source/packages/com_mokosuitebackup/access.xml

@@ -12,5 +12,8 @@
 		<action name="mokosuitebackup.backup.download" title="COM_MOKOSUITEBACKUP_ACTION_BACKUP_DOWNLOAD" />
 		<action name="mokosuitebackup.backup.restore" title="COM_MOKOSUITEBACKUP_ACTION_BACKUP_RESTORE" />
 		<action name="mokosuitebackup.snapshot.manage" title="COM_MOKOSUITEBACKUP_ACTION_SNAPSHOT_MANAGE" />
+		<action name="mokosuitebackup.backup.purge" title="COM_MOKOSUITEBACKUP_ACTION_BACKUP_PURGE" />
+		<action name="mokosuitebackup.backup.compare" title="COM_MOKOSUITEBACKUP_ACTION_BACKUP_COMPARE" />
+		<action name="mokosuitebackup.backup.browse" title="COM_MOKOSUITEBACKUP_ACTION_BACKUP_BROWSE" />
 	</section>
 </access>

source/packages/com_mokosuitebackup/api/src/Controller/SnapshotsController.php

@@ -36,7 +36,7 @@ class SnapshotsController extends ApiController
 	 */
 	public function displayList(): static
 	{
-		if (!$this->app->getIdentity()->authorise('core.manage', 'com_mokosuitebackup')) {
+		if (!$this->app->getIdentity()->authorise('mokosuitebackup.snapshot.manage', 'com_mokosuitebackup')) {
 			$this->app->setHeader('status', 403);
 			echo json_encode(['errors' => [['title' => 'Access denied']]]);
 			$this->app->close();
@@ -250,7 +250,7 @@ class SnapshotsController extends ApiController
 	 */
 	public function download(): static
 	{
-		if (!$this->app->getIdentity()->authorise('core.manage', 'com_mokosuitebackup')) {
+		if (!$this->app->getIdentity()->authorise('mokosuitebackup.snapshot.manage', 'com_mokosuitebackup')) {
 			$this->app->setHeader('status', 403);
 			echo json_encode(['errors' => [['title' => 'Access denied']]]);
 			$this->app->close();

source/packages/com_mokosuitebackup/config.xml

@@ -39,6 +39,73 @@
 		</field>
 	</fieldset>
 
+	<fieldset name="defaults" label="COM_MOKOJOOMBACKUP_CONFIG_DEFAULTS">
+		<field
+			name="default_archive_format"
+			type="list"
+			label="COM_MOKOJOOMBACKUP_CONFIG_DEFAULT_FORMAT"
+			description="COM_MOKOJOOMBACKUP_CONFIG_DEFAULT_FORMAT_DESC"
+			default="zip"
+		>
+			<option value="zip">ZIP</option>
+			<option value="tar.gz">tar.gz</option>
+			<option value="7z">7z</option>
+		</field>
+		<field
+			name="default_mokorestore"
+			type="list"
+			label="COM_MOKOJOOMBACKUP_CONFIG_DEFAULT_MOKORESTORE"
+			description="COM_MOKOJOOMBACKUP_CONFIG_DEFAULT_MOKORESTORE_DESC"
+			default="0"
+		>
+			<option value="0">COM_MOKOJOOMBACKUP_MOKORESTORE_NONE</option>
+			<option value="1">COM_MOKOJOOMBACKUP_MOKORESTORE_WRAPPED</option>
+			<option value="standalone">COM_MOKOJOOMBACKUP_MOKORESTORE_STANDALONE</option>
+		</field>
+		<field
+			name="default_sanitize_passwords"
+			type="radio"
+			label="COM_MOKOJOOMBACKUP_CONFIG_DEFAULT_SANITIZE_PW"
+			description="COM_MOKOJOOMBACKUP_CONFIG_DEFAULT_SANITIZE_PW_DESC"
+			default="0"
+			class="btn-group"
+		>
+			<option value="1">JYES</option>
+			<option value="0">JNO</option>
+		</field>
+		<field
+			name="default_sanitize_emails"
+			type="radio"
+			label="COM_MOKOJOOMBACKUP_CONFIG_DEFAULT_SANITIZE_EMAIL"
+			description="COM_MOKOJOOMBACKUP_CONFIG_DEFAULT_SANITIZE_EMAIL_DESC"
+			default="0"
+			class="btn-group"
+		>
+			<option value="1">JYES</option>
+			<option value="0">JNO</option>
+		</field>
+		<field
+			name="default_sanitize_sessions"
+			type="radio"
+			label="COM_MOKOJOOMBACKUP_CONFIG_DEFAULT_SANITIZE_SESS"
+			description="COM_MOKOJOOMBACKUP_CONFIG_DEFAULT_SANITIZE_SESS_DESC"
+			default="1"
+			class="btn-group"
+		>
+			<option value="1">JYES</option>
+			<option value="0">JNO</option>
+		</field>
+		<field
+			name="log_retention_days"
+			type="number"
+			label="COM_MOKOJOOMBACKUP_CONFIG_LOG_RETENTION"
+			description="COM_MOKOJOOMBACKUP_CONFIG_LOG_RETENTION_DESC"
+			default="90"
+			min="0"
+			max="365"
+		/>
+	</fieldset>
+
 	<fieldset name="webcron" label="COM_MOKOJOOMBACKUP_CONFIG_WEBCRON">
 		<field
 			name="webcron_secret"
@@ -172,6 +239,32 @@
 		</field>
 	</fieldset>
 
+	<fieldset name="ntfy" label="COM_MOKOJOOMBACKUP_CONFIG_NTFY">
+		<field
+			name="ntfy_server"
+			type="text"
+			label="COM_MOKOJOOMBACKUP_CONFIG_NTFY_SERVER"
+			description="COM_MOKOJOOMBACKUP_CONFIG_NTFY_SERVER_DESC"
+			default="https://ntfy.sh"
+			filter="url"
+		/>
+		<field
+			name="ntfy_topic"
+			type="text"
+			label="COM_MOKOJOOMBACKUP_CONFIG_NTFY_TOPIC"
+			description="COM_MOKOJOOMBACKUP_CONFIG_NTFY_TOPIC_DESC"
+			default=""
+			filter="string"
+		/>
+		<field
+			name="ntfy_token"
+			type="password"
+			label="COM_MOKOJOOMBACKUP_CONFIG_NTFY_TOKEN"
+			description="COM_MOKOJOOMBACKUP_CONFIG_NTFY_TOKEN_DESC"
+			default=""
+		/>
+	</fieldset>
+
 	<fieldset name="permissions" label="JCONFIG_PERMISSIONS_LABEL"
 		description="JCONFIG_PERMISSIONS_DESC">
 		<field

source/packages/com_mokosuitebackup/language/en-GB/com_mokosuitebackup.ini

@@ -414,6 +414,38 @@ COM_MOKOJOOMBACKUP_SNAPSHOTS_N_DELETED="%d snapshot(s) deleted."
 COM_MOKOJOOMBACKUP_SNAPSHOTS_1_DELETED="1 snapshot deleted."
 COM_MOKOJOOMBACKUP_SNAPSHOTS_DELETE_ERRORS="Failed to delete snapshot(s): %s"
 
+; Component Options — Defaults
+COM_MOKOJOOMBACKUP_CONFIG_DEFAULTS="Profile Defaults"
+COM_MOKOJOOMBACKUP_CONFIG_DEFAULT_FORMAT="Default Archive Format"
+COM_MOKOJOOMBACKUP_CONFIG_DEFAULT_FORMAT_DESC="Archive format used when creating new profiles. Can be overridden per profile."
+COM_MOKOJOOMBACKUP_CONFIG_DEFAULT_MOKORESTORE="Default MokoRestore Mode"
+COM_MOKOJOOMBACKUP_CONFIG_DEFAULT_MOKORESTORE_DESC="MokoRestore mode for new profiles. None, Wrapped (inside ZIP), or Standalone (separate file)."
+COM_MOKOJOOMBACKUP_CONFIG_DEFAULT_SANITIZE_PW="Default: Sanitize Passwords"
+COM_MOKOJOOMBACKUP_CONFIG_DEFAULT_SANITIZE_PW_DESC="Whether new profiles should sanitize user passwords by default."
+COM_MOKOJOOMBACKUP_CONFIG_DEFAULT_SANITIZE_EMAIL="Default: Sanitize Emails"
+COM_MOKOJOOMBACKUP_CONFIG_DEFAULT_SANITIZE_EMAIL_DESC="Whether new profiles should sanitize user emails by default."
+COM_MOKOJOOMBACKUP_CONFIG_DEFAULT_SANITIZE_SESS="Default: Clear Sessions"
+COM_MOKOJOOMBACKUP_CONFIG_DEFAULT_SANITIZE_SESS_DESC="Whether new profiles should clear session data by default."
+COM_MOKOJOOMBACKUP_CONFIG_LOG_RETENTION="Log Retention (days)"
+COM_MOKOJOOMBACKUP_CONFIG_LOG_RETENTION_DESC="Days to keep .log files alongside backup archives. Set to 0 for unlimited."
+
+; Component Options — ntfy
+COM_MOKOJOOMBACKUP_CONFIG_NTFY="Push Notifications (ntfy)"
+COM_MOKOJOOMBACKUP_CONFIG_NTFY_SERVER="Global ntfy Server"
+COM_MOKOJOOMBACKUP_CONFIG_NTFY_SERVER_DESC="Default ntfy server URL. Per-profile settings override this."
+COM_MOKOJOOMBACKUP_CONFIG_NTFY_TOPIC="Global ntfy Topic"
+COM_MOKOJOOMBACKUP_CONFIG_NTFY_TOPIC_DESC="Default ntfy topic for backup notifications. Per-profile settings override this."
+COM_MOKOJOOMBACKUP_CONFIG_NTFY_TOKEN="Global ntfy Token"
+COM_MOKOJOOMBACKUP_CONFIG_NTFY_TOKEN_DESC="Default access token for private ntfy topics. Per-profile settings override this."
+
+; ACL — additional actions
+COM_MOKOSUITEBACKUP_ACTION_BACKUP_PURGE="Purge Old Backups"
+COM_MOKOSUITEBACKUP_ACTION_BACKUP_PURGE_DESC="Allows users to bulk-delete backups older than a specific date."
+COM_MOKOSUITEBACKUP_ACTION_BACKUP_COMPARE="Compare Backups"
+COM_MOKOSUITEBACKUP_ACTION_BACKUP_COMPARE_DESC="Allows users to compare two backup records side-by-side."
+COM_MOKOSUITEBACKUP_ACTION_BACKUP_BROWSE="Browse Archives"
+COM_MOKOSUITEBACKUP_ACTION_BACKUP_BROWSE_DESC="Allows users to view file listings inside backup archives without extracting."
+
 ; Snapshot ACL
 COM_MOKOSUITEBACKUP_ACTION_SNAPSHOT_MANAGE="Manage Snapshots"
 COM_MOKOSUITEBACKUP_ACTION_SNAPSHOT_MANAGE_DESC="Allows users in this group to create and restore content snapshots. Snapshots only affect articles, categories, and modules — not the full site."

source/packages/com_mokosuitebackup/src/Controller/AjaxController.php

@@ -348,7 +348,7 @@ class AjaxController extends BaseController
 			return;
 		}
 
-		if (!$this->app->getIdentity()->authorise('mokosuitebackup.backup.run', 'com_mokosuitebackup')) {
+		if (!$this->app->getIdentity()->authorise('mokosuitebackup.backup.restore', 'com_mokosuitebackup')) {
 			$this->sendJson(['error' => true, 'message' => 'Access denied'], 403);
 
 			return;
@@ -384,7 +384,7 @@ class AjaxController extends BaseController
 			return;
 		}
 
-		if (!$this->app->getIdentity()->authorise('mokosuitebackup.backup.run', 'com_mokosuitebackup')) {
+		if (!$this->app->getIdentity()->authorise('mokosuitebackup.backup.restore', 'com_mokosuitebackup')) {
 			$this->sendJson(['error' => true, 'message' => 'Access denied'], 403);
 
 			return;
@@ -416,7 +416,7 @@ class AjaxController extends BaseController
 			return;
 		}
 
-		if (!$this->app->getIdentity()->authorise('core.manage', 'com_mokosuitebackup')) {
+		if (!$this->app->getIdentity()->authorise('mokosuitebackup.backup.browse', 'com_mokosuitebackup')) {
 			$this->sendJson(['error' => true, 'message' => 'Access denied'], 403);
 
 			return;
@@ -725,7 +725,7 @@ class AjaxController extends BaseController
 			return;
 		}
 
-		if (!$this->app->getIdentity()->authorise('core.delete', 'com_mokosuitebackup')) {
+		if (!$this->app->getIdentity()->authorise('mokosuitebackup.backup.purge', 'com_mokosuitebackup')) {
 			$this->sendJson(['error' => true, 'message' => 'Access denied'], 403);
 
 			return;
@@ -776,7 +776,7 @@ class AjaxController extends BaseController
 			return;
 		}
 
-		if (!$this->app->getIdentity()->authorise('core.manage', 'com_mokosuitebackup')) {
+		if (!$this->app->getIdentity()->authorise('mokosuitebackup.backup.compare', 'com_mokosuitebackup')) {
 			$this->sendJson(['error' => true, 'message' => 'Access denied'], 403);
 
 			return;

source/packages/com_mokosuitebackup/src/Controller/BackupsController.php

@@ -176,7 +176,7 @@ class BackupsController extends AdminController
 	{
 		$this->checkToken();
 
-		if (!$this->app->getIdentity()->authorise('core.delete', 'com_mokosuitebackup')) {
+		if (!$this->app->getIdentity()->authorise('mokosuitebackup.backup.purge', 'com_mokosuitebackup')) {
 			$this->setMessage(Text::_('JLIB_APPLICATION_ERROR_ACCESS_FORBIDDEN'), 'error');
 			$this->setRedirect(Route::_('index.php?option=com_mokosuitebackup&view=backups', false));
 

source/packages/com_mokosuitebackup/src/Controller/SnapshotsController.php

@@ -259,7 +259,7 @@ class SnapshotsController extends AdminController
 	{
 		$this->checkToken();
 
-		if (!$this->app->getIdentity()->authorise('core.delete', 'com_mokosuitebackup')) {
+		if (!$this->app->getIdentity()->authorise('mokosuitebackup.snapshot.manage', 'com_mokosuitebackup')) {
 			$this->setMessage(Text::_('JLIB_APPLICATION_ERROR_ACCESS_FORBIDDEN'), 'error');
 			$this->setRedirect(Route::_('index.php?option=com_mokosuitebackup&view=snapshots', false));
 

source/packages/com_mokosuitebackup/src/View/Backups/HtmlView.php

@@ -120,14 +120,19 @@ class HtmlView extends BaseHtmlView
 			ToolbarHelper::custom('backups.restore', 'upload', '', 'COM_MOKOJOOMBACKUP_TOOLBAR_RESTORE', true);
 		}
 
-		ToolbarHelper::custom('backups.verify', 'shield', '', 'COM_MOKOJOOMBACKUP_TOOLBAR_VERIFY', true);
-
 		if ($user->authorise('core.manage', 'com_mokosuitebackup')) {
+			ToolbarHelper::custom('backups.verify', 'shield', '', 'COM_MOKOJOOMBACKUP_TOOLBAR_VERIFY', true);
+		}
+
+		if ($user->authorise('mokosuitebackup.backup.compare', 'com_mokosuitebackup')) {
 			ToolbarHelper::custom('backups.compare', 'copy', '', 'COM_MOKOJOOMBACKUP_TOOLBAR_COMPARE', true);
 		}
 
 		if ($user->authorise('core.delete', 'com_mokosuitebackup')) {
 			ToolbarHelper::deleteList('JGLOBAL_CONFIRM_DELETE', 'backups.delete');
+		}
+
+		if ($user->authorise('mokosuitebackup.backup.purge', 'com_mokosuitebackup')) {
 			ToolbarHelper::custom('backups.purgeModal', 'trash', '', 'COM_MOKOJOOMBACKUP_TOOLBAR_PURGE', false);
 		}