Support

Please read https://www.akeeba.com/documentation/ats-for-joomla/deep-dive.html#permissions. Then read it again.

There are two permissions hierarchies which is the standard way Joomla does this:

1. In the component's Options
2. In the Categories

Joomla first reads the permissions in the current category. If there is a hard Deny for a permission in any of the user groups the user belongs in (or further up in their hierarchy) you are DENIED the permission and Joomla stops looking further.

If the result was an explicit Allow or Inherited then Joomla will start looking at each parent category. For each parent category, if there is a hard Deny for a permission in any of the user groups the user belongs in (or further up in their hierarchy) you are DENIED the permission and Joomla stops looking further.

If the permission at this point is still explicitly Allow or Inherited, Joomla looks at the permissions in the component Options. If there is a hard Deny for a permission in any of the user groups the user belongs in (or further up in their hierarchy) you are DENIED the permission and Joomla stops looking further.

At this point the permission is either an explicit Allow or Inherited. If it's explicit Allow then the permission is granted to the user. If the permission is Inherited the user is DENIED the permission.

So, to reply to your questions.

1) The ATS Categories, in each category's Permissions tab and the ATS component's Options, in the Permissions tab.

2) If you want your users to edit their ticket metadata (title, custom fields etc) you need to give them the Edit Own Ticket permission.

If you want them to be able to edit their posts' text you need to give them the Edit Own Post permission.

If you want them to be able to submit and reply to their own tickets you need to give them the Create permission.

If you want them to be able to create private tickets you need to give them the Create Private permission.

If you want them to be able to create attachments you need to give them the Create Attachments permission.

Since you said you want them to see the Edit button in the post — to edit the post's text —you need to give them the Edit Own Post permission. Please note that this is a DANGEROUS permission. They would be able to change their post text any time, even months later. Instead, I recommend using the “Own Ticket/Post Editing Grace Time” option in the Components, Akeeba Ticket System, Options, Frontend tab. Read more about it in https://www.akeeba.com/documentation/ats-for-joomla/component-options-frontend.html Usually, setting that to something between 15 and 60 (this is in minutes) is enough for users to correct any obvious mistakes they made without confusing you while you're trying to support them.

Also note that based on the screenshot you sent me, you are using hard Deny permissions. In fact, you have hard Denied the Edit permission. This means that your users are forbidden from ever accessing any edit page — both the ticket metadata and the post edit page.

Do NOT use a hard Deny. It has a very special meaning to Joomla as I explained above. It will always cause you problems.

Always try using Inherited instead. Inherited is called a soft deny / soft allow because it inherits the permission state from the parent group. If the parent group also uses Inherited the end result is that the permission is denied BUT unlike a hard deny you CAN override it with an explicit Allow in a child group.

For example, you have this user groups hierarchy: Public -> Registered -> Author -> Editor -> Publisher.

If you Deny the Edit permissions in the Registered group then you are also denying it to the Author, Editor and Publisher groups (every group that's under Registered). Moreover you can NEVER, EVER grant these groups the Edit permission. Even if you set it to explicitly Allowed, Joomla will see that you have both an explicit Allow for a user group and also an explicit Deny further up the hierarchy in which case Deny wins. Therefore you can never grant that permission to any group under Registered!

If you use Inherited for the Edit permission in the Registered group you have no problem! The parent group, Public, has that permission also set to Inherited. This means that the permission is Denied but with a major difference: you can grant it in the child groups of the Registered group. If you go to the Author group and set this permission to Allow then the Author group, the Editor group and the Publisher group are allowed to edit tickets and posts.

There is one thing you should take away from this.

DO NOT USE Deny FOR PERMISSIONS UNLESS IT'S A LEAF NODE (the final user group in a user group hierarchy, or the final category in a categories hierarchy). Doing anything else will always lead to conflicting permissions which Joomla understands as “always Deny and you can't change my mind no matter what you say or do”.

I will say this again. This is NOT a bug in Akeeba Ticket System, it's your permissions setup which is wrong. Also, you are replying to the wrong ticket... The ticket where you gave me the access information is your private ticket 37115. But that's not important, I can reply here.

Permissions are managed by Joomla itself. The ATS categories are not managed by ATS, they are managed by Joomla's com_categories. The permissions for a category, the permissions for a component and the global permissions are all managed by the Joomla\CMS\Access\Access class which is part of core Joomla. In fact, as a developer, I don't even get direct access to that! All I can do is use the Joomla user object's (Joomla\CMS\User\User) authorise() method and give it the action (permission name) and asset name (component name or category ID). Joomla does its thing and replies with true (allowed) or false (not allowed). It does not tell me why and I don't need to know why. The assumption Joomla makes is that you, the site owner, know what you're doing which is not the case here.

Let me also put it this way. Are you not currently replying to this ticket on our site, which uses the Joomla 4 version you are using, the same Akeeba Ticket System version you installed on your site, the same default view templates we ship with ATS, using the same TinyMCE editor I've set up on your site, Using the same reply area and reply button? Of course you do. That's how we are having this conversation! This proves the point that ATS does work, as long as you set up the permissions correctly.

Further to that, your menu structure is a mess. At this point I am not sure which menu item ID is being chosen when replying to a ticket. You have many ways to get to the same page of the ticket system with different user access levels.

I cannot help you fix that. Your site is in a language I can't even read, let alone understand. 

What you need to do is create a hidden menu. Put a top level Categories menu item. Create submenu items for each category with the appropriate access level. This will create a nice menu items structure.

Wherever in your real menu structure you'd like to have an ATS page create an Alias menu item type and link it to one of the properly structured menu items in your hidden menu.

This is standard practice which overcomes Joomla's triple and conflicting cascading structure for extensions: menu items (ItemID), categories AND SEF router. This is not a problem unique to ATS, it also happens with Joomla's core Articles but you are less likely to see it because you seldom need to create and edit articles in the frontend.

So, again your problems are:

- You had set No New Replies to Yes. We fixed that.

- You had hard Deny permissions. We fixed that.

- Your menu structure is confusing and results in Joomla picking the wrong menu item, with the wrong Access level when parsing the SEF URLs. Therefore it gives you an Access Forbidden error when you try to submit a ticket reply. As I said, you need to fix that because I neither speak nor can read your language.