Joomla! ACL        tekst      Sander Potjer      @sanderpotjer    www.aclmanager.netJoomla!Day Denmark - 26 October 2012
Sander Potjer• Involved in the local Dutch Joomla  community• Joomla Community Leadership Team  (CLT) member• Company: San...
Sander Potjer• Involved in the local Dutch Joomla  community• Joomla Community Leadership Team  (CLT) member• Company: San...
Joomla! ACL
It took a while...                                          DrupalCon, October 2005                                       ...
ACL?!?!• ACL = Access Control List
ACL?!?!• ACL = Access Control List• Access to parts of the website – e.g. menu / module visibility – “view” action
ACL?!?!• ACL = Access Control List• Access to parts of the website – e.g. menu / module visibility – “view” action• User a...
Example• Allow backend access to just one specific component
ACL - Groups                            2.5/3.07 Groups, fixed structure–   Public–   Registered–   Author–   Editor–   Pu...
ACL - Groups                                                   2.5/3.07 Groups, fixed structure   Unlimited Groups, flexib...
ACL - User in Group                          2.5/3.0User can be assigned toone group
ACL - User in Group                                               2.5/3.0User can be assigned to   User can be assigned to...
ACL - Access Levels                        2.5/3.03 fixed Access Levels– Public– Registered– Special
ACL - Access Levels                                                  2.5/3.03 fixed Access Levels   Unlimited Access Level...
ACL - Access Levels & Groups relation                                   2.5/3.0Fixed relation betweenGroups and Access Lev...
ACL - Access Levels & Groups relation                                               2.5/3.0Fixed relation between     Any ...
ACL - Actions                                  2.5/3.0Fixed Actions per groupCreate / edit / delete / adminaccess / etc.Pe...
ACL in Joomla! 1.5 & 1.6 (Actions)•   http://brian.teeman.net/joomla-gps/joomla-15-acl-explained.html
ACL - Actions                                                                   2.5/3.0Fixed Actions per group           C...
Joomla! 2.5  ACL Overview(but the same for Joomla 3.0)
•   http://community.joomla.org/blogs/community/1252-16-acl.html
•   http://community.joomla.org/blogs/community/1252-16-acl.html
User       • Guest is also a         user       • Users can be         assigned to one or         multiple groups
•   http://community.joomla.org/blogs/community/1252-16-acl.html
Core Permissions                   • Assigned to group                     (not to a user!)                   • 10 Actions...
•   http://community.joomla.org/blogs/community/1252-16-acl.html
Group        • Users with same permissions        • Inherited permissions from          parent groups        • Unlimited n...
•   http://community.joomla.org/blogs/community/1252-16-acl.html
Access Level               • What is visible for the                 group (article, menu,                 module, etc.)  ...
•   http://community.joomla.org/blogs/community/1252-16-acl.html
Permissions
Permissions• 4 possible permission settings – Not Set – Inherited – Allowed – Denied
Permissions - Not Set• ‘soft’ deny• can be overridden by ‘Allowed’ or ‘Denied’
Permissions - Inherited• Value from a parent Permission level• Value from a parent User Group• Can be overridden by ‘Allow...
Permissions - Allowed• Action for current permission level and lower levels• Action for current user group and child group...
Permissions - Denied•   Action for current Permission level and lower levels•   Action for current User Group and child Gr...
Permission Hierarchy (levels)• Level 1: Global configuration – default permissions settings for actions for a group
Permission Hierarchy (levels)• Level 1: Global configuration – default permissions settings for actions for a group• Level...
Permission Hierarchy (levels)• Level 1: Global configuration – default permissions settings for actions for a group• Level...
Permission Hierarchy (levels)• Level 1: Global configuration – default permissions settings for actions for a group• Level...
Permission Hierarchy (levels)• Level 1: Global configuration – default permissions settings for actions for a group• Level...
Permission Hierarchy (levels)• Level 1: Global configuration – default permissions settings for actions for a group• Level...
Inheriting example for ‘Create’ Action    Level 1    Level 2    Level 3    Level 4•   http://www.theartofjoomla.com/home/5...
Inheriting example for ‘Create’ Action    Level 1    Level 2    Level 3    Level 4•   http://www.theartofjoomla.com/home/5...
Inheriting example for ‘Create’ Action    Level 1    Level 2    Level 3    Level 4•   http://www.theartofjoomla.com/home/5...
Inheriting example for ‘Create’ Action    Level 1    Level 2    Level 3    Level 4•   http://www.theartofjoomla.com/home/5...
Available Permissions and Levels        for a Group of Users
Action: Edit State
ACL Manager for Joomla! 1.6
ACL Manager for Joomla! 1.6
ACL Manager for Joomla! 1.6        www.aclmanager.net
Debug Permissions
Debug Permissions• Turn on the ‘Debug System’ in the  Global Configuration• Go to ‘User Manager’ or ‘Groups’• Click on ‘De...
Debug Permissions• Need to turn ‘Debug System’ on...
So, what about the database?
Database: #__assets
Plan your ACL implementation
Viewing or Action problem• Define the problem, is it a viewing problem or action  problem (create/delete/edit/etc..)? Or b...
Think ahead! Maintenance?• Structure your content properly to handle the  permissions• Make usage of parent categories wit...
Some Notes
User in multiple User Groups• The Netherlands – Allowed on edit ‘The Netherlands’ category – Denied on edit ‘Germany’ cate...
User in multiple User Groups• The Netherlands – Allowed on edit ‘The Netherlands’ category – Denied on edit ‘Denmark’ cate...
User in multiple User Groups• The Netherlands – Allowed on edit ‘The Netherlands’ category – Denied on edit ‘Denmark’ cate...
What if I locked myself out?
What if I locked myself out?• No need to access your database• Open your configuration.php and add: – public $root_user = ...
Practical ACL Tips
ACL Tips• Write down your ACL requirements for a website  before implementing• Joomla 1.5 User Groups are for backward  co...
ACL Tips• Assign User Group with backend access to a Viewing  Access Level (often ‘Special’)• Keep flexible for lower perm...
Quick ACL example  (do we have time?)
Resources•   http://community.joomla.org/blogs/community/1252-16-acl.html•   http://docs.joomla.org/ACL_Tutorial_for_Jooml...
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Upcoming SlideShare
Loading in...5
×

Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012

3,759

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
3,759
On Slideshare
0
From Embeds
0
Number of Embeds
8
Actions
Shares
0
Downloads
82
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012

  1. 1. Joomla! ACL tekst Sander Potjer @sanderpotjer www.aclmanager.netJoomla!Day Denmark - 26 October 2012
  2. 2. Sander Potjer• Involved in the local Dutch Joomla community• Joomla Community Leadership Team (CLT) member• Company: Sander Potjer Webdevelopment• ACL Manager developer• E-mail: sander.potjer@community.joomla.org
  3. 3. Sander Potjer• Involved in the local Dutch Joomla community• Joomla Community Leadership Team (CLT) member• Company: Sander Potjer Webdevelopment• ACL Manager developer• E-mail: sander.potjer@community.joomla.org• Slides: http://www.slideshare.net/sanderpotjer
  4. 4. Joomla! ACL
  5. 5. It took a while... DrupalCon, October 2005 Johan Janssens• http://www.slideshare.net/JohanJanssens/drupalcon-2005-joomla-drupal-and-you-presentation
  6. 6. ACL?!?!• ACL = Access Control List
  7. 7. ACL?!?!• ACL = Access Control List• Access to parts of the website – e.g. menu / module visibility – “view” action
  8. 8. ACL?!?!• ACL = Access Control List• Access to parts of the website – e.g. menu / module visibility – “view” action• User actions on objects – example: create / edit / edit state / delete article
  9. 9. Example• Allow backend access to just one specific component
  10. 10. ACL - Groups 2.5/3.07 Groups, fixed structure– Public– Registered– Author– Editor– Publisher– Manager– Administrator– Super-Administrator
  11. 11. ACL - Groups 2.5/3.07 Groups, fixed structure Unlimited Groups, flexible– Public structure– Registered – user– Author – group– Editor – names– Publisher – up– Manager – to– Administrator – you– Super-Administrator
  12. 12. ACL - User in Group 2.5/3.0User can be assigned toone group
  13. 13. ACL - User in Group 2.5/3.0User can be assigned to User can be assigned toone group multiple groups
  14. 14. ACL - Access Levels 2.5/3.03 fixed Access Levels– Public– Registered– Special
  15. 15. ACL - Access Levels 2.5/3.03 fixed Access Levels Unlimited Access Levels– Public – default access levels– Registered – user defined– Special
  16. 16. ACL - Access Levels & Groups relation 2.5/3.0Fixed relation betweenGroups and Access Levels
  17. 17. ACL - Access Levels & Groups relation 2.5/3.0Fixed relation between Any combination of UserGroups and Access Levels Groups can be assigned to any Access Level
  18. 18. ACL - Actions 2.5/3.0Fixed Actions per groupCreate / edit / delete / adminaccess / etc.Permission scope forentire siteSame permission for all objects
  19. 19. ACL in Joomla! 1.5 & 1.6 (Actions)• http://brian.teeman.net/joomla-gps/joomla-15-acl-explained.html
  20. 20. ACL - Actions 2.5/3.0Fixed Actions per group Custom Actions per groupCreate / edit / delete / admin Create / edit / delete / adminaccess / etc. access / etc.Permission scope for Permission scope atentire site multiple levelsSame permission for all objects Site/Component/Category/Item
  21. 21. Joomla! 2.5 ACL Overview(but the same for Joomla 3.0)
  22. 22. • http://community.joomla.org/blogs/community/1252-16-acl.html
  23. 23. • http://community.joomla.org/blogs/community/1252-16-acl.html
  24. 24. User • Guest is also a user • Users can be assigned to one or multiple groups
  25. 25. • http://community.joomla.org/blogs/community/1252-16-acl.html
  26. 26. Core Permissions • Assigned to group (not to a user!) • 10 Actions – Site Login – Admin Login – Offline Access (since 1.7) – Super Admin / Configure – Access Component – Create – Delete – Edit – Edit State – Edit Own
  27. 27. • http://community.joomla.org/blogs/community/1252-16-acl.html
  28. 28. Group • Users with same permissions • Inherited permissions from parent groups • Unlimited nested groups • Keep it simple! Only use nested groups if needed • New: Guest group in Joomla 3.0
  29. 29. • http://community.joomla.org/blogs/community/1252-16-acl.html
  30. 30. Access Level • What is visible for the group (article, menu, module, etc.) • Permissions are inherited between Access Levels • Even Super Users can not view content on frontend if not assigned
  31. 31. • http://community.joomla.org/blogs/community/1252-16-acl.html
  32. 32. Permissions
  33. 33. Permissions• 4 possible permission settings – Not Set – Inherited – Allowed – Denied
  34. 34. Permissions - Not Set• ‘soft’ deny• can be overridden by ‘Allowed’ or ‘Denied’
  35. 35. Permissions - Inherited• Value from a parent Permission level• Value from a parent User Group• Can be overridden by ‘Allowed’ or ‘Denied’
  36. 36. Permissions - Allowed• Action for current permission level and lower levels• Action for current user group and child groups• Can be overridden by ‘Denied’
  37. 37. Permissions - Denied• Action for current Permission level and lower levels• Action for current User Group and child Groups• Can not be overridden at all• Always win!
  38. 38. Permission Hierarchy (levels)• Level 1: Global configuration – default permissions settings for actions for a group
  39. 39. Permission Hierarchy (levels)• Level 1: Global configuration – default permissions settings for actions for a group• Level 2: Component Options – can override the permissions of Level 1
  40. 40. Permission Hierarchy (levels)• Level 1: Global configuration – default permissions settings for actions for a group• Level 2: Component Options – can override the permissions of Level 1• Level 3: Category – can override the permissions of Level 1 & Level 2 – available for components with categories (Articles, Banners, etc...)
  41. 41. Permission Hierarchy (levels)• Level 1: Global configuration – default permissions settings for actions for a group• Level 2: Component Options – can override the permissions of Level 1• Level 3: Category – can override the permissions of Level 1 & Level 2 – available for components with categories (Articles, Banners, etc...)• Level 4: Item – can override the permissions of Level 1 & Level 2 & Level 3 – only available for article manager in Joomla core
  42. 42. Permission Hierarchy (levels)• Level 1: Global configuration – default permissions settings for actions for a group• Level 2: Component Options – can override the permissions of Level 1• Level 3: Category – can override the permissions of Level 1 & Level 2 – available for components with categories (Articles, Banners, etc...)• Level 4: Item – can override the permissions of Level 1 & Level 2 & Level 3 – only available for article manager in Joomla core
  43. 43. Permission Hierarchy (levels)• Level 1: Global configuration – default permissions settings for actions for a group• Level 2: Component Options – can override the permissions of Level 1• Level 3: Category – can override the permissions of Level 1 & Level 2 – available for components with categories (Articles, Banners, etc...)• Level 4: Item – can override the permissions of Level 1 & Level 2 & Level 3 – only available for article manager in Joomla core• Override permissions of higher levels only works if permission setting is not ‘Denied’!
  44. 44. Inheriting example for ‘Create’ Action Level 1 Level 2 Level 3 Level 4• http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new-permissions-in-joomla-16.html
  45. 45. Inheriting example for ‘Create’ Action Level 1 Level 2 Level 3 Level 4• http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new-permissions-in-joomla-16.html
  46. 46. Inheriting example for ‘Create’ Action Level 1 Level 2 Level 3 Level 4• http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new-permissions-in-joomla-16.html
  47. 47. Inheriting example for ‘Create’ Action Level 1 Level 2 Level 3 Level 4• http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new-permissions-in-joomla-16.html
  48. 48. Available Permissions and Levels for a Group of Users
  49. 49. Action: Edit State
  50. 50. ACL Manager for Joomla! 1.6
  51. 51. ACL Manager for Joomla! 1.6
  52. 52. ACL Manager for Joomla! 1.6 www.aclmanager.net
  53. 53. Debug Permissions
  54. 54. Debug Permissions• Turn on the ‘Debug System’ in the Global Configuration• Go to ‘User Manager’ or ‘Groups’• Click on ‘Debug Permission Report’ next to the User or User Group
  55. 55. Debug Permissions• Need to turn ‘Debug System’ on...
  56. 56. So, what about the database?
  57. 57. Database: #__assets
  58. 58. Plan your ACL implementation
  59. 59. Viewing or Action problem• Define the problem, is it a viewing problem or action problem (create/delete/edit/etc..)? Or both?• Viewing: define the Viewing Access Levels• Action: define the permissions for all actions
  60. 60. Think ahead! Maintenance?• Structure your content properly to handle the permissions• Make usage of parent categories with nested categories with same permissions• No need to set permissions per article
  61. 61. Some Notes
  62. 62. User in multiple User Groups• The Netherlands – Allowed on edit ‘The Netherlands’ category – Denied on edit ‘Germany’ category
  63. 63. User in multiple User Groups• The Netherlands – Allowed on edit ‘The Netherlands’ category – Denied on edit ‘Denmark’ category• Denmark – Allowed on edit ‘Denmark’ category – Denied on edit ‘The Netherlands’ category
  64. 64. User in multiple User Groups• The Netherlands – Allowed on edit ‘The Netherlands’ category – Denied on edit ‘Denmark’ category• Denmark – Allowed on edit ‘Denmark’ category – Denied on edit ‘The Netherlands’ category• User in The Netherlands & Denmark group – Denied on edit ‘The Netherlands’ category – Denied on edit ‘Denmark’ category – Denied always win (again) – Solution: don’t use denied but not set/inherited (=soft deny)
  65. 65. What if I locked myself out?
  66. 66. What if I locked myself out?• No need to access your database• Open your configuration.php and add: – public $root_user = username;• You can login again and perform all actions• Great for playing around with the new ACL• Don’t forget to remove the $root_user line!
  67. 67. Practical ACL Tips
  68. 68. ACL Tips• Write down your ACL requirements for a website before implementing• Joomla 1.5 User Groups are for backward compatibility in Joomla 2.5, you may remove them!• Use multi-nested Groups only if needed / know what you are doing (so inheriting value only between levels, not groups as well)
  69. 69. ACL Tips• Assign User Group with backend access to a Viewing Access Level (often ‘Special’)• Keep flexible for lower permission levels/groups: Avoid the ‘Denied’ permission setting as long as possible• Use role-based groups
  70. 70. Quick ACL example (do we have time?)
  71. 71. Resources• http://community.joomla.org/blogs/community/1252-16-acl.html• http://docs.joomla.org/ACL_Tutorial_for_Joomla_1.6• http://docs.joomla.org/Access_Control_System_In_Joomla_1.6• http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new- permissions-in-joomla-16.html• http://www.theartofjoomla.com/home/38-talks/101-the-joomla-16-video- access-controls.html• http://www.aclmanager.net• http://www.aclmanager.net/news/general/28-is-your-extension-really- joomla-17-ready• http://www.aclmanager.net/news/general/31-how-to-add-basic-acl-support-to- your-extension• http://magazine.joomla.org/issues/issue-sept-2012/item/856-Implementing- Role-Based-ACL
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×