depending on Joomla! view access level, frontend/backend access and device type used. So, for example, you can have a radically different interface on front-end mobile editing for Publishers than the desktop back-end editing for Super Users. Clarification: JCE is not the only browser to support such features. I am only using it as an example since it's the one editor I'm most familiar with.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!