Joomla! 1.6 Access Control Proposal

Loading...

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

0 comments

Post a comment

    Post a comment
    Embed Video
    Edit your comment Cancel

    Notes on slide 1

    1 Favorite

    Joomla! 1.6 Access Control Proposal - Presentation Transcript

    1. Joomla! 1.6 ACCESS CONTROL PROPOSAL 9/7/2009 AmyStephen@tamka.org 1
    2. Joomla! 1.6 Access Control EXISTING SITUATION 9/7/2009 AmyStephen@tamka.org 2
    3. Joomla! 1.5 Access Control • One role per User • System-wide Scope Four types of permissions: • System Access • System Administration • Content Development • View Access 9/7/2009 AmyStephen@tamka.org 3
    4. Joomla! 1.5 ACL System Access Two types: A • Registered – Frontend access only • Special – Frontend and B Administrator Access 9/7/2009 AmyStephen@tamka.org 1 4
    5. Joomla! 1.5 ACL System Administration Special Access Level – Ability to Logon to the Administrator: • Manager – Backend Publisher • Administrator – Users and Extensions • Super Administrator - + Site Template, Cache, Check-in and Global Configuration 9/7/2009 AmyStephen@tamka.org 2 5
    6. Joomla! 1.5 ACL Content Development Three levels of permission: • Author – Create and Edit what they created • Editor – + Edit all • Publisher – Plus Publish 9/7/2009 AmyStephen@tamka.org 3 6
    7. Joomla! 1.5 ACL View Access Access Levels: • Public • Registered – Logged on • Special – Backend access Defined for: •Categories •Content •Menu Items and Modules 9/7/2009 AmyStephen@tamka.org 4 7
    8. Joomla! 1.6 Access Control GOALS AND OBJECTIVES 9/7/2009 AmyStephen@tamka.org 8
    9. Joomla! 1.6 UX Access Control Goals: Don’t design it poorly. Don’t make it complicated. Don’t make something stupid. 9/7/2009 AmyStephen@tamka.org 9
    10. No. 9/7/2009 AmyStephen@tamka.org 10
    11. Joomla! 1.6 ACL Objectives System Access Ability to provide Administrator Access to Frontend users. 9/7/2009 AmyStephen@tamka.org 1 11
    12. Joomla! 1.6 ACL Objectives System Administration Ability to set up System Administration Groups and assign permissions that fit organizational roles. Examples: • Advertising – Banners • Designer – Templates and Modules • Site Developer Team –All Extensions, Modules, Menus 9/7/2009 AmyStephen@tamka.org 2 12
    13. Joomla! 1.6 ACL Objectives Content Development Empower organizations School to segment Content with Groups and Access Control Rules that fits Elementary Administration their needs. 1st Grade 2nd Grade Principal 9/7/2009 AmyStephen@tamka.org 3 13
    14. Joomla! 1.6 ACL Objectives View Access Products • Customers Augment View Access Levels to facilitate sharing information Timesheets based on roles, interest and Assignments • Employees areas, responsibilities, or whatever the needs might be. Financials • Accountants 9/7/2009 AmyStephen@tamka.org 4 14
    15. Joomla! 1.6 Access Control USER MANAGER 9/7/2009 AmyStephen@tamka.org 15
    16. Joomla! 1.6 User Manager Options Suggest moving Global Configuration – System – User Settings here. A Legacy parameters that will continue to be used. Note: The fourth parameter, New User Registration Type, is defined on Group List page. A B Suggest adding three new parameters: • Enable Users as Groups • Enable Content Creator to Update • Enable New Group Creation for View Level B The first new option helps with Group Creation when establishing the Access Level for the Frontend. The second option enables Web masters to decide if updating is allowed after creation since updates post-Publishing has been problematic. The final option is described in the View Access Level section, and is used to enable creation of new Groups when needed for Access Level in Content development. 9/7/2009 AmyStephen@tamka.org 16
    17. C B A User Manager: Users List A - Remove Groups Column, problematic since Users can be in multiple groups B - Groups listbox can filter by Groups, including Custom Groups C – Also, the proposed Members list will display one row per Username / Group 9/7/2009 AmyStephen@tamka.org 17
    18. User Manager: Edit User: Groups User may be a member of multiple Groups. Groups can be added and removed on page. Note: consistent Widget UX object discussed in Group Edit. 9/7/2009 AmyStephen@tamka.org 18
    19. A B User Manager Groups – A – Default User C Registration Type B – System Groups C – Custom Groups 9/7/2009 AmyStephen@tamka.org 19
    20. A Joomla! 1.6 User Manager Default User Registration Type Used to specify the Default value assigned to new Users Registered is default Legacy value Remove from Global Configuration. 9/7/2009 AmyStephen@tamka.org 20
    21. B Joomla! 1.6 User Manager System Groups Public Frontend Visitors No Membership Editing Can create rules Take Action on Assets associated with Public Access Levels Exceptions? Concerns? Registered Logged on Users No Membership Editing Can create rules Take Action on Assets associated with Public and Registered Access Levels Super Administrator Full Control Cannot delete No Rule Editing Can manage membership Do not recommend adding Legacy System Groups: Author, Editor, Publisher, Manager, Administrator due to System Wide capabilities and confusion 9/7/2009 AmyStephen@tamka.org 21
    22. Joomla! 1.6 Access Control CUSTOM GROUPS, ACCESS CONTROL RULES, AND MEMBERS 9/7/2009 AmyStephen@tamka.org 22
    23. Joomla! 1.6 ACL Proposed Rules Group-Action-Asset Rules define Who? Administrators Manage Plugins What? and Where? Group Specifies who can perform this action. Action Describes what can be done. Articles within the Accountants Publish Fiscal Asset Category Specifies where this Action is allowed. 9/7/2009 AmyStephen@tamka.org 23
    24. Joomla! 1.6 ACL Proposed Rules Group-Action-Asset Recommended: Groups define who can do System Groups: something. Public, Published, Super Administrator Custom Groups: Created, as needed, by Site Developer In order for Groups to be useful, it is important that the Interface enable Users to create Groups at the point of selection. More later… 9/7/2009 AmyStephen@tamka.org 24
    25. Joomla! 1.6 ACL Proposed Rules Group-Action-Asset Recommended: Actions describe what can be Access: done. Extensions can use existing Login actions or add actions, as needed. Content-related: View, Respond, Create, Publish Publish includes Update, Delete, and Archive System Administration: Install, Manage, Uninstall 9/7/2009 AmyStephen@tamka.org 25
    26. Recommended: Joomla! 1.6 ACL Proposed Rules Group-Action-Asset All Access • Site (Frontend) Access Assets describe where an Action • Administrator Access is allowed. All Content • Articles, Banners, Contacts, Contact Form, Content, Menu Item, and Module Comments, Media, Newsfeed, Ratings, and Web Assets can further restrict Actions Links to a Category or Item • Content Assets can be further specified by Category or Content Item Accountants Publish Articles within the Fiscal Category. All Administration Site Development Parents View Menu Item • Global Configuration, Installer, Languages, Upcoming Events. Menus, Modules, Plugins, Templates System Management: • Cache, Check-in, Mass Mail, Messages, Redirect, Users 9/7/2009 AmyStephen@tamka.org 26
    27. 1 User Manager Group - Group Name -Suggest Removing Parent 2 - Manage ACL Rules Widget - Manage Group Member Widget - Proposed Widgets are Edit areas with List, Sort, Filter, Add, and Delete functions. 9/7/2009 AmyStephen@tamka.org 27
    28. 1 ACL Rules Widget Add Rule 1. ACL Rules Widget on Group page. 2. Press Add Rule. 3. Widget slides open exposing Add Rule Form with only the populated Action list box. 4. Select Action. 5. Request sent and Asset list box is populated with entries appropriate for selected Action. 6. Select Asset. 7. If Asset is type of Content, Menu, or Module, a request is sent and the Categories list box populated with entries appropriate for the selected Asset. (Or, Menu Items or Module names). 8. Select Category (Or, Menu Item or Module name). 9. Request sent and the Content Item list box is populated with entries for that Category. The Apply Rule to Child Objects checkbox is presented. 10. Optionally, select Content Item and Apply Rule to Child Objects listbox. 11. Press Add Rule to process change. ACL Rules widget closes. Delete Rule 1. Sort, Scroll, Filter, or Search for Rule. 2. Press X to the right of the Rule. 3. Respond to Prompt, Apply Rule Removal to Child Objects. 9/7/2009 AmyStephen@tamka.org 28
    29. 2 Group Members Widget Add Member 1. Group Members Widget on Group page. 2. Press Add Member. 3. Widget slides open exposing Add Member Form. 4. Enter Name in Autosuggest Listbox. 5. Select Name . 6. Press Add Member to process change. Group Member Widget closes with added Member. Delete Member 1. Sort, Scroll, Filter, or Search for Member. 2. Press X to the right of the Member. 3. Widget slides open exposing Add Member Form. 4. Respond to Prompt confirming Delete. Group Member Widget presents without Member. 9/7/2009 AmyStephen@tamka.org 29
    30. Rules List -Good resource to sort by Action, Asset, Category, Item, and Group -Ex. find all Groups w Web links access 9/7/2009 AmyStephen@tamka.org 30
    31. Member List -Good resource to sort by Username, Name, and Group 9/7/2009 AmyStephen@tamka.org 31
    32. Joomla! 1.6 Access Control VIEW ACCESS LEVEL FOR CONTENT, MENU ITEMS, MODULES 9/7/2009 AmyStephen@tamka.org 32
    33. Joomla! 1.6 Access Control View Access Level Access Level defines who can View content from the Frontend. In 1.5, default is “Public” and can be changed to “Registered” or “Special.” Recommendations for Joomla! 1.6: Build list of Access Level values from the list of System and Custom Group Names. Default Access Level to Parent value(s). (Remove default in Global Configuration). Remove Access Column in all List Views since it is no longer required to be a single value. The Access Listbox should remain allowing identification of content for that selected Access Level (Group). 9/7/2009 AmyStephen@tamka.org 33
    34. Joomla! 1.6 ACL Proposed Rules View Access Level Default Access Level to Parent value(s). Publish permission required before Access Level can be changed, otherwise, hide this Widget. 1 View Access Level Widget: Group(s) Selection and Removal Widget enables search for Group. Multiple Groups can be selected for Access Level. New Group Creation – Add User Manager Option “Enable New Group Creation for View Level.” If Parameter is activated, Widget should allow the creation of a Group and 2 automatically add a View Access Rule for the current Object. The Widget should also enable search and selection of Group Members. Note: Use Group Member Widget with Group Name field. If additional changes are desired for the new Group, those changes should be made in the User Manager to ensure proper access. This Widget should be available everywhere the Access List selection is required. 9/7/2009 AmyStephen@tamka.org 34
    35. Joomla! 1.6 Access Control USE CASE 9/7/2009 AmyStephen@tamka.org 35
    36. Use Case: Elementary School 9/7/2009 AmyStephen@tamka.org 36
    37. Joomla! 1.6 ACL Use Case Design Test 1. Create Categories Internal 2. Create Pages Office 3. Create Users External 4. Create Groups 5. Assign Members News 6. Assign Rules Elementary Classroom 7. Create Menus Showcase 8. Create Menu Items 9. Create Modules Portfolios Student 10. Create Templates 9/7/2009 AmyStephen@tamka.org 37
    38. Joomla! 1.6 ACL Use Case Design Test 1. Create Categories 2. Create Pages 3. Create Users 4. Create Groups 5. Assign Members 6. Assign Rules 7. Create Menus 8. Create Menu Items 9. Create Modules Office Staff - Jean, Sam 10. Create Templates Faculty - Lou, Addison The Student - Rainbow Parents - Stormy, Skye 9/7/2009 AmyStephen@tamka.org 38
    39. Group Action Asset Category Item Members Public View Articles Office External News View Articles Classroom Joomla! 1.6 ACL Use Case View Menu Item Showcase View Menu Item News Design Test View Menu Item Office View Menu Item External News 1. Create Categories Respond Comments News 2. Create Pages Registered View Menu Item News Super 3. Create Users Administrator Sam 4. Create Groups Content Administrator Access Administrator Jean 5. Assign Members Publish Manage All Content Users Manage Modules 6. Assign Rules Manage Template 7. Create Menus Faculty Access Administrator Lou, Addison Create Articles Internal News 8. Create Menu View Menu Item Internal News Items Office Staff Publish Articles Office Internal News Jean, Sam 9. Create Modules Publish View Articles Menu Item Office External News Office 10. Create Templates Students Create Articles Student Rainbox Response Comment Student Parents Response Comment Student Stormy, Skye Teacher Publish Articles Student Lou Response Comment Student 9/7/2009 AmyStephen@tamka.org 39 Publish Articles News
    40. Joomla! 1.6 ACL Use Case The proposed design provides for these Design Test recommendations: Conclusion • The Access Control, Group, Membership Access Control Custom Groups and Rules are very powerful and flexible. I do not foresee concerns about major limitations. It Widgets must be flexible, not require page should be adequate for any custom need I can imagine. load or visit to another page. I do have concerns about usability. Even with my very small Use Case, the configuration required to implement the design – on paper – was considerable. • Widgets must link all information together Consider, in Joomla! 1.5: so that every necessary configuration –be it •Each User could have only one Group. the Group, Member List, Rules, and even •Each content Item, Menu, Menu Item and Module could only have on Group, and typically that remained the default Public multiple sets of such, are easy to iteratively value. complete. Consider the difference for Joomla! 1.6: When Groups, Membership, and three-part Group-Action-Asset Rules are created and applied to cascading layers of Components, Categories, Items, Menus, Menu Items, and • Widgets must be provided to create View Modules. Level Access Groups and define Members to In short, User Interface will make or break Access Control in Joomla! 1.6. create a truly usable interface. 9/7/2009 AmyStephen@tamka.org 40
    SlideShare Zeitgeist 2009

    + baijianpengbaijianpeng Nominate

    custom

    739 views, 1 favs, 1 embeds more stats

    Joomla! 1.6 Access Control Proposal

    author: Amy more

    More info about this document

    © All Rights Reserved

    Go to text version

    • Total Views 739
      • 607 on SlideShare
      • 132 from embeds
    • Comments 0
    • Favorites 1
    • Downloads 27
    Most viewed embeds
    • 132 views on http://www.joomlagate.com

    more

    All embeds
    • 132 views on http://www.joomlagate.com

    less

    Flagged as inappropriate Flag as inappropriate
    Flag as inappropriate

    Select your reason for flagging this presentation as inappropriate. If needed, use the feedback form to let us know more details.

    Cancel
    File a copyright complaint
    Having problems? Go to our helpdesk?

    Categories

    Tags

    -->
    What's New

    © 2009 SlideShare Inc. All rights reserved.