[4.2] Fix check permission in mod_submenu

[heelc29]

Summary of Changes

The check of permissions for the menu items is different between mod_submenu (dashboards) and mod_menu (main menu).
administrator/modules/mod_submenu/src/Menu/Menu.php#L136 ff.
administrator/modules/mod_menu/src/Menu/CssMenu.php#L333 ff.

Testing Instructions

Enable workflows in article options:

Check the content dashboard with a user with these permissions on com_content:

Actual result BEFORE applying this Pull Request

Categories is only displayed in the main menu (also applies to com_contact, ...)

When you click on workflows

Expected result AFTER applying this Pull Request

Categories is displayed in the module of the dashboard
Module containing workflows is not displayed (because no access to core.manage.workflow of com_content)

Link to documentations

Please select:

• No documentation changes for docs.joomla.org needed
• No documentation changes for manual.joomla.org needed

[ceciogit]

I have tested this item ✅ successfully on 22bb4fc

can replicate the issue, the pull request solved it.

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/39486.}

[carlitorweb]

I confirm the issue when you click on workflows and the PR fix it. But I have listed here Categories without apply the PR.

User permissions over com_content

[heelc29]

I confirm the issue when you click on workflows and the PR fix it. But I have listed here Categories without apply the PR.

@carlitorweb Ah, for my test I denied access core.manage globally and enabled it only for com_content. So without the patch it will try to check the permissions for com_categories that don't exist, thus falling back to the global permissions where core.manage is allowed.

Ok if you allow it globally you could deny it (core.manage) for com_content and then open the content dashboard. Here should the link to categories still visible but when you click on it you will get an 403?

[carlitorweb]

Ok if you allow it globally you could deny it (core.manage) for com_content and then open the content dashboard. Here should the link to categories still visible but when you click on it you will get an 403?

No, the result is same, not show any relate resources to the content component

This are the permissions:

[heelc29]

No, the result is same, not show any relate resources to the content component

@carlitorweb Yes, in the main menu (mod_menu) is correct, but at dashboard (mod_submenu) is not correct.

There are tho test cases:

1. I described in the test instruction (global: denied; content: allowed)
   • Link to Categories is missing at dashboard, although you have access and it is displayed in the (left) main menu
2. You tested now (global: allowed; content: denied)
   • Link to Categories is displayed at dashboard, although you don't have access and it doesn't displayed in the (left) main menu --> 403 Error

[carlitorweb]

Yes, in the main menu (mod_menu) is correct, but at dashboard (mod_submenu) is not correct.

This is correct, my fault. Now all is okay.

[carlitorweb]

I have tested this item ✅ successfully on 22bb4fc

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/39486.}

[Quy]

RTC

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/39486.}

[roland-d]

Thank you.