Release v01.06.00: Full ACL system, workflow cleanup, housekeeping #180

2026-06-23T21:49:08Z

jmiller commented

2026-06-23 21:49:08 +00:00

Summary

Added

Full ACL system: 12 granular permissions in access.xml with permissions fieldset in config.xml
ACL enforcement: All controllers and views check permissions before allowing actions
MokoSuiteCrossHelper::getActions(): Centralized ACL helper for toolbar and view logic

Fixed

License warning: Removed duplicate from system plugin (install script already shows it)

Housekeeping

Removed wiki/ folder (migrated to Gitea wiki feature)
Removed .mokogitea/manifest.xml (metadata via API)
Removed composer-publish, update-server, deploy-manual, security-audit workflows (org-wide)

Test Plan

Component Options shows Permissions tab with 19 actions
Non-admin users cannot see Options button in toolbar
Users without mokosuitecross.services.manage cannot save services
Users without mokosuitecross.templates.manage cannot save templates
Users without mokosuitecross.queue.export cannot export CSV
Users without core.manage get 403 on component access
License warning shows once during install only (not on every page load)

## Summary ### Added - **Full ACL system**: 12 granular permissions in access.xml with permissions fieldset in config.xml - **ACL enforcement**: All controllers and views check permissions before allowing actions - **MokoSuiteCrossHelper::getActions()**: Centralized ACL helper for toolbar and view logic ### Fixed - **License warning**: Removed duplicate from system plugin (install script already shows it) ### Housekeeping - Removed wiki/ folder (migrated to Gitea wiki feature) - Removed .mokogitea/manifest.xml (metadata via API) - Removed composer-publish, update-server, deploy-manual, security-audit workflows (org-wide) ## Test Plan - [ ] Component Options shows Permissions tab with 19 actions - [ ] Non-admin users cannot see Options button in toolbar - [ ] Users without mokosuitecross.services.manage cannot save services - [ ] Users without mokosuitecross.templates.manage cannot save templates - [ ] Users without mokosuitecross.queue.export cannot export CSV - [ ] Users without core.manage get 403 on component access - [ ] License warning shows once during install only (not on every page load)

jmiller added 13 commits 2026-06-23 21:49:08 +00:00

chore(version): pre-release bump to 01.05.03-dev [skip ci]

Publish to Composer / Publish Package (release) Failing after 6s

Details

f65d261598

chore: remove .mokogitea/manifest.xml -- metadata via API

Universal: Auto Version Bump / Version Bump (push) Successful in 19s

Details

Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 36s

Details

b3846fa633

chore(version): auto-bump patch 01.05.04-dev [skip ci] 053fe2d52c

chore(version): pre-release bump to 01.06.01-dev [skip ci]

Publish to Composer / Publish Package (release) Failing after 8s

Details

b9d8eb3950

chore: remove composer-publish, update-server, deploy-manual workflows

Universal: Auto Version Bump / Version Bump (push) Successful in 21s

Details

Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 15s

Details

69c728cd5a

chore(version): auto-bump patch 01.06.02-dev [skip ci] c512829cd4

chore(version): pre-release bump to 01.06.03-dev [skip ci] 064d5e3ab1

chore: remove security-audit.yml -- handled by MokoGitea

Universal: Auto Version Bump / Version Bump (push) Successful in 30s

Details

Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 18s

Details

491bd3b858

chore(version): auto-bump patch 01.06.04-dev [skip ci] 2291db32c5

chore(version): pre-release bump to 01.06.05-dev [skip ci] 7fa97231a1

feat: full ACL system with 12 granular permissions across entire codebase

Universal: Auto Version Bump / Version Bump (push) Successful in 17s

Details

Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 24s

Details

0cb24b4759

access.xml: 12 component-specific actions added:
- mokosuitecross.crosspost (auto cross-post on publish)
- mokosuitecross.crosspost.manual (manually create posts)
- mokosuitecross.delete.remote (delete from remote platforms)
- mokosuitecross.services.manage (create/edit/delete services)
- mokosuitecross.services.credentials (view decrypted credentials)
- mokosuitecross.templates.manage (create/edit/delete templates)
- mokosuitecross.logs.view (view activity logs)
- mokosuitecross.logs.purge (purge old logs)
- mokosuitecross.queue.manage (manage post queue)
- mokosuitecross.queue.export (export posts as CSV)
- mokosuitecross.dispatch (trigger REST API dispatch)
- mokosuitecross.migrate (run Perfect Publisher migration)

config.xml: permissions fieldset with rules field for admin UI.

Enforcement:
- DisplayController: core.manage gate on all views
- ServicesController: publish/delete ACL checks
- TemplatesController: publish/delete ACL checks
- PostsController: queue.export permission
- ServiceController: services.manage for test connection
- DispatchController: dispatch permission for REST API
- All list views: preferences button gated by core.admin
- All edit views: save/apply buttons gated by section permission
- MokoSuiteCrossHelper::getActions() centralizes ACL lookups

chore(version): auto-bump patch 01.06.06-dev [skip ci] 23de84610e

chore(version): pre-release bump to 01.06.07-dev [skip ci] f1ea8ead74

jmiller added 2 commits 2026-06-23 21:51:05 +00:00

Merge remote-tracking branch 'origin/main' into dev 75c878507e

# Conflicts:
#	.mokogitea/manifest.xml

Merge branch 'dev' of https://git.mokoconsulting.tech/MokoConsulting/MokoSuiteCross into dev

Joomla: Extension CI / Tests (PHP 8.2) (pull_request) Blocked by required conditions

Details

Joomla: Extension CI / Tests (PHP 8.3) (pull_request) Blocked by required conditions

Details

Joomla: Extension CI / PHPStan Analysis (pull_request) Blocked by required conditions

Details

Joomla: Extension CI / Build RC Pre-Release (pull_request) Blocked by required conditions

Details

Universal: PR Check / Build RC Package (pull_request) Blocked by required conditions

Details

Universal: PR Check / Report Issues (pull_request) Blocked by required conditions

Details

Generic: Repo Health / Scripts governance (pull_request) Blocked by required conditions

Details

Generic: Repo Health / Repository health (pull_request) Blocked by required conditions

Details

Generic: Repo Health / Report Issues (pull_request) Blocked by required conditions

Details

Universal: PR Check / Branch Policy (pull_request) Successful in 1s

Details

Generic: Repo Health / Access control (pull_request) Successful in 2s

Details

Generic: Repo Health / Site Health (pull_request) Has been skipped

Details

Joomla: Extension CI / Release Readiness Check (pull_request) Failing after 4s

Details

Universal: PR Check / Validate PR (pull_request) Failing after 6s

Details

Universal: PR Check / Secret Scan (pull_request) Successful in 7s

Details

Joomla: Extension CI / Lint & Validate (pull_request) Failing after 11s

Details

Universal: Auto Version Bump / Version Bump (push) Successful in 12s

Details

Joomla: Metadata Validation / Validate Joomla Metadata (pull_request) Successful in 14s

Details

Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || github.ref_name }}) (push) Successful in 12s

Details

274c1f34af

jmiller added 1 commit 2026-06-23 21:51:20 +00:00

chore(version): auto-bump patch 01.06.08-dev [skip ci]

Branch Cleanup / Delete merged branch (pull_request) Has been skipped

Details

RC Revert / Rename rc/ back to dev/ (pull_request) Has been skipped

Details

Universal: Build & Release / Promote to RC (pull_request) Has been skipped

Details

Universal: Build & Release / Build & Release Pipeline (pull_request) Successful in 16s

Details

Universal: Workflow Sync Trigger / Sync workflows to live repos (pull_request) Failing after 3m7s

Details

55d2123c33

jmiller merged commit dc8d7d59d4 into main

2026-06-23 21:51:25 +00:00

Sign in to join this conversation.

Priority -

Type -

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: MokoConsulting/MokoSuiteCross#180