Your SlideShare is downloading. ×
0
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Joomla 2.5 & 3.0 ACL - JoomlaDay Denmark 2012

3,635

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
3,635
On Slideshare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
82
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Joomla! ACL tekst Sander Potjer @sanderpotjer www.aclmanager.netJoomla!Day Denmark - 26 October 2012
  • 2. Sander Potjer• Involved in the local Dutch Joomla community• Joomla Community Leadership Team (CLT) member• Company: Sander Potjer Webdevelopment• ACL Manager developer• E-mail: sander.potjer@community.joomla.org
  • 3. Sander Potjer• Involved in the local Dutch Joomla community• Joomla Community Leadership Team (CLT) member• Company: Sander Potjer Webdevelopment• ACL Manager developer• E-mail: sander.potjer@community.joomla.org• Slides: http://www.slideshare.net/sanderpotjer
  • 4. Joomla! ACL
  • 5. It took a while... DrupalCon, October 2005 Johan Janssens• http://www.slideshare.net/JohanJanssens/drupalcon-2005-joomla-drupal-and-you-presentation
  • 6. ACL?!?!• ACL = Access Control List
  • 7. ACL?!?!• ACL = Access Control List• Access to parts of the website – e.g. menu / module visibility – “view” action
  • 8. ACL?!?!• ACL = Access Control List• Access to parts of the website – e.g. menu / module visibility – “view” action• User actions on objects – example: create / edit / edit state / delete article
  • 9. Example• Allow backend access to just one specific component
  • 10. ACL - Groups 2.5/3.07 Groups, fixed structure– Public– Registered– Author– Editor– Publisher– Manager– Administrator– Super-Administrator
  • 11. ACL - Groups 2.5/3.07 Groups, fixed structure Unlimited Groups, flexible– Public structure– Registered – user– Author – group– Editor – names– Publisher – up– Manager – to– Administrator – you– Super-Administrator
  • 12. ACL - User in Group 2.5/3.0User can be assigned toone group
  • 13. ACL - User in Group 2.5/3.0User can be assigned to User can be assigned toone group multiple groups
  • 14. ACL - Access Levels 2.5/3.03 fixed Access Levels– Public– Registered– Special
  • 15. ACL - Access Levels 2.5/3.03 fixed Access Levels Unlimited Access Levels– Public – default access levels– Registered – user defined– Special
  • 16. ACL - Access Levels & Groups relation 2.5/3.0Fixed relation betweenGroups and Access Levels
  • 17. ACL - Access Levels & Groups relation 2.5/3.0Fixed relation between Any combination of UserGroups and Access Levels Groups can be assigned to any Access Level
  • 18. ACL - Actions 2.5/3.0Fixed Actions per groupCreate / edit / delete / adminaccess / etc.Permission scope forentire siteSame permission for all objects
  • 19. ACL in Joomla! 1.5 & 1.6 (Actions)• http://brian.teeman.net/joomla-gps/joomla-15-acl-explained.html
  • 20. ACL - Actions 2.5/3.0Fixed Actions per group Custom Actions per groupCreate / edit / delete / admin Create / edit / delete / adminaccess / etc. access / etc.Permission scope for Permission scope atentire site multiple levelsSame permission for all objects Site/Component/Category/Item
  • 21. Joomla! 2.5 ACL Overview(but the same for Joomla 3.0)
  • 22. • http://community.joomla.org/blogs/community/1252-16-acl.html
  • 23. • http://community.joomla.org/blogs/community/1252-16-acl.html
  • 24. User • Guest is also a user • Users can be assigned to one or multiple groups
  • 25. • http://community.joomla.org/blogs/community/1252-16-acl.html
  • 26. Core Permissions • Assigned to group (not to a user!) • 10 Actions – Site Login – Admin Login – Offline Access (since 1.7) – Super Admin / Configure – Access Component – Create – Delete – Edit – Edit State – Edit Own
  • 27. • http://community.joomla.org/blogs/community/1252-16-acl.html
  • 28. Group • Users with same permissions • Inherited permissions from parent groups • Unlimited nested groups • Keep it simple! Only use nested groups if needed • New: Guest group in Joomla 3.0
  • 29. • http://community.joomla.org/blogs/community/1252-16-acl.html
  • 30. Access Level • What is visible for the group (article, menu, module, etc.) • Permissions are inherited between Access Levels • Even Super Users can not view content on frontend if not assigned
  • 31. • http://community.joomla.org/blogs/community/1252-16-acl.html
  • 32. Permissions
  • 33. Permissions• 4 possible permission settings – Not Set – Inherited – Allowed – Denied
  • 34. Permissions - Not Set• ‘soft’ deny• can be overridden by ‘Allowed’ or ‘Denied’
  • 35. Permissions - Inherited• Value from a parent Permission level• Value from a parent User Group• Can be overridden by ‘Allowed’ or ‘Denied’
  • 36. Permissions - Allowed• Action for current permission level and lower levels• Action for current user group and child groups• Can be overridden by ‘Denied’
  • 37. Permissions - Denied• Action for current Permission level and lower levels• Action for current User Group and child Groups• Can not be overridden at all• Always win!
  • 38. Permission Hierarchy (levels)• Level 1: Global configuration – default permissions settings for actions for a group
  • 39. Permission Hierarchy (levels)• Level 1: Global configuration – default permissions settings for actions for a group• Level 2: Component Options – can override the permissions of Level 1
  • 40. Permission Hierarchy (levels)• Level 1: Global configuration – default permissions settings for actions for a group• Level 2: Component Options – can override the permissions of Level 1• Level 3: Category – can override the permissions of Level 1 & Level 2 – available for components with categories (Articles, Banners, etc...)
  • 41. Permission Hierarchy (levels)• Level 1: Global configuration – default permissions settings for actions for a group• Level 2: Component Options – can override the permissions of Level 1• Level 3: Category – can override the permissions of Level 1 & Level 2 – available for components with categories (Articles, Banners, etc...)• Level 4: Item – can override the permissions of Level 1 & Level 2 & Level 3 – only available for article manager in Joomla core
  • 42. Permission Hierarchy (levels)• Level 1: Global configuration – default permissions settings for actions for a group• Level 2: Component Options – can override the permissions of Level 1• Level 3: Category – can override the permissions of Level 1 & Level 2 – available for components with categories (Articles, Banners, etc...)• Level 4: Item – can override the permissions of Level 1 & Level 2 & Level 3 – only available for article manager in Joomla core
  • 43. Permission Hierarchy (levels)• Level 1: Global configuration – default permissions settings for actions for a group• Level 2: Component Options – can override the permissions of Level 1• Level 3: Category – can override the permissions of Level 1 & Level 2 – available for components with categories (Articles, Banners, etc...)• Level 4: Item – can override the permissions of Level 1 & Level 2 & Level 3 – only available for article manager in Joomla core• Override permissions of higher levels only works if permission setting is not ‘Denied’!
  • 44. Inheriting example for ‘Create’ Action Level 1 Level 2 Level 3 Level 4• http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new-permissions-in-joomla-16.html
  • 45. Inheriting example for ‘Create’ Action Level 1 Level 2 Level 3 Level 4• http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new-permissions-in-joomla-16.html
  • 46. Inheriting example for ‘Create’ Action Level 1 Level 2 Level 3 Level 4• http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new-permissions-in-joomla-16.html
  • 47. Inheriting example for ‘Create’ Action Level 1 Level 2 Level 3 Level 4• http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new-permissions-in-joomla-16.html
  • 48. Available Permissions and Levels for a Group of Users
  • 49. Action: Edit State
  • 50. ACL Manager for Joomla! 1.6
  • 51. ACL Manager for Joomla! 1.6
  • 52. ACL Manager for Joomla! 1.6 www.aclmanager.net
  • 53. Debug Permissions
  • 54. Debug Permissions• Turn on the ‘Debug System’ in the Global Configuration• Go to ‘User Manager’ or ‘Groups’• Click on ‘Debug Permission Report’ next to the User or User Group
  • 55. Debug Permissions• Need to turn ‘Debug System’ on...
  • 56. So, what about the database?
  • 57. Database: #__assets
  • 58. Plan your ACL implementation
  • 59. Viewing or Action problem• Define the problem, is it a viewing problem or action problem (create/delete/edit/etc..)? Or both?• Viewing: define the Viewing Access Levels• Action: define the permissions for all actions
  • 60. Think ahead! Maintenance?• Structure your content properly to handle the permissions• Make usage of parent categories with nested categories with same permissions• No need to set permissions per article
  • 61. Some Notes
  • 62. User in multiple User Groups• The Netherlands – Allowed on edit ‘The Netherlands’ category – Denied on edit ‘Germany’ category
  • 63. User in multiple User Groups• The Netherlands – Allowed on edit ‘The Netherlands’ category – Denied on edit ‘Denmark’ category• Denmark – Allowed on edit ‘Denmark’ category – Denied on edit ‘The Netherlands’ category
  • 64. User in multiple User Groups• The Netherlands – Allowed on edit ‘The Netherlands’ category – Denied on edit ‘Denmark’ category• Denmark – Allowed on edit ‘Denmark’ category – Denied on edit ‘The Netherlands’ category• User in The Netherlands & Denmark group – Denied on edit ‘The Netherlands’ category – Denied on edit ‘Denmark’ category – Denied always win (again) – Solution: don’t use denied but not set/inherited (=soft deny)
  • 65. What if I locked myself out?
  • 66. What if I locked myself out?• No need to access your database• Open your configuration.php and add: – public $root_user = username;• You can login again and perform all actions• Great for playing around with the new ACL• Don’t forget to remove the $root_user line!
  • 67. Practical ACL Tips
  • 68. ACL Tips• Write down your ACL requirements for a website before implementing• Joomla 1.5 User Groups are for backward compatibility in Joomla 2.5, you may remove them!• Use multi-nested Groups only if needed / know what you are doing (so inheriting value only between levels, not groups as well)
  • 69. ACL Tips• Assign User Group with backend access to a Viewing Access Level (often ‘Special’)• Keep flexible for lower permission levels/groups: Avoid the ‘Denied’ permission setting as long as possible• Use role-based groups
  • 70. Quick ACL example (do we have time?)
  • 71. Resources• http://community.joomla.org/blogs/community/1252-16-acl.html• http://docs.joomla.org/ACL_Tutorial_for_Joomla_1.6• http://docs.joomla.org/Access_Control_System_In_Joomla_1.6• http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new- permissions-in-joomla-16.html• http://www.theartofjoomla.com/home/38-talks/101-the-joomla-16-video- access-controls.html• http://www.aclmanager.net• http://www.aclmanager.net/news/general/28-is-your-extension-really- joomla-17-ready• http://www.aclmanager.net/news/general/31-how-to-add-basic-acl-support-to- your-extension• http://magazine.joomla.org/issues/issue-sept-2012/item/856-Implementing- Role-Based-ACL

×