Joomla! 1.6 Access Control Proposal

Joomla! 1.6

ACCESS CONTROL PROPOSAL

9/7/2009 AmyStephen@tamka.org 1

Joomla! 1.6 Access Control

EXISTING SITUATION


Joomla! 1.5
Access Control
• One role per User
• System-wide Scope

Four types of
permissions:
• System Access
• System Administration
• Content Development
• View Access


Joomla! 1.5 ACL
System Access
Two types:
A
• Registered – Frontend
access only
• Special – Frontend and B
Administrator Access

9/7/2009 AmyStephen@tamka.org
1
4

Joomla! 1.5 ACL
System Administration
Special Access Level –
Ability to Logon to the
Administrator:
• Manager – Backend
Publisher
• Administrator – Users
and Extensions
• Super Administrator -
+ Site Template, Cache,
Check-in and Global
Configuration

2
5

Joomla! 1.5 ACL
Content Development
Three levels of permission:
• Author – Create and Edit what
they created
• Editor – + Edit all
• Publisher – Plus Publish

3
6

Joomla! 1.5 ACL
View Access
Access Levels:
• Public
• Registered – Logged on
• Special – Backend access

Defined for:
•Categories
•Content
•Menu Items and Modules

4
7


GOALS AND OBJECTIVES


Joomla! 1.6 UX Access Control Goals:

Don’t design it poorly.
Don’t make it complicated.
Don’t make something stupid.

No.


Joomla! 1.6 ACL Objectives
System Access
Ability to provide
Administrator Access to
Frontend users.

1
11

System Administration

Ability to set up System
Administration Groups and
assign permissions that fit
organizational roles.

Examples:
• Advertising – Banners
• Designer – Templates and
Modules
• Site Developer Team –All
Extensions, Modules, Menus

2
12

Content Development
Empower organizations School
to segment Content with
Groups and Access
Control Rules that fits
Elementary Administration
their needs.

1st Grade 2nd Grade Principal

3
13

View Access Products • Customers

Augment View Access
Levels to facilitate
sharing information Timesheets
based on roles, interest and
Assignments
• Employees
areas, responsibilities,
or whatever the needs
might be.

Financials • Accountants

4
14


USER MANAGER


Joomla! 1.6 User Manager
Options
Suggest moving Global Configuration –
System – User Settings here.

A Legacy parameters that will continue to be
used. Note: The fourth parameter, New User
Registration Type, is defined on Group List
page. A
B Suggest adding three new parameters:
• Enable Users as Groups
• Enable Content Creator to Update
• Enable New Group Creation for View Level
B
The first new option helps with Group
Creation when establishing the Access Level
for the Frontend.

The second option enables Web masters to
decide if updating is allowed after creation
since updates post-Publishing has been
problematic.

The final option is described in the View
Access Level section, and is used to enable
creation of new Groups when needed for
Access Level in Content development.


C
B
A

User Manager: Users List
A - Remove Groups Column, problematic
since Users can be in multiple groups
B - Groups listbox can filter by Groups,
including Custom Groups
C – Also, the proposed Members list will
display one row per Username / Group

User Manager: Edit User: Groups
User may be a member of
multiple Groups. Groups can be
added and removed on page.
Note: consistent Widget UX
object discussed in Group Edit.

A

B

User Manager Groups –
A – Default User
C Registration Type
B – System Groups
C – Custom Groups


A

Default User
Registration Type
Used to specify the Default value
assigned to new Users

Registered is default Legacy value

Remove from Global Configuration.


B
System Groups
Public
Frontend Visitors
No Membership Editing
Can create rules
Take Action on Assets associated with
Public Access Levels
Exceptions? Concerns?
Registered
Logged on Users
No Membership Editing
Can create rules
Take Action on Assets associated with
Public and Registered Access Levels

Super Administrator
Full Control
Cannot delete
No Rule Editing
Can manage membership

Do not recommend adding Legacy System
Groups: Author, Editor, Publisher,
Manager, Administrator due to System
Wide capabilities and confusion



CUSTOM GROUPS, ACCESS
CONTROL RULES, AND MEMBERS


Joomla! 1.6 ACL Proposed Rules
Group-Action-Asset
Rules define Who? Administrators Manage Plugins
What? and Where?

Group
Specifies who can
perform this action.

Action
Describes what can be
done. Articles
within the
Accountants Publish
Fiscal
Asset Category
Specifies where this
Action is allowed.


Group-Action-Asset Recommended:

Groups define who can do System Groups:
something. Public, Published, Super Administrator

Custom Groups:
Created, as needed, by Site Developer

In order for Groups to be useful, it is important
that the Interface enable Users to create
Groups at the point of selection. More later…


Group-Action-Asset Recommended:

Actions describe what can be Access:
done. Extensions can use existing Login
actions or add actions, as needed.

Content-related:
View, Respond, Create, Publish
Publish includes Update, Delete, and Archive

System Administration:
Install, Manage, Uninstall


Recommended:
Group-Action-Asset All Access
• Site (Frontend) Access
Assets describe where an Action
• Administrator Access
is allowed.
All Content
• Articles, Banners, Contacts, Contact Form,
Content, Menu Item, and Module
Comments, Media, Newsfeed, Ratings, and Web
Assets can further restrict Actions Links
to a Category or Item
• Content Assets can be further specified by
Category or Content Item
Accountants Publish Articles
within the Fiscal Category. All Administration
Site Development
Parents View Menu Item • Global Configuration, Installer, Languages,
Upcoming Events. Menus, Modules, Plugins, Templates
System Management:
• Cache, Check-in, Mass Mail, Messages, Redirect,
Users


1

User Manager Group
- Group Name
-Suggest Removing Parent 2
- Manage ACL Rules Widget
- Manage Group Member Widget
- Proposed Widgets are Edit areas
with List, Sort, Filter, Add, and
Delete functions.


1

ACL Rules Widget
Add Rule
1. ACL Rules Widget on Group page.
2. Press Add Rule.
3. Widget slides open exposing Add Rule Form with
only the populated Action list box.
4. Select Action.
5. Request sent and Asset list box is populated with
entries appropriate for selected Action.
6. Select Asset.
7. If Asset is type of Content, Menu, or Module, a
request is sent and the Categories list box
populated with entries appropriate for the selected
Asset. (Or, Menu Items or Module names).
8. Select Category (Or, Menu Item or Module name).
9. Request sent and the Content Item list box is
populated with entries for that Category. The Apply
Rule to Child Objects checkbox is presented.
10. Optionally, select Content Item and Apply Rule to
Child Objects listbox.
11. Press Add Rule to process change. ACL Rules
widget closes.
Delete Rule
1. Sort, Scroll, Filter, or Search for Rule.
2. Press X to the right of the Rule.
3. Respond to Prompt, Apply Rule Removal to Child
Objects.


2

Group Members Widget
Add Member
1. Group Members Widget on Group page.
2. Press Add Member.
3. Widget slides open exposing Add Member
Form.
4. Enter Name in Autosuggest Listbox.
5. Select Name .
6. Press Add Member to process change.
Group Member Widget closes with added
Member.
Delete Member
1. Sort, Scroll, Filter, or Search for Member.
2. Press X to the right of the Member.
3. Widget slides open exposing Add Member
Form.
4. Respond to Prompt confirming Delete.
Group Member Widget presents without
Member.


Rules List
-Good resource to sort by
Action, Asset, Category, Item,
and Group
-Ex. find all Groups w Web links access


Member List
-Good resource to sort by
Username, Name, and Group



VIEW ACCESS LEVEL FOR CONTENT,
MENU ITEMS, MODULES


View Access Level
Access Level defines who can View
content from the Frontend. In 1.5,
default is “Public” and can be
changed to “Registered” or
“Special.”

Recommendations for Joomla! 1.6:

Build list of Access Level values from the
list of System and Custom Group Names.

Default Access Level to Parent value(s).
(Remove default in Global Configuration).

Remove Access Column in all List Views
since it is no longer required to be a
single value. The Access Listbox should
remain allowing identification of content
for that selected Access Level (Group).


View Access Level
Default Access Level to Parent value(s).

Publish permission required before Access
Level can be changed, otherwise, hide this
Widget. 1
View Access Level Widget:

Group(s) Selection and Removal Widget
enables search for Group. Multiple Groups
can be selected for Access Level.

New Group Creation – Add User Manager
Option “Enable New Group Creation for View
Level.” If Parameter is activated, Widget
should allow the creation of a Group and
2
automatically add a View Access Rule for the
current Object. The Widget should also
enable search and selection of Group
Members. Note: Use Group Member Widget
with Group Name field.

If additional changes are desired for the new
Group, those changes should be made in the
User Manager to ensure proper access.

This Widget should be available everywhere
the Access List selection is required.



USE CASE


Use Case: Elementary School


Joomla! 1.6 ACL Use Case
Design Test
1. Create Categories Internal
2. Create Pages Office
3. Create Users External
4. Create Groups
5. Assign Members News
6. Assign Rules Elementary
Classroom
7. Create Menus
Showcase
8. Create Menu Items
9. Create Modules
Portfolios Student
10. Create Templates


Joomla! 1.6 ACL Use Case
Design Test
1. Create Categories
2. Create Pages
3. Create Users
4. Create Groups
5. Assign Members
6. Assign Rules
7. Create Menus
8. Create Menu Items
9. Create Modules
Office Staff - Jean, Sam
Faculty - Lou, Addison
The Student - Rainbow
Parents - Stormy, Skye

Group Action Asset Category Item Members
Public View Articles Office External News
View Articles Classroom
Joomla! 1.6 ACL Use Case View Menu Item Showcase
View Menu Item News
Design Test View Menu Item Office
View Menu Item External News
1. Create Categories Respond Comments News

2. Create Pages Registered View Menu Item News

Super
3. Create Users Administrator Sam

4. Create Groups Content
Administrator Access Administrator Jean
5. Assign Members Publish
Manage
All Content
Users
Manage Modules
6. Assign Rules Manage Template

7. Create Menus Faculty Access Administrator Lou, Addison
Create Articles Internal News
8. Create Menu View Menu Item Internal News

Items
Office Staff Publish Articles Office Internal News Jean, Sam
9. Create Modules Publish
View
Articles
Menu Item
Office External News
Office

Students Create Articles Student Rainbox
Response Comment Student

Parents Response Comment Student Stormy, Skye

Teacher Publish Articles Student Lou
Response Comment Student
Publish Articles News

Joomla! 1.6 ACL Use Case The proposed design provides for these
Design Test recommendations:
Conclusion
• The Access Control, Group, Membership
Access Control Custom Groups and Rules
are very powerful and flexible. I do not
foresee concerns about major limitations. It
Widgets must be flexible, not require page
should be adequate for any custom need I
can imagine.
load or visit to another page.
I do have concerns about usability. Even with
my very small Use Case, the configuration
required to implement the design – on paper
– was considerable.
• Widgets must link all information together
Consider, in Joomla! 1.5:
so that every necessary configuration –be it
•Each User could have only one Group. the Group, Member List, Rules, and even
•Each content Item, Menu, Menu Item and
Module could only have on Group, and
typically that remained the default Public
multiple sets of such, are easy to iteratively
value. complete.
Consider the difference for Joomla! 1.6:
When Groups, Membership, and three-part
Group-Action-Asset Rules are created and
applied to cascading layers of Components,
Categories, Items, Menus, Menu Items, and
• Widgets must be provided to create View
Modules. Level Access Groups and define Members to
In short, User Interface will make or break
Access Control in Joomla! 1.6.
create a truly usable interface.


Joomla! 1.6 Access Control Proposal

Recommended

Recommended

More Related Content

What's hot

What's hot (6)

Similar to Joomla! 1.6 Access Control Proposal

Similar to Joomla! 1.6 Access Control Proposal (20)

Recently uploaded

Recently uploaded (20)

Joomla! 1.6 Access Control Proposal