CUTTING CORNERS FROM A WHEEL    // Forkito ACL //                        FORKITO
FINAL GOALEasy to use and understand ACL systemReusable ACL library compatible with most widespread Joomlabased projects  ...
FORKITO ACL FLAVORS Ţ Joomla fork flavor (working - oh yeah) Ţ Molajo flavor (in progress) Ţ Nooku flavor (planned)       ...
JOOMLA FORK FLAVOR                     FORKITO
JOOMLA FORK FLAVORDid he really say that?                                  FORKITO
JOOMLA FORK FLAVORStarting point for the whole project.Used as proof of concept                                        FOR...
Joomla fork form == contains changes to 70+ files due to poor Joomla ACL implementation in application layer Joomla - ACL ...
COVERED PARTSNew forkito ACL libraryJoomla library methods are changed to proxies to a new librarymethodsIncludes internal...
COVERED PARTSWeb application framework layer Ţ categories Ţ menus, Ţ modules, Ţ pluginsMainly changes to multiple items qu...
COVERED PARTSApplication Ţ Backend components: com_categories, com_menus,    com_modules, com_plugins Ţ Content components...
WHERE I CAN GET ITgit clone git://git.forkito.org/forkito                                          FORKITO
MOLAJO FLAVOR                FORKITO
Completely new classesWhere most development goes at the momentThe most important part                                    ...
Molajo   ?   - web application layer will be completely redonetogether with components - layer includes hooks for ACL plug...
Molajo   ?   - web application layer will be completely redonetogether with components - layer includes hooks for ACL plug...
NOOKU FLAVOR               FORKITO
Will come after Molajo flavourit is expected that only minor changes will be needed in ForkitoACl for it to work with Nook...
Unified ACL// Forkito to Joomla ACL comparision//                                         FORKITO
REMOVED VIEW ACCESS LEVELS AND ADDED VIEW TOACTIONS50% less users effort needed, 50% less complicated.View == actionNo nee...
RADICALLY IMPROVED AND SIMPLIFIED USER INTERFACE Ţ Simple matryx of groups and actions Ţ One-click permission changes Ţ In...
SIMPLIFIED OPERATIONAL LOGICLower level always winsGlobal >Component>(Category)>(Item)Anything set on the lower level beat...
SIMPLIFIED OPERATIONAL LOGICIf one group gives you access you are in(key analogy)If you have a key that opens certain door...
DRY-ED AND RE-ARCHITECTUREDNo code repetitionA single method for a single purpose.Classes reusing other classes methods an...
JSON ENCODED RULES REPLACED WITH PERMISSIONSTABLEJSON encoded string of permissions, stored in simgle databasefield was on...
WHY ?    FORKITO
It totally disables any database relations, conditional searches etc.with enormous impact on performance.                 ...
To retrieve a list of items user has a permission to view (or edit ordo any action) code would need to query for ALL items...
Having JSON in a database == a performance problem=> you need more efficient system for managing thousands ofusers trying ...
ALWAYS PRESENT BASIC SYSTEM GROUPSGroups that cannot be removed or their role changedWhile this might seem like a backward...
ALWAYS PRESENT BASIC SYSTEM GROUPSEveryone- Not-authenticated - anonymous visitors- Authenticated – anyone that is logged ...
Simple API// Hod do I implement it //                              FORKITO
API GOALCreate minimal number of humanly understandable (selfexplaining) classes and method names.                        ...
CHECK AUTHORIZATION - MACCESS CLASSCheck single items authorization :isUserAuthorizedTo+ shortcut: isUserAuthorisedToView ...
CHECK AUTHORIZATION - MACCESS CLASSCheck multiple items authorization (by automatically insertingfiltering sql in multiple...
MULTIPLE ITEMS AUTHORIZATION EXAMPLEJPluginHelper::_load()Joomla$levels = implode(,, $user->getAuthorisedViewLevels());......
MULTIPLE ITEMS AUTHORIZATION EXAMPLEForkito ACL$query->select(e.folder AS type, e.element AS name, e.params, e.extension_i...
MULTIPLE ITEMS AUTHORIZATION EXAMPLEThe same function is used in categories helper, modules helper,com_content articles mo...
USER INTERFACEInsert acl widget HTML: MHtmlPermissions::aclWidgetGet ready-made acl widget in shape of Joomla form field:M...
Future// Short term //                   FORKITO
Testing, testing. Bugfixing.Testing. Bugfixing. Bugfixing. Testing. Testing. Bugfixing.Testing, testing. Bugfixing.Testing...
USER INTERFACE IMPROVEMENTInheritance breadcrumbs - show what this level is inheriting from                               ...
Future// Long term //                  FORKITO
MORE ROUNDS OF SIMPLIFICATIONSimple mode - flatten inheritance , keep only default and category(or item) permissions      ...
Upcoming SlideShare
Loading in …5
×

Cutting corners from a wheel -

1,468 views
1,391 views

Published on

Forkito ACL presentation at J and Beyond conference 2011

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,468
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
8
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Cutting corners from a wheel -

  1. 1. CUTTING CORNERS FROM A WHEEL // Forkito ACL // FORKITO
  2. 2. FINAL GOALEasy to use and understand ACL systemReusable ACL library compatible with most widespread Joomlabased projects FORKITO
  3. 3. FORKITO ACL FLAVORS Ţ Joomla fork flavor (working - oh yeah) Ţ Molajo flavor (in progress) Ţ Nooku flavor (planned) FORKITO
  4. 4. JOOMLA FORK FLAVOR FORKITO
  5. 5. JOOMLA FORK FLAVORDid he really say that? FORKITO
  6. 6. JOOMLA FORK FLAVORStarting point for the whole project.Used as proof of concept FORKITO
  7. 7. Joomla fork form == contains changes to 70+ files due to poor Joomla ACL implementation in application layer Joomla - ACL hardcoded everywhererevision 7 FORKITO
  8. 8. COVERED PARTSNew forkito ACL libraryJoomla library methods are changed to proxies to a new librarymethodsIncludes internal methods that take care of backwardscompatibility with old Joomla ACL FORKITO
  9. 9. COVERED PARTSWeb application framework layer Ţ categories Ţ menus, Ţ modules, Ţ pluginsMainly changes to multiple items queries FORKITO
  10. 10. COVERED PARTSApplication Ţ Backend components: com_categories, com_menus, com_modules, com_plugins Ţ Content components: com_content (back and frontend) Ţ Pagenavigation plugin-Contains changes to 37 php and 15 xml files,most extensive changes to com_users and com_content FORKITO
  11. 11. WHERE I CAN GET ITgit clone git://git.forkito.org/forkito FORKITO
  12. 12. MOLAJO FLAVOR FORKITO
  13. 13. Completely new classesWhere most development goes at the momentThe most important part FORKITO
  14. 14. Molajo ? - web application layer will be completely redonetogether with components - layer includes hooks for ACL pluginsJust few library overrides (JUser, JCategories, JMenu … )Joomla compatibility methods removed – extension either usesJoomla or Forkito ACL FORKITO
  15. 15. Molajo ? - web application layer will be completely redonetogether with components - layer includes hooks for ACL pluginsJust few library overrides (JUser, JCategories, JMenu … )Joomla compatibility methods removed – extension either usesJoomla or Forkito ACL yes, it can be done FORKITO
  16. 16. NOOKU FLAVOR FORKITO
  17. 17. Will come after Molajo flavourit is expected that only minor changes will be needed in ForkitoACl for it to work with Nooku framework.Forkito will represent an addon library here FORKITO
  18. 18. Unified ACL// Forkito to Joomla ACL comparision// FORKITO
  19. 19. REMOVED VIEW ACCESS LEVELS AND ADDED VIEW TOACTIONS50% less users effort needed, 50% less complicated.View == actionNo need for a separate ACL system for managing view permissions.onfusing for the user and inefficient from the system point of view. FORKITO
  20. 20. RADICALLY IMPROVED AND SIMPLIFIED USER INTERFACE Ţ Simple matryx of groups and actions Ţ One-click permission changes Ţ Instantly visible changes in inherited values FORKITO
  21. 21. SIMPLIFIED OPERATIONAL LOGICLower level always winsGlobal >Component>(Category)>(Item)Anything set on the lower level beats what was set on the higherone (denied or allowed)Assigned permission beats inheritedUsers are auto assigned to parent groups, so anything that is set inparents will affect users permissions, but only if it is not setexplicitly in assigned groups. FORKITO
  22. 22. SIMPLIFIED OPERATIONAL LOGICIf one group gives you access you are in(key analogy)If you have a key that opens certain doors, it doesnt matter ifanother key doesnt work, you still can get in.When user is allowed to do something trough his membership inone of the assigned groups, all others are irrelevant. FORKITO
  23. 23. DRY-ED AND RE-ARCHITECTUREDNo code repetitionA single method for a single purpose.Classes reusing other classes methods and not replicating them.Very low amount of code, will cut off even more in the future. FORKITO
  24. 24. JSON ENCODED RULES REPLACED WITH PERMISSIONSTABLEJSON encoded string of permissions, stored in simgle databasefield was one of the most horrible ideas ever seen in JoomlaThis kind of code crimes should be punishable with at least 100 hitswith a stick. FORKITO
  25. 25. WHY ? FORKITO
  26. 26. It totally disables any database relations, conditional searches etc.with enormous impact on performance. FORKITO
  27. 27. To retrieve a list of items user has a permission to view (or edit ordo any action) code would need to query for ALL items, unpackjson string item by item and check permissions each itemseparately.Now imagine you have 100.000 or even 1 million items to inspectone by one and try to imagine how long that would take and e.g.how much memory it would consume.Get the picture? FORKITO
  28. 28. Having JSON in a database == a performance problem=> you need more efficient system for managing thousands ofusers trying to view pages=> you "solve" the problem by inventing another ACL systemcalled access levels FORKITO
  29. 29. ALWAYS PRESENT BASIC SYSTEM GROUPSGroups that cannot be removed or their role changedWhile this might seem like a backwards step, this groups are reallycorner stones that CMS ACL cannot work without. Equivalent tounix wheel and anonymous groups roles.Having groups system can always rely on -> RELIABILITY,better performance and better security// including root configuration hack that is not need anymore // FORKITO
  30. 30. ALWAYS PRESENT BASIC SYSTEM GROUPSEveryone- Not-authenticated - anonymous visitors- Authenticated – anyone that is logged in-- Admins – replacing global core.admin permission (equivalent tounix wheel group) FORKITO
  31. 31. Simple API// Hod do I implement it // FORKITO
  32. 32. API GOALCreate minimal number of humanly understandable (selfexplaining) classes and method names. FORKITO
  33. 33. CHECK AUTHORIZATION - MACCESS CLASSCheck single items authorization :isUserAuthorizedTo+ shortcut: isUserAuthorisedToView FORKITO
  34. 34. CHECK AUTHORIZATION - MACCESS CLASSCheck multiple items authorization (by automatically insertingfiltering sql in multiple items queries):insertFilterQuery FORKITO
  35. 35. MULTIPLE ITEMS AUTHORIZATION EXAMPLEJPluginHelper::_load()Joomla$levels = implode(,, $user->getAuthorisedViewLevels());...$query->select(folder AS type, element AS name, params)->from(#__extensions)->where(enabled >= 1)->where(type =.$db->Quote(plugin))->where(state >= 0)->where(access IN (.$levels.))->order(ordering); FORKITO
  36. 36. MULTIPLE ITEMS AUTHORIZATION EXAMPLEForkito ACL$query->select(e.folder AS type, e.element AS name, e.params, e.extension_id,e.asset_id)->from(#__extensions AS e)->where(enabled >= 1)->where(type =.$db->Quote(plugin))->where(state >= 0)->order(ordering);jimport(molajo.access.access);MAccess::insertFilterQuery($db, $query, e.asset_id, core.view); FORKITO
  37. 37. MULTIPLE ITEMS AUTHORIZATION EXAMPLEThe same function is used in categories helper, modules helper,com_content articles model – anywhere where list of items needsto be filtered FORKITO
  38. 38. USER INTERFACEInsert acl widget HTML: MHtmlPermissions::aclWidgetGet ready-made acl widget in shape of Joomla form field:MFormFieldAclwidgetVery simple to include ACL widget in your component layout FORKITO
  39. 39. Future// Short term // FORKITO
  40. 40. Testing, testing. Bugfixing.Testing. Bugfixing. Bugfixing. Testing. Testing. Bugfixing.Testing, testing. Bugfixing.Testing. Bugfixing. Bugfixing. Testing. Testing. Bugfixing.Testing, testing. Bugfixing.Testing. Bugfixing. Bugfixing. Testing. Testing. Bugfixing.Testing, testing. Bugfixing.Testing. Bugfixing. Bugfixing. Testing. Testing. Bugfixing.Testing, testing. Bugfixing.Testing. Bugfixing. Bugfixing. Testing. Testing. Bugfixing.Testing, testing. Bugfixing.Testing. Bugfixing. Bugfixing. Testing. Testing. Bugfixing. FORKITO
  41. 41. USER INTERFACE IMPROVEMENTInheritance breadcrumbs - show what this level is inheriting from FORKITO
  42. 42. Future// Long term // FORKITO
  43. 43. MORE ROUNDS OF SIMPLIFICATIONSimple mode - flatten inheritance , keep only default and category(or item) permissions FORKITO

×