• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Joomla Access Control List (ACL) at JoomlaDay London, UK #jduk11
 

Joomla Access Control List (ACL) at JoomlaDay London, UK #jduk11

on

  • 2,762 views

 

Statistics

Views

Total Views
2,762
Views on SlideShare
2,662
Embed Views
100

Actions

Likes
3
Downloads
53
Comments
0

4 Embeds 100

http://www.aclmanager.net 75
http://paper.li 22
http://twitter.com 2
http://translate.googleusercontent.com 1

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Joomla Access Control List (ACL) at JoomlaDay London, UK #jduk11 Joomla Access Control List (ACL) at JoomlaDay London, UK #jduk11 Presentation Transcript

    • User Access Levelsfor Joomla! 1.5 – 1.7 Sander Potjer @sanderpotjer www.sanderpotjer.nl
    • Who is Sander Potjer?• Co-founder of JoomlaCommunity.eu• Organizer Joomla!Days Netherlands• Organizer Joomla! User Groups in The Netherlands• Joomla Community Leadership Team (CLT) member• Company: Sander Potjer Webdevelopment• E-mail: sander.potjer@community.joomla.org
    • Joomla! ACL
    • It took a while... DrupalCon, October 2005 Johan Janssens• http://www.slideshare.net/JohanJanssens/drupalcon-2005-joomla-drupal-and-you-presentation
    • ACL?!?!• ACL = Access Control List
    • ACL?!?!• ACL = Access Control List• Access to parts of the website – e.g. menu / module visibility – “view” action
    • ACL?!?!• ACL = Access Control List• Access to parts of the website – e.g. menu / module visibility – “view” action• User actions on objects – example: create / edit / edit state / delete article
    • ACL - Groups• 7 fixed Groups – Public, Registered, Author, Editor, Publisher, Manager, Administrator and Super- Administrator• Hierarchical structure
    • ACL - Groups• 7 fixed Groups • Unlimited Groups – Public, Registered, Author, – user defined Editor, Publisher, Manager, Administrator and Super- • No Hierarchical Structure Administrator required• Hierarchical structure
    • ACL - User in Group• User can be assigned to one group
    • ACL - User in Group• User can be assigned to • User can be assigned to one group multiple groups
    • ACL - Access Levels• 3 fixed Access Levels – Public – Registered – Special
    • ACL - Access Levels• 3 fixed Access Levels • Unlimited Access Levels – Public – user defined – Registered – Special
    • ACL - Access Levels & Groups relation• Fixed relation between Groups and Access Levels
    • ACL - Access Levels & Groups relation• Fixed relation between • Any combination of User Groups and Access Groups can be assigned Levels to any Access Level
    • ACL - Actions• Fixed Actions per group – Create / edit / delete / admin access / etc.• Permission scope for entire site – Same permission for all objects• Permission inheritance not applicable
    • ACL in Joomla! 1.5 & 1.6 (Actions)• http://brian.teeman.net/joomla-gps/joomla-15-acl-explained.html
    • ACL - Actions• Fixed Actions per group • Defined Actions per group – Create / edit / delete / – Create / edit / delete / admin access / etc. admin access / etc.• Permission scope for • Permission scope at entire site multiple levels – Same permission for all objects – Site/Component/Category/Item• Permission inheritance • Permission can be not applicable inherited – Parent Groups / Categories
    • Joomla! 1.6/1.7/2.5 ACL Overview
    • • http://community.joomla.org/blogs/community/1252-16-acl.html
    • • http://community.joomla.org/blogs/community/1252-16-acl.html
    • User • Guest is also a user • Users can be assigned to one or multiple groups
    • • http://community.joomla.org/blogs/community/1252-16-acl.html
    • Permissions• Assigned to group (not to a user!) • 10 Actions – Site Login – Admin Login – Offline Access (since 1.7) – Super Admin / Configure – Access Component – Create – Delete – Edit – Edit State – Edit Own
    • • http://community.joomla.org/blogs/community/1252-16-acl.html
    • Group • Users with same permissions • Inherited permissions from parent groups • Unlimited nested groups • Keep it simple! Only use nested groups if needed
    • • http://community.joomla.org/blogs/community/1252-16-acl.html
    • Access Level • What is visible for the group (article, menu, module, etc.) • Permissions are not inherited between Access Levels • Even Super Users can not view content on frontend if not assigned
    • • http://community.joomla.org/blogs/community/1252-16-acl.html
    • Permissions
    • Permissions• 4 possible permission settings – Not Set – Inherited – Allowed – Denied
    • Permissions - Not Set• ‘soft’ deny• can be overridden by ‘Allowed’ or ‘Denied’
    • Permissions - Inherited• Value from a parent Permission level• Value from a parent User Group• Can be overridden by ‘Allowed’ or ‘Denied’
    • Permissions - Allowed• Action for current permission level and lower levels• Action for current user group and child groups• Can be overridden by ‘Denied’
    • Permissions - Denied• Action for current Permission level and lower levels• Action for current User Group and child Groups• Can not be overridden at all• Always win!
    • Permission Hierarchy (levels)• Level 1: Global configuration – default permissions settings for actions for a group
    • Permission Hierarchy (levels)• Level 1: Global configuration – default permissions settings for actions for a group• Level 2: Component Options – can override the permissions of Level 1
    • Permission Hierarchy (levels)• Level 1: Global configuration – default permissions settings for actions for a group• Level 2: Component Options – can override the permissions of Level 1• Level 3: Category – can override the permissions of Level 1 & Level 2 – available for components with categories (Articles, Banners, etc...)
    • Permission Hierarchy (levels)• Level 1: Global configuration – default permissions settings for actions for a group• Level 2: Component Options – can override the permissions of Level 1• Level 3: Category – can override the permissions of Level 1 & Level 2 – available for components with categories (Articles, Banners, etc...)• Level 4: Item – can override the permissions of Level 1 & Level 2 & Level 3 – only available for articles in Joomla 1.6 core
    • Permission Hierarchy (levels)• Level 1: Global configuration – default permissions settings for actions for a group• Level 2: Component Options – can override the permissions of Level 1• Level 3: Category – can override the permissions of Level 1 & Level 2 – available for components with categories (Articles, Banners, etc...)• Level 4: Item – can override the permissions of Level 1 & Level 2 & Level 3 – only available for articles in Joomla 1.6 core
    • Permission Hierarchy (levels)• Level 1: Global configuration – default permissions settings for actions for a group• Level 2: Component Options – can override the permissions of Level 1• Level 3: Category – can override the permissions of Level 1 & Level 2 – available for components with categories (Articles, Banners, etc...)• Level 4: Item – can override the permissions of Level 1 & Level 2 & Level 3 – only available for articles in Joomla 1.6 core• Override permissions of higher levels only works if permission setting is not ‘Denied’!
    • Inheriting example for ‘Create’ Action Level 1 Level 2 Level 3 Level 4• http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new-permissions-in-joomla-16.html
    • Inheriting example for ‘Create’ Action Level 1 Level 2 Level 3 Level 4• http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new-permissions-in-joomla-16.html
    • Inheriting example for ‘Create’ Action Level 1 Level 2 Level 3 Level 4• http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new-permissions-in-joomla-16.html
    • Inheriting example for ‘Create’ Action Level 1 Level 2 Level 3 Level 4• http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new-permissions-in-joomla-16.html
    • Available Permissions and Levels for a Group of Users
    • Action: Edit State
    • ACL Manager for Joomla! 1.6
    • ACL Manager for Joomla! 1.6
    • ACL Manager for Joomla!
    • ACL Manager for Joomla! 1.6 www.aclmanager.net
    • Debug Permissions
    • Debug Permissions• Turn on the ‘Debug System’ in the Global Configuration• Go to ‘User Manager’ or ‘Groups’• Click on ‘Debug Permission Report’ next to the User or User Group
    • Debug Permissions• Need to turn ‘Debug System’ on...
    • So, what about the database?
    • Database: #__assets
    • Plan your ACL implementation
    • Describe the problem• Most of the website is public available, specific content only for a group of users (e.g. teachers & students)• A teacher can see content specifically for teachers, all student content and all public content• Students can see content specifically for students and all public content
    • Viewing or Action problem• Define the problem, is it a viewing problem or action problem (create/delete/edit/etc..)? Or both?• Viewing: define the Viewing Access Levels• Action: define the permissions for all actions
    • Think ahead! Maintenance?• Structure your content properly to handle the permissions• Make usage of parent categories with nested categories with same permissions• No need to set permissions per article
    • Some Notes
    • User in multiple User Groups• The Netherlands – Allowed on edit ‘The Netherlands’ category – Denied on edit ‘Belgium’ category• Belgium – Allowed on edit ‘Belgium’ category – Denied on edit ‘The Netherlands’ category• User in The Netherlands & Belgium group – Denied on edit ‘The Netherlands’ category – Denied on edit ‘Belgium’ category – Denied always win (again) – Solution: don’t use denied but not set/inherited (=soft deny)
    • What if I locked myself out?
    • What if I locked myself out?• No need to access your database• Open your configuration.php and add: – public $root_user = username;• You can login again and perform all actions• Great for playing around with the new ACL• Don’t forget to remove the $root_user line!
    • Practical ACL Tips
    • ACL Tips• Write down your ACL requirements for a website before implementing• Joomla 1.5 User Groups are for backward compatibility in Joomla 1.6, you may remove them!• Use multi-nested Groups only if needed / know what you are doing (so inheriting value only between levels, not groups as well)
    • ACL Tips• Assign User Group with backend access to a Viewing Access Level• Keep flexible for lower permission levels/groups: Avoid the ‘Denied’ permission setting as long as possible• Idea: Make a Group for each Action so you can assign actions directly to a user
    • Joomla! ACL, what’s next?
    • Suggestions• View as action• END user friendly interface• Easy overview of your entire website• Changes directly visible (no page reload)• ...
    • Resources• http://community.joomla.org/blogs/community/1252-16-acl.html• http://docs.joomla.org/ACL_Tutorial_for_Joomla_1.6• http://docs.joomla.org/Access_Control_System_In_Joomla_1.6• http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new- permissions-in-joomla-16.html• http://www.theartofjoomla.com/home/38-talks/101-the-joomla-16-video- access-controls.html• http://www.aclmanager.net• http://www.aclmanager.net/news/general/28-is-your-extension-really- joomla-17-ready• http://www.aclmanager.net/news/general/31-how-to-add-basic-acl-support-to- your-extension