ACL in Joomla 1.6 at #jd11nl

2,051 views

Published on

Joomla 1.6 ACL explained.

Published in: Technology
  • this helps me a lot .. many thanks to you :)
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

ACL in Joomla 1.6 at #jd11nl

  1. 1. Joomla! 1.6 ACL Sander PotjerSander  Potjer  Webdesigntwi$er:  @sanderpotjerweb:  www.sanderpotjer.nl
  2. 2. Joomla! 1.6 ACLAbout me• Co-founder of JoomlaCommunity.eu• Organizer Joomla!Days Netherlands• Organizer Joomla! User Groups in The Netherlands• Company: Sander Potjer Webdesign• Yireo/Jira ICT• Student Architecture
  3. 3. Joomla! 1.6 ACLJoomla! 1.6 ACL
  4. 4. Joomla! 1.6 ACL It took a while... DrupalCon, October 2005 Johan Janssens• http://www.slideshare.net/JohanJanssens/drupalcon-2005-joomla-drupal-and-you-presentation
  5. 5. Joomla! 1.6 ACLACL?!• ACL = Access Control List• Access to parts of the website – e.g. menu / module visibility – “view” action• User actions on objects – e.g. create / edit / delete article
  6. 6. Joomla! 1.6 ACLACL in Joomla! 1.5 & 1.6 (Access)• 7 fixed Groups • Unlimited Groups – Public, Registered, Author, Editor, – user-defined Publisher, Manager, Administrator – not hierarchical and Super-Administrator – Hierarchical structure• User can be assigned to • User can be assigned to one group multiple groups
  7. 7. Joomla! 1.6 ACLACL in Joomla! 1.5 & 1.6 (Access)• 3 fixed Access Levels • Unlimited Access Levels – Public, Registered and Special – user-defined• Fixed relation between • Any combination of Groups and Access Levels Groups can be assigned to any Access Level
  8. 8. Joomla! 1.6 ACLACL in Joomla! 1.5 & 1.6 (Actions)• Fixed Actions per group – Create / edit / delete / admin access / etc.• Permission scope for entire site – Same permission for all objects• Permission inheritance not applicable• http://brian.teeman.net/joomla-gps/joomla-15-acl-explained.html
  9. 9. Joomla! 1.6 ACL ACL in Joomla! 1.5 & 1.6 (Actions)• http://brian.teeman.net/joomla-gps/joomla-15-acl-explained.html
  10. 10. Joomla! 1.6 ACLACL in Joomla! 1.5 & 1.6 (Actions)• Fixed Actions per group • User defined Actions per – Create / edit / delete / group admin access / etc. – Create / edit / delete / admin access / etc.• Permission scope for • Permission scope at entire site multiple levels – Same permission for all objects – Site, Component, Category, Object• Permission inheritance • Permission can be not applicable inherited – from parent Groups and parent Categories
  11. 11. Joomla! 1.6 ACLJoomla! 1.6 ACL Overview
  12. 12. Joomla! 1.6 ACLJoomla 1.6 ACL Overview• http://community.joomla.org/blogs/community/1252-16-acl.html
  13. 13. Joomla! 1.6 ACLJoomla 1.6 ACL Overview• http://community.joomla.org/blogs/community/1252-16-acl.html
  14. 14. Joomla! 1.6 ACLJoomla 1.6 ACL: User • Guest is also a user • Users can be assigned to one or several groups
  15. 15. Joomla! 1.6 ACLJoomla 1.6 ACL Overview• http://community.joomla.org/blogs/community/1252-16-acl.html
  16. 16. Joomla! 1.6 ACL Joomla 1.6 ACL: Permissions• Assigned to group (not to a user!) • 9 Actions – Site Login – Admin Login – Super Admin – Access Component – Create – Delete – Edit – Edit State – Edit Own
  17. 17. Joomla! 1.6 ACLJoomla 1.6 ACL Overview• http://community.joomla.org/blogs/community/1252-16-acl.html
  18. 18. Joomla! 1.6 ACLJoomla 1.6 ACL: Groups • Users with same permissions • User can be in multiple groups • Inherit permissions from parent groups • Unlimited (sub-)groups • Keep it simple! Only use nested groups if needed
  19. 19. Joomla! 1.6 ACLJoomla 1.6 ACL Overview• http://community.joomla.org/blogs/community/1252-16-acl.html
  20. 20. Joomla! 1.6 ACLJoomla 1.6 ACL: Access Level • Which group can view what (article, menu, module, etc.) • Permissions are not inherited between Access Levels • Even Super Users can not view content on frontend
  21. 21. Joomla! 1.6 ACLJoomla 1.6 ACL Overview• http://community.joomla.org/blogs/community/1252-16-acl.html
  22. 22. Joomla! 1.6 ACLPermissions
  23. 23. Joomla! 1.6 ACLHow Permissions work• 4 possible permission settings – Not Set – Inherited – Allowed – Denied
  24. 24. Joomla! 1.6 ACLHow Permissions work• Not set – ‘soft’ deny – can be overridden by ‘Allowed’ or ‘Denied’
  25. 25. Joomla! 1.6 ACLHow Permissions work• Inherited – value from a parent permission level – value from a parent user group – can be overridden by ‘Allowed’ or ‘Denied’
  26. 26. Joomla! 1.6 ACLHow Permissions work• Allowed – action for current permission level and lower levels – action for current user group and child groups – can be overridden by ‘Denied’
  27. 27. Joomla! 1.6 ACLHow Permissions work• Denied – action for current permission level and lower levels – action for current user group and child groups – can’t be overridden at all – always win!
  28. 28. Joomla! 1.6 ACLPermission Hierarchy Levels• Level 1: Global configuration – default permissions settings for actions for a group
  29. 29. Joomla! 1.6 ACLPermissions: Global Configuration (Level 1)
  30. 30. Joomla! 1.6 ACLPermission Hierarchy Levels• Level 1: Global configuration – default permissions settings for actions for a group• Level 2: Component Options – can override the permissions of Level 1
  31. 31. Joomla! 1.6 ACLPermissions: Component Options (Level 2)
  32. 32. Joomla! 1.6 ACLPermissions: Component Options (Level 2)
  33. 33. Joomla! 1.6 ACLPermission Hierarchy Levels• Level 1: Global configuration – default permissions settings for actions for a group• Level 2: Component Options – can override the permissions of Level 1• Level 3: Category – can override the permissions of Level 1 & Level 2 – available for components with categories (Articles, Banners, etc...)
  34. 34. Joomla! 1.6 ACLPermissions: Category (Level 3)
  35. 35. Joomla! 1.6 ACLPermissions: Category (Level 3)
  36. 36. Joomla! 1.6 ACLPermission Hierarchy Levels• Level 1: Global configuration – default permissions settings for actions for a group• Level 2: Component Options – can override the permissions of Level 1• Level 3: Category – can override the permissions of Level 1 & Level 2 – available for components with categories (Articles, Banners, etc...)• Level 4: Item – can override the permissions of Level 1 & Level 2 & Level 3 – only available for articles in Joomla 1.6 core
  37. 37. Joomla! 1.6 ACLPermissions: Item (Level 4)
  38. 38. Joomla! 1.6 ACLPermissions: Item (Level 4)
  39. 39. Joomla! 1.6 ACLPermission Hierarchy Levels• Level 1: Global configuration – default permissions settings for actions for a group• Level 2: Component Options – can override the permissions of Level 1• Level 3: Category – can override the permissions of Level 1 & Level 2 – available for components with categories (Articles, Banners, etc...)• Level 4: Item – can override the permissions of Level 1 & Level 2 & Level 3 – only available for articles in Joomla 1.6 core
  40. 40. Joomla! 1.6 ACLPermission Hierarchy Levels• Level 1: Global configuration – default permissions settings for actions for a group• Level 2: Component Options – can override the permissions of Level 1• Level 3: Category – can override the permissions of Level 1 & Level 2 – available for components with categories (Articles, Banners, etc...)• Level 4: Item – can override the permissions of Level 1 & Level 2 & Level 3 – only available for articles in Joomla 1.6 core• Override permissions of higher levels only works if permission setting is not ‘Denied’!
  41. 41. Joomla! 1.6 ACLInheriting example for ‘Create’ action Level 1 Level 2 Level 3 Level 4• http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new-permissions-in-joomla-16.html
  42. 42. Joomla! 1.6 ACLInheriting example for ‘Create’ action Level 1 Level 2 Level 3 Level 4• http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new-permissions-in-joomla-16.html
  43. 43. Joomla! 1.6 ACLInheriting example for ‘Create’ action Level 1 Level 2 Level 3 Level 4• http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new-permissions-in-joomla-16.html
  44. 44. Joomla! 1.6 ACLInheriting example for ‘Create’ action Level 1 Level 2 Level 3 Level 4• http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new-permissions-in-joomla-16.html
  45. 45. Joomla! 1.6 ACLInheriting example for ‘Create’ action Level 1 Level 2 Level 3 Level 4• http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new-permissions-in-joomla-16.html
  46. 46. Joomla! 1.6 ACLAvailable Permissions and Levels for a Group of Users
  47. 47. Joomla! 1.6 ACLAction: Edit State
  48. 48. Joomla! 1.6 ACLACL Managerfor Joomla! 1.6 by Sander Potjer
  49. 49. Joomla! 1.6 ACLACL Manager for Joomla! 1.6
  50. 50. Joomla! 1.6 ACLACL Manager for Joomla! 1.6
  51. 51. Joomla! 1.6 ACLACL Manager for Joomla! 1.6
  52. 52. Joomla! 1.6 ACLACL Manager for Joomla! 1.6 www.aclmanager.net
  53. 53. Joomla! 1.6 ACLDebug Permissions
  54. 54. Joomla! 1.6 ACLDebug Permissions• Turn on the ‘Debug System’ in the Global Configuration• Go to ‘User Manager’ or ‘Groups’• Click on ‘Debug Permission Report’ next to the User or User Group
  55. 55. Joomla! 1.6 ACLDebug Permissions
  56. 56. Joomla! 1.6 ACLDebug Permissions• Disadvantage: need to turn ‘Debug System’
  57. 57. Joomla! 1.6 ACLPlan your ACL implementation
  58. 58. Joomla! 1.6 ACLDescribe the problem• Most of the website is public available, specific content only for a group of users (e.g. teachers & students)• A teacher can see content specifically for teachers, all student content and all public content• Students can see content specifically for students and all public content
  59. 59. Joomla! 1.6 ACLViewing or action problem?• Define the problem, is it a viewing problem or action problem (create/delete/edit/etc..)? Or both?• Viewing: define the Viewing Access Levels• Access: define the permissions for the actions
  60. 60. Joomla! 1.6 ACLThink ahead! Maintenance?• Structure your content properly to handle the permissions• Make usage of parent categories with nested categories with same permissions• No need to set permissions per article
  61. 61. Joomla! 1.6 ACLSome Notes
  62. 62. Joomla! 1.6 ACLUser in multiple groups• Class 1 – Allowed on edit ‘Class 1’ category – Denied on edit ‘Class 2’ category• Class 2 – Allowed on edit ‘Class 2’ category – Denied on edit ‘Class 1’ category• User in Class 1 & Class 2 group – Denied on edit ‘Class 1’ category – Denied on edit ‘Class 1’ category – Denied always win – Solution: don’t use denied (soft deny)
  63. 63. Joomla! 1.6 ACLWhat if I locked myself out? :-)
  64. 64. Joomla! 1.6 ACLWhat if I locked myself out? :-)• No need to access your database• Open your configuration.php and add: – public $root_user = username;• You can login again and perform all actions• Great for playing around with the new ACL• Don’t forget to remove the $root_user line!
  65. 65. Joomla! 1.6 ACLPractical ACL Tips
  66. 66. Joomla! 1.6 ACLACL Tips• Write down your ACL requirements for a website before implementing• Joomla 1.5 User Groups are for backward compatibility in Joomla 1.6, you may remove them!• Use multi-nested Groups only if needed / know what you are doing (so inheriting value only between levels, not groups as well)
  67. 67. Joomla! 1.6 ACLACL Tips• Assign User Group with backend access to a Viewing Access Level• Keep flexible for lower permission levels/groups: Avoid the ‘Denied’ permission setting as long as possible• Idea: Make a Group for each Action so you can assign actions directly to a user
  68. 68. Joomla! 1.6 ACLResources• http://www.yireo.com/tutorials/joomla/joomla-administration/402-joomla-16- acls-1-marketing-group• http://community.joomla.org/blogs/community/1252-16-acl.html• http://docs.joomla.org/ACL_Tutorial_for_Joomla_1.6• http://docs.joomla.org/Access_Control_System_In_Joomla_1.6• http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new- permissions-in-joomla-16.html• http://www.theartofjoomla.com/home/38-talks/101-the-joomla-16-video- access-controls.html• http://www.aclmanager.net

×