We have issues with the Matukio permission system.
We want to enable our users to create events themselves.
However, they should only be able to edit their own events and thus not get into each others way.
In the backend, there is an option to give users the permission to edit their own events.
Another permission option is to create events.
When assigning these permissions to a user, he should be able to create events in the frontend and edit these events.
He should not be able to edit any other events.
However, the button to create events is not available to those users in the frontend.
When checking the source code, it becomes apparent why this is the case:
com_matukio/views/eventlist/tmpl/bootstrap3.php
<?php if (JFactory::getUser()->authorise('core.edit', 'com_matukio')): ?>
<a class="btn btn-default"
href="/<?php echo MatukioHelperRoute::getEventEditRoute(); ?>"
title="<?php echo JTEXT::_('COM_MATUKIO_NEW_EVENT'); ?>">
<?php echo JTEXT::_('COM_MATUKIO_NEW_EVENT'); ?>
</a>
<?php endif; ?>
This shows that the edit option is only shown to users with the core.edit permission.
However, this permission automatically allows editing of all other events, which reduces the edit own and create permissions to absurdity.
Please fix this bug and allow users with proper permissions (create events, for example) to create events.
Best,
Jan
