Enrich your extensions with   Joomla! ACL support               Sander Potjer                   @sanderpotjer       J	  an...
Sander Potjer?Twitter:@sanderpotjerE-mail:sander@sanderpotjer.nlSlides:http://www.slideshare.net/sanderpotjer/
Joomla! ACL
It took a while...                                                                      DrupalCon, October 2005           ...
ACL?!?!ACL = Access Control List
ACL?!?!ACL = Access Control ListAccess to parts of the website– e.g. menu / module visibility– “view” action
ACL?!?!ACL = Access Control ListAccess to parts of the website– e.g. menu / module visibility– “view” actionUser actions o...
ACL?!?!ACL = Access Control ListAccess to parts of the website– e.g. menu / module visibility– “view” actionUser actions o...
Joomla! 2.5ACL Overview
• http://community.joomla.org/blogs/community/1252-16-acl.html
• http://community.joomla.org/blogs/community/1252-16-acl.html
User       • Guest is also a         ‘user’       • Users can be         assigned to one or         multiple groups
• http://community.joomla.org/blogs/community/1252-16-acl.html
PermissionsAssigned to group (not to a user!)                                     10 Actions                              ...
• http://community.joomla.org/blogs/community/1252-16-acl.html
Group        • Users with same permissions        • Inherited permissions from          parent groups        • Unlimited n...
• http://community.joomla.org/blogs/community/1252-16-acl.html
Access Level               • What is visible for the group                 (article, menu, module, etc.)               • P...
• http://community.joomla.org/blogs/community/1252-16-acl.html
Permissions Settings 4 possible permission settings– Not Set– Inherited– Allowed– Denied
Permission Hierarchy (levels)Level 1: Global configuration– default permissions settings for actions for a group
Permission Hierarchy (levels)Level 1: Global configuration– default permissions settings for actions for a groupLevel 2: C...
Permission Hierarchy (levels)Level 1: Global configuration– default permissions settings for actions for a groupLevel 2: C...
Permission Hierarchy (levels)Level 1: Global configuration– default permissions settings for actions for a groupLevel 2: C...
Permission Hierarchy (levels)Level 1: Global configuration– default permissions settings for actions for a groupLevel 2: C...
Inheriting example for ‘Create’ Action   Level 1   Level 2   Level 3   Level 4• http://www.theartofjoomla.com/home/5-comme...
Database: #__assets
Database: #__assets: rules names10 Actions:– Site Login: core.login.site– Admin Login: core.login.admin– Offline Access: c...
Database: #__assets: rules valuesPermissions values “Null”, ‘0’ and ‘1’– Null: Not Set or Inherited– 0: Denied– 1: Allowed
Database: #__assets: rules format   {"core.login.site":{"6":1,"2":1}
Database: #__assets: name format     com_content.category.19
Database: #__assets
Joomla Basic ACL support
2 actions requiredConfigureTo configure the access settings via the Options toolbar buttonAccess Administration InterfaceT...
18 lines of code     4 stepscouple minutes
1. Add/modify config.xmlFile: administrator/components/com_foobar/config.xml<?xml version="1.0" encoding="utf-8"?><config>...
2. Add access checkFile: administrator/components/com_foobar/foobar.phpdefined(_JEXEC) or die(Restricted access);// Access...
3. Add the Options toolbar buttonFile: administrator/components/com_foobar/views/foobars/view.html.php// Options button.if...
4. Add one language stringFile: administrator/language/en-GB/en-GB.com_foobar.iniCOM_FOOBAR_CONFIGURATION="FooBar Options"
That’s all!
Actually, basic ACL support is not optional, it should be a requirement for a “native”   Joomla 2.5 extension.
Adding custom actions
Adding custom actions    Example: administrator/components/com_foobar/access.xml<?xml version="1.0" encoding="utf-8" ?><ac...
Adding custom actions   Example: administrator/components/com_foobar/config.xml<?xml version="1.0" encoding="utf-8"?><conf...
Extension X (not so good) example
Extension X (not so good) example
Extension X (not so good) example
Extension X (not so good) example
Action check
Simple action checkFile: administrator/components/com_foobar/views/foobars/view.html.php// Options button.if (JFactory::ge...
Multiple action check    File: administrator/components/com_foobar/views/foobars/view.html.php    /**!     * Setting the t...
Multiple action check    File: administrator/components/com_foobar/helpers/foobar.php    /**!     * Get the actions!     *...
Multiple action checkFile: administrator/components/com_content/helpers/content.php
Displaying permission      interface
Display permission interface  File: administrator/components/com_foobar/views/foobar/tmpl/edit.php <?php if ($this->canDo-...
Display permission interfaceFile: administrator/components/com_foobar/views/foobar/tmpl/edit.php
Usage examples in MVC
Usage examples - ModelFile: administrator/components/com_content/models/article.php
Usage examples - ModelFile: administrator/components/com_content/models/articles.php
Usage examples - ViewFile: administrator/components/com_content/views/articles/tmpl/default.php
Usage examples - ViewFile: administrator/components/com_content/views/articles/tmpl/default.php
Usage examples - ControllerFile: administrator/components/com_content/controllers/articles.php
Be Creative!
Resources• http://www.aclmanager.net/news/general/28-is-your-extension-really-    joomla-17-ready•   http://www.aclmanager...
Enrich your extensions with Joomla! ACL support
Upcoming SlideShare
Loading in …5
×

Enrich your extensions with Joomla! ACL support

8,629 views

Published on

Enrich your extensions with Joomla! ACL support during J and Beyond 2012

Published in: Technology
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
8,629
On SlideShare
0
From Embeds
0
Number of Embeds
182
Actions
Shares
0
Downloads
106
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

Enrich your extensions with Joomla! ACL support

  1. Enrich your extensions with Joomla! ACL support Sander Potjer @sanderpotjer J  and  Beyond  -­‐  May  20,  2012
  2. Sander Potjer?Twitter:@sanderpotjerE-mail:sander@sanderpotjer.nlSlides:http://www.slideshare.net/sanderpotjer/
  3. Joomla! ACL
  4. It took a while... DrupalCon, October 2005 Johan Janssens• http://www.slideshare.net/JohanJanssens/drupalcon-2005-joomla-drupal-and-you-presentation
  5. ACL?!?!ACL = Access Control List
  6. ACL?!?!ACL = Access Control ListAccess to parts of the website– e.g. menu / module visibility– “view” action
  7. ACL?!?!ACL = Access Control ListAccess to parts of the website– e.g. menu / module visibility– “view” actionUser actions on objectsexample: create / edit / edit state / delete article
  8. ACL?!?!ACL = Access Control ListAccess to parts of the website– e.g. menu / module visibility– “view” actionUser actions on objectsexample: create / edit / edit state / delete article
  9. Joomla! 2.5ACL Overview
  10. • http://community.joomla.org/blogs/community/1252-16-acl.html
  11. • http://community.joomla.org/blogs/community/1252-16-acl.html
  12. User • Guest is also a ‘user’ • Users can be assigned to one or multiple groups
  13. • http://community.joomla.org/blogs/community/1252-16-acl.html
  14. PermissionsAssigned to group (not to a user!) 10 Actions – Site Login – Admin Login – Offline Access (since 1.7) – Super Admin / Configure – Access Administration Interface – Create – Delete – Edit – Edit State – Edit Own
  15. • http://community.joomla.org/blogs/community/1252-16-acl.html
  16. Group • Users with same permissions • Inherited permissions from parent groups • Unlimited nested groups • Keep it simple! Only use nested groups if needed
  17. • http://community.joomla.org/blogs/community/1252-16-acl.html
  18. Access Level • What is visible for the group (article, menu, module, etc.) • Permissions are inherit between Access Levels • Even Super Users can not view content on frontend if not assigned
  19. • http://community.joomla.org/blogs/community/1252-16-acl.html
  20. Permissions Settings 4 possible permission settings– Not Set– Inherited– Allowed– Denied
  21. Permission Hierarchy (levels)Level 1: Global configuration– default permissions settings for actions for a group
  22. Permission Hierarchy (levels)Level 1: Global configuration– default permissions settings for actions for a groupLevel 2: Component Options– can override the permissions of Level 1
  23. Permission Hierarchy (levels)Level 1: Global configuration– default permissions settings for actions for a groupLevel 2: Component Options– can override the permissions of Level 1Level 3: Category– can override the permissions of Level 1 & Level 2– available for components with categories (Articles, Banners, etc...)
  24. Permission Hierarchy (levels)Level 1: Global configuration– default permissions settings for actions for a groupLevel 2: Component Options– can override the permissions of Level 1Level 3: Category– can override the permissions of Level 1 & Level 2– available for components with categories (Articles, Banners, etc...)Level 4: Item– can override the permissions of Level 1 & Level 2 & Level 3– only available for article manager in Joomla core
  25. Permission Hierarchy (levels)Level 1: Global configuration– default permissions settings for actions for a groupLevel 2: Component Options– can override the permissions of Level 1Level 3: Category– can override the permissions of Level 1 & Level 2– available for components with categories (Articles, Banners, etc...)Level 4: Item– can override the permissions of Level 1 & Level 2 & Level 3– only available for article manager in Joomla coreOverride permissions of higher levels only works ifpermission setting is not ‘Denied’!
  26. Inheriting example for ‘Create’ Action Level 1 Level 2 Level 3 Level 4• http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new-permissions-in-joomla-16.html
  27. Database: #__assets
  28. Database: #__assets: rules names10 Actions:– Site Login: core.login.site– Admin Login: core.login.admin– Offline Access: core.login.offline– Super Admin / Configure: core.admin– Access Administration Interface: core.manager– Create: core.create– Delete: core.delete– Edit: core.edit– Edit State: core.edit.state– Edit Own: core.edit.own
  29. Database: #__assets: rules valuesPermissions values “Null”, ‘0’ and ‘1’– Null: Not Set or Inherited– 0: Denied– 1: Allowed
  30. Database: #__assets: rules format {"core.login.site":{"6":1,"2":1}
  31. Database: #__assets: name format com_content.category.19
  32. Database: #__assets
  33. Joomla Basic ACL support
  34. 2 actions requiredConfigureTo configure the access settings via the Options toolbar buttonAccess Administration InterfaceTo define which group is able to access/manage the component
  35. 18 lines of code 4 stepscouple minutes
  36. 1. Add/modify config.xmlFile: administrator/components/com_foobar/config.xml<?xml version="1.0" encoding="utf-8"?><config> <fieldset name="permissions" label="JCONFIG_PERMISSIONS_LABEL"description="JCONFIG_PERMISSIONS_DESC"> <field name="rules" type="rules"label="JCONFIG_PERMISSIONS_LABEL" filter="rules"component="com_foobar" section="component"> <action name="core.admin" title="JACTION_ADMIN"description="JACTION_ADMIN_COMPONENT_DESC" /> <action name="core.manage" title="JACTION_MANAGE"description="JACTION_MANAGE_COMPONENT_DESC" /> </field> </fieldset></config>
  37. 2. Add access checkFile: administrator/components/com_foobar/foobar.phpdefined(_JEXEC) or die(Restricted access);// Access check.if (!JFactory::getUser()->authorise(core.manage, com_foobar)) { return JError::raiseWarning(404, JText::_(JERROR_ALERTNOAUTHOR));}
  38. 3. Add the Options toolbar buttonFile: administrator/components/com_foobar/views/foobars/view.html.php// Options button.if (JFactory::getUser()->authorise(core.admin, com_foobar)) { JToolBarHelper::preferences(com_foobar);}
  39. 4. Add one language stringFile: administrator/language/en-GB/en-GB.com_foobar.iniCOM_FOOBAR_CONFIGURATION="FooBar Options"
  40. That’s all!
  41. Actually, basic ACL support is not optional, it should be a requirement for a “native” Joomla 2.5 extension.
  42. Adding custom actions
  43. Adding custom actions Example: administrator/components/com_foobar/access.xml<?xml version="1.0" encoding="utf-8" ?><access component="com_helloworld">! <section name="component">! ! <action name="core.admin" title="JACTION_ADMIN" description="JACTION_ADMIN_COMPONENT_DESC" />! ! <action name="core.manage" title="JACTION_MANAGE" description="JACTION_MANAGE_COMPONENT_DESC" />! ! <action name="core.create" title="JACTION_CREATE" description="JACTION_CREATE_COMPONENT_DESC" />! ! <action name="core.delete" title="JACTION_DELETE" description="JACTION_DELETE_COMPONENT_DESC" />! ! <action name="foobar.delete.own" title="FOOBAR_DELETE_OWN" description="FOOBAR_DELETE_OWN_DESC" />! </section>! <section name="message">! ! <action name="core.delete" title="JACTION_DELETE" description="COM_HELLOWORLD_ACCESS_DELETE_DESC" />! ! <action name="core.edit" title="JACTION_EDIT" description="COM_HELLOWORLD_ACCESS_EDIT_DESC" /> <action name="foobar.delete.own" title="FOOBAR_DELETE_OWN" description="FOOBAR_DELETE_OWN_DESC" />! </section></access>
  44. Adding custom actions Example: administrator/components/com_foobar/config.xml<?xml version="1.0" encoding="utf-8"?><config>! <fieldset! ! name="greetings"! ! label="COM_FOOBAR_CONFIG_GREETING_SETTINGS_LABEL"! ! description="COM_FOOBAR_CONFIG_GREETING_SETTINGS_DESC"! >! ! <field! ! ! name="show_category"! ! ! type="radio"! ! ! label="COM_FOOBAR_HELLOWORLD_FIELD_SHOW_CATEGORY_LABEL"! ! ! description="COM_FOOBAR_HELLOWORLD_FIELD_SHOW_CATEGORY_DESC"! ! ! default="0"! ! >! ! ! <option value="0">JHIDE</option>! ! ! <option value="1">JSHOW</option>! ! </field>! </fieldset>! <fieldset! ! name="permissions"! ! label="JCONFIG_PERMISSIONS_LABEL"! ! description="JCONFIG_PERMISSIONS_DESC"! >! ! <field! ! ! name="rules"! ! ! type="rules"! ! ! label="JCONFIG_PERMISSIONS_LABEL"! ! ! class="inputbox"! ! ! validate="rules"! ! ! filter="rules"! ! ! component="com_foobar"! ! ! section="component"! ! />! </fieldset></config>
  45. Extension X (not so good) example
  46. Extension X (not so good) example
  47. Extension X (not so good) example
  48. Extension X (not so good) example
  49. Action check
  50. Simple action checkFile: administrator/components/com_foobar/views/foobars/view.html.php// Options button.if (JFactory::getUser()->authorise(core.admin, com_foobar)) { JToolBarHelper::preferences(com_foobar);}
  51. Multiple action check File: administrator/components/com_foobar/views/foobars/view.html.php /**! * Setting the toolbar! */! protected function addToolBar()! {! ! $canDo = FoobarHelper::getActions();! ! JToolBarHelper::title(JText::_(COM_FOOBAR_MANAGER_HELLOWORLDS), foobar);! ! if ($canDo->get(core.create))! ! {! ! ! JToolBarHelper::addNew(foobar.add, JTOOLBAR_NEW);! ! }! ! if ($canDo->get(core.edit))! ! {! ! ! JToolBarHelper::editList(foobar.edit, JTOOLBAR_EDIT);! ! }! ! if (($canDo->get(core.delete)) || ($canDo->get(foobar.delete.own)))! ! {! ! ! JToolBarHelper::deleteList(, foobar.delete, JTOOLBAR_DELETE);! ! }! ! if ($canDo->get(core.admin))! ! {! ! ! JToolBarHelper::divider();! ! ! JToolBarHelper::preferences(com_foobar);! ! }! }
  52. Multiple action check File: administrator/components/com_foobar/helpers/foobar.php /**! * Get the actions! */! public static function getActions($messageId = 0)! {!! ! jimport(joomla.access.access);! ! $user ! = JFactory::getUser();! ! $result! = new JObject;! ! if (empty($messageId)) {! ! ! $assetName = com_foobar;! ! }! ! else {! ! ! $assetName = com_foobar.message..(int) $messageId;! ! }! ! $actions = JAccess::getActions(com_foobar, component);! ! foreach ($actions as $action) {! ! ! $result->set($action->name, $user->authorise($action->name, $assetName));! ! }! ! return $result;! }
  53. Multiple action checkFile: administrator/components/com_content/helpers/content.php
  54. Displaying permission interface
  55. Display permission interface File: administrator/components/com_foobar/views/foobar/tmpl/edit.php <?php if ($this->canDo->get(core.admin)): ?> <div class="width-100 fltlft"> <?php echo JHtml::_(sliders.start, permissions-sliders-.$this->item->id,array(useCookie=>1)); ?> <?php echo JHtml::_(sliders.panel, JText::_(COM_HELLOWORLD_FIELDSET_RULES), access-rules); ?> <fieldset class="panelform"> <?php echo $this->form->getLabel(rules); ?> <?php echo $this->form->getInput(rules); ?> </fieldset> <?php echo JHtml::_(sliders.end); ?> </div> <?php endif; ?>
  56. Display permission interfaceFile: administrator/components/com_foobar/views/foobar/tmpl/edit.php
  57. Usage examples in MVC
  58. Usage examples - ModelFile: administrator/components/com_content/models/article.php
  59. Usage examples - ModelFile: administrator/components/com_content/models/articles.php
  60. Usage examples - ViewFile: administrator/components/com_content/views/articles/tmpl/default.php
  61. Usage examples - ViewFile: administrator/components/com_content/views/articles/tmpl/default.php
  62. Usage examples - ControllerFile: administrator/components/com_content/controllers/articles.php
  63. Be Creative!
  64. Resources• http://www.aclmanager.net/news/general/28-is-your-extension-really- joomla-17-ready• http://www.aclmanager.net/news/general/31-how-to-add-basic-acl-support-to- your-extension• http://docs.joomla.org/Developing_a_Model-View- Controller_(MVC)_Component_for_Joomla!2.5_-_Part_14• http://docs.joomla.org/How_to_implement_actions_in_your_code• http://community.joomla.org/blogs/community/1252-16-acl.html• http://docs.joomla.org/ACL_Tutorial_for_Joomla_1.6• http://docs.joomla.org/Access_Control_System_In_Joomla_1.6• http://magazine.joomla.org/issues/Issue-May-2012/item/761-Joomla-ACL- Configuring-back-end

×