Successfully reported this slideshow.
Your SlideShare is downloading. ×

Cutting corners from a wheel -

Upcoming SlideShare
 Applet
Applet
Loading in …3
×

Check these out next

1 of 43
1 of 43

More Related Content

Related Books

Free with a 30 day trial from Scribd

See all

Cutting corners from a wheel -

  1. 1. CUTTING CORNERS FROM A WHEEL // Forkito ACL // FORKITO
  2. 2. FINAL GOAL Easy to use and understand ACL system Reusable ACL library compatible with most widespread Joomla based projects FORKITO
  3. 3. FORKITO ACL FLAVORS Ţ Joomla fork flavor (working - oh yeah) Ţ Molajo flavor (in progress) Ţ Nooku flavor (planned) FORKITO
  4. 4. JOOMLA FORK FLAVOR FORKITO
  5. 5. JOOMLA FORK FLAVOR Did he really say that? FORKITO
  6. 6. JOOMLA FORK FLAVOR Starting point for the whole project. Used as proof of concept FORKITO
  7. 7. Joomla fork form == contains changes to 70+ files due to poor Joomla ACL implementation in application layer Joomla - ACL hardcoded everywhere revision 7 FORKITO
  8. 8. COVERED PARTS New forkito ACL library Joomla library methods are changed to proxies to a new library methods Includes internal methods that take care of backwards compatibility with old Joomla ACL FORKITO
  9. 9. COVERED PARTS Web application framework layer Ţ categories Ţ menus, Ţ modules, Ţ plugins Mainly changes to multiple items queries FORKITO
  10. 10. COVERED PARTS Application Ţ Backend components: com_categories, com_menus, com_modules, com_plugins Ţ Content components: com_content (back and frontend) Ţ Pagenavigation plugin- Contains changes to 37 php and 15 xml files, most extensive changes to com_users and com_content FORKITO
  11. 11. WHERE I CAN GET IT git clone git://git.forkito.org/forkito FORKITO
  12. 12. MOLAJO FLAVOR FORKITO
  13. 13. Completely new classes Where most development goes at the moment The most important part FORKITO
  14. 14. Molajo ? - web application layer will be completely redone together with components - layer includes hooks for ACL plugins Just few library overrides (JUser, JCategories, JMenu … ) Joomla compatibility methods removed – extension either uses Joomla or Forkito ACL FORKITO
  15. 15. Molajo ? - web application layer will be completely redone together with components - layer includes hooks for ACL plugins Just few library overrides (JUser, JCategories, JMenu … ) Joomla compatibility methods removed – extension either uses Joomla or Forkito ACL yes, it can be done FORKITO
  16. 16. NOOKU FLAVOR FORKITO
  17. 17. Will come after Molajo flavour it is expected that only minor changes will be needed in Forkito ACl for it to work with Nooku framework. Forkito will represent an addon library here FORKITO
  18. 18. Unified ACL // Forkito to Joomla ACL comparision// FORKITO
  19. 19. REMOVED VIEW ACCESS LEVELS AND ADDED VIEW TO ACTIONS 50% less users effort needed, 50% less complicated. View == action No need for a separate ACL system for managing view permissions. onfusing for the user and inefficient from the system point of view. FORKITO
  20. 20. RADICALLY IMPROVED AND SIMPLIFIED USER INTERFACE Ţ Simple matryx of groups and actions Ţ One-click permission changes Ţ Instantly visible changes in inherited values FORKITO
  21. 21. SIMPLIFIED OPERATIONAL LOGIC Lower level always wins Global >Component>(Category)>(Item) Anything set on the lower level beats what was set on the higher one (denied or allowed) Assigned permission beats inherited Users are auto assigned to parent groups, so anything that is set in parents will affect user's permissions, but only if it is not set explicitly in assigned groups. FORKITO
  22. 22. SIMPLIFIED OPERATIONAL LOGIC If one group gives you access you are in (key analogy) If you have a key that opens certain doors, it doesn't matter if another key doesn't work, you still can get in. When user is allowed to do something trough his membership in one of the assigned groups, all others are irrelevant. FORKITO
  23. 23. DRY-ED AND RE-ARCHITECTURED No code repetition A single method for a single purpose. Classes reusing other classes methods and not replicating them. Very low amount of code, will cut off even more in the future. FORKITO
  24. 24. JSON ENCODED RULES REPLACED WITH PERMISSIONS TABLE JSON encoded string of permissions, stored in simgle database field was one of the most horrible ideas ever seen in Joomla This kind of code crimes should be punishable with at least 100 hits with a stick. FORKITO
  25. 25. WHY ? FORKITO
  26. 26. It totally disables any database relations, conditional searches etc. with enormous impact on performance. FORKITO
  27. 27. To retrieve a list of items user has a permission to view (or edit or do any action) code would need to query for ALL items, unpack json string item by item and check permissions each item separately. Now imagine you have 100.000 or even 1 million items to inspect one by one and try to imagine how long that would take and e.g. how much memory it would consume. Get the picture? FORKITO
  28. 28. Having JSON in a database == a performance problem => you need more efficient system for managing thousands of users trying to view pages => you "solve" the problem by inventing another ACL system called access levels FORKITO
  29. 29. ALWAYS PRESENT BASIC SYSTEM GROUPS Groups that cannot be removed or their role changed While this might seem like a backwards step, this groups are really corner stones that CMS ACL cannot work without. Equivalent to unix wheel and anonymous groups roles. Having groups system can always rely on -> RELIABILITY, better performance and better security // including root configuration hack that is not need anymore // FORKITO
  30. 30. ALWAYS PRESENT BASIC SYSTEM GROUPS Everyone - Not-authenticated - anonymous visitors - Authenticated – anyone that is logged in -- Admins – replacing global core.admin permission (equivalent to unix wheel group) FORKITO
  31. 31. Simple API // Hod do I implement it // FORKITO
  32. 32. API GOAL Create minimal number of humanly understandable (self explaining) classes and method names. FORKITO
  33. 33. CHECK AUTHORIZATION - MACCESS CLASS Check single item's authorization : isUserAuthorizedTo + shortcut: isUserAuthorisedToView FORKITO
  34. 34. CHECK AUTHORIZATION - MACCESS CLASS Check multiple items authorization (by automatically inserting filtering sql in multiple items queries): insertFilterQuery FORKITO
  35. 35. MULTIPLE ITEMS AUTHORIZATION EXAMPLE JPluginHelper::_load() Joomla $levels = implode(',', $user->getAuthorisedViewLevels()); ... $query->select('folder AS type, element AS name, params') ->from('#__extensions') ->where('enabled >= 1') ->where('type ='.$db->Quote('plugin')) ->where('state >= 0') ->where('access IN ('.$levels.')') ->order('ordering'); FORKITO
  36. 36. MULTIPLE ITEMS AUTHORIZATION EXAMPLE Forkito ACL $query->select('e.folder AS type, e.element AS name, e.params, e.extension_id, e.asset_id') ->from('#__extensions AS e') ->where('enabled >= 1') ->where('type ='.$db->Quote('plugin')) ->where('state >= 0') ->order('ordering'); jimport('molajo.access.access'); MAccess::insertFilterQuery($db, $query, 'e.asset_id', 'core.view'); FORKITO
  37. 37. MULTIPLE ITEMS AUTHORIZATION EXAMPLE The same function is used in categories helper, modules helper, com_content articles model – anywhere where list of items needs to be filtered FORKITO
  38. 38. USER INTERFACE Insert acl widget HTML: MHtmlPermissions::aclWidget Get ready-made acl widget in shape of Joomla form field: MFormFieldAclwidget Very simple to include ACL widget in your component layout FORKITO
  39. 39. Future // Short term // FORKITO
  40. 40. Testing, testing. Bugfixing. Testing. Bugfixing. Bugfixing. Testing. Testing. Bugfixing. Testing, testing. Bugfixing. Testing. Bugfixing. Bugfixing. Testing. Testing. Bugfixing. Testing, testing. Bugfixing. Testing. Bugfixing. Bugfixing. Testing. Testing. Bugfixing. Testing, testing. Bugfixing. Testing. Bugfixing. Bugfixing. Testing. Testing. Bugfixing. Testing, testing. Bugfixing. Testing. Bugfixing. Bugfixing. Testing. Testing. Bugfixing. Testing, testing. Bugfixing. Testing. Bugfixing. Bugfixing. Testing. Testing. Bugfixing. FORKITO
  41. 41. USER INTERFACE IMPROVEMENT Inheritance breadcrumbs - show what this level is inheriting from FORKITO
  42. 42. Future // Long term // FORKITO
  43. 43. MORE ROUNDS OF SIMPLIFICATION Simple mode - flatten inheritance , keep only default and category (or item) permissions FORKITO

×