Joomla 2.5 ACL @ Dutch Joomla!Days #jd12nl

3,532 views

Published on

Slides of the Joomla ACL session on the Dutch Joomla!Days, 21 April 2012

Published in: Technology, Business
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,532
On SlideShare
0
From Embeds
0
Number of Embeds
244
Actions
Shares
0
Downloads
67
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Joomla 2.5 ACL @ Dutch Joomla!Days #jd12nl

  1. 1. Rechtenbeheer in Joomla! 2.5 Sander Potjer @sanderpotjer www.sanderpotjer.nl Joomla!dagen 2012 - 21 april 2012
  2. 2. Who is Sander Potjer?• Involved in the local Joomla community• Joomla Community Leadership Team (CLT) member• Company: Sander Potjer Webdevelopment• E-mail: sander.potjer@community.joomla.org
  3. 3. Who is Sander Potjer?• Involved in the local Joomla community• Joomla Community Leadership Team (CLT) member• Company: Sander Potjer Webdevelopment• E-mail: sander.potjer@community.joomla.org• Slides: http://www.slideshare.net/sanderpotjer
  4. 4. Joomla! ACL
  5. 5. It took a while... DrupalCon, October 2005 Johan Janssens• http://www.slideshare.net/JohanJanssens/drupalcon-2005-joomla-drupal-and-you-presentation
  6. 6. ACL?!?!• ACL = Access Control List
  7. 7. ACL?!?!• ACL = Access Control List• Access to parts of the website – e.g. menu / module visibility – “view” action
  8. 8. ACL?!?!• ACL = Access Control List• Access to parts of the website – e.g. menu / module visibility – “view” action• User actions on objects – example: create / edit / edit state / delete article
  9. 9. ACL - Groups• 7 fixed Groups – Public, Registered, Author, Editor, Publisher, Manager, Administrator and Super- Administrator• Hierarchical structure
  10. 10. ACL - Groups• 7 fixed Groups • Unlimited Groups – Public, Registered, Author, – user defined Editor, Publisher, Manager, Administrator and Super- • No Hierarchical Structure Administrator required• Hierarchical structure
  11. 11. ACL - User in Group• User can be assigned to one group
  12. 12. ACL - User in Group• User can be assigned to • User can be assigned to one group multiple groups
  13. 13. ACL - Access Levels• 3 fixed Access Levels – Public – Registered – Special
  14. 14. ACL - Access Levels• 3 fixed Access Levels • Unlimited Access Levels – Public – user defined – Registered – Special
  15. 15. ACL - Access Levels & Groups relation• Fixed relation between Groups and Access Levels
  16. 16. ACL - Access Levels & Groups relation• Fixed relation between • Any combination of User Groups and Access Groups can be assigned Levels to any Access Level
  17. 17. ACL - Actions• Fixed Actions per group – Create / edit / delete / admin access / etc.• Permission scope for entire site – Same permission for all objects• Permission inheritance not applicable
  18. 18. ACL in Joomla! 1.5 & 1.6 (Actions)• http://brian.teeman.net/joomla-gps/joomla-15-acl-explained.html
  19. 19. ACL - Actions• Fixed Actions per group • Defined Actions per group – Create / edit / delete / – Create / edit / delete / admin access / etc. admin access / etc.• Permission scope for • Permission scope at entire site multiple levels – Same permission for all objects – Site/Component/Category/Item• Permission inheritance • Permission can be not applicable inherited – Parent Groups / Categories
  20. 20. Joomla! 2.5ACL Overview
  21. 21. • http://community.joomla.org/blogs/community/1252-16-acl.html
  22. 22. • http://community.joomla.org/blogs/community/1252-16-acl.html
  23. 23. User • Guest is also a user • Users can be assigned to one or multiple groups
  24. 24. • http://community.joomla.org/blogs/community/1252-16-acl.html
  25. 25. Permissions• Assigned to group (not to a user!) • 10 Actions – Site Login – Admin Login – Offline Access (since 1.7) – Super Admin / Configure – Access Component – Create – Delete – Edit – Edit State – Edit Own
  26. 26. • http://community.joomla.org/blogs/community/1252-16-acl.html
  27. 27. Group • Users with same permissions • Inherited permissions from parent groups • Unlimited nested groups • Keep it simple! Only use nested groups if needed
  28. 28. • http://community.joomla.org/blogs/community/1252-16-acl.html
  29. 29. Access Level • What is visible for the group (article, menu, module, etc.) • Permissions are not inherited between Access Levels • Even Super Users can not view content on frontend if not assigned
  30. 30. • http://community.joomla.org/blogs/community/1252-16-acl.html
  31. 31. Permissions
  32. 32. Permissions• 4 possible permission settings – Not Set – Inherited – Allowed – Denied
  33. 33. Permissions - Not Set• ‘soft’ deny• can be overridden by ‘Allowed’ or ‘Denied’
  34. 34. Permissions - Inherited• Value from a parent Permission level• Value from a parent User Group• Can be overridden by ‘Allowed’ or ‘Denied’
  35. 35. Permissions - Allowed• Action for current permission level and lower levels• Action for current user group and child groups• Can be overridden by ‘Denied’
  36. 36. Permissions - Denied• Action for current Permission level and lower levels• Action for current User Group and child Groups• Can not be overridden at all• Always win!
  37. 37. Permission Hierarchy (levels)• Level 1: Global configuration – default permissions settings for actions for a group
  38. 38. Permission Hierarchy (levels)• Level 1: Global configuration – default permissions settings for actions for a group• Level 2: Component Options – can override the permissions of Level 1
  39. 39. Permission Hierarchy (levels)• Level 1: Global configuration – default permissions settings for actions for a group• Level 2: Component Options – can override the permissions of Level 1• Level 3: Category – can override the permissions of Level 1 & Level 2 – available for components with categories (Articles, Banners, etc...)
  40. 40. Permission Hierarchy (levels)• Level 1: Global configuration – default permissions settings for actions for a group• Level 2: Component Options – can override the permissions of Level 1• Level 3: Category – can override the permissions of Level 1 & Level 2 – available for components with categories (Articles, Banners, etc...)• Level 4: Item – can override the permissions of Level 1 & Level 2 & Level 3 – only available for article manager in Joomla core
  41. 41. Permission Hierarchy (levels)• Level 1: Global configuration – default permissions settings for actions for a group• Level 2: Component Options – can override the permissions of Level 1• Level 3: Category – can override the permissions of Level 1 & Level 2 – available for components with categories (Articles, Banners, etc...)• Level 4: Item – can override the permissions of Level 1 & Level 2 & Level 3 – only available for article manager in Joomla core
  42. 42. Permission Hierarchy (levels)• Level 1: Global configuration – default permissions settings for actions for a group• Level 2: Component Options – can override the permissions of Level 1• Level 3: Category – can override the permissions of Level 1 & Level 2 – available for components with categories (Articles, Banners, etc...)• Level 4: Item – can override the permissions of Level 1 & Level 2 & Level 3 – only available for article manager in Joomla core• Override permissions of higher levels only works if permission setting is not ‘Denied’!
  43. 43. Inheriting example for ‘Create’ Action Level 1 Level 2 Level 3 Level 4• http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new-permissions-in-joomla-16.html
  44. 44. Inheriting example for ‘Create’ Action Level 1 Level 2 Level 3 Level 4• http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new-permissions-in-joomla-16.html
  45. 45. Inheriting example for ‘Create’ Action Level 1 Level 2 Level 3 Level 4• http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new-permissions-in-joomla-16.html
  46. 46. Inheriting example for ‘Create’ Action Level 1 Level 2 Level 3 Level 4• http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new-permissions-in-joomla-16.html
  47. 47. Available Permissions and Levels for a Group of Users
  48. 48. Action: Edit State
  49. 49. ACL Manager for Joomla! 1.6
  50. 50. ACL Manager for Joomla! 1.6
  51. 51. ACL Manager for Joomla! 1.6 www.aclmanager.net
  52. 52. 50% et gm in kort a!dagen ! la l Joom upon! m co o et Jo .n or er vo ag er an ag m an cl .a M w L w AC wPotjer Webdevelopment - www.aclmanager.net
  53. 53. Debug Permissions
  54. 54. Debug Permissions• Turn on the ‘Debug System’ in the Global Configuration• Go to ‘User Manager’ or ‘Groups’• Click on ‘Debug Permission Report’ next to the User or User Group
  55. 55. Debug Permissions• Need to turn ‘Debug System’ on...
  56. 56. So, what about the database?
  57. 57. Database: #__assets
  58. 58. Plan your ACL implementation
  59. 59. Viewing or Action problem• Define the problem, is it a viewing problem or action problem (create/delete/edit/etc..)? Or both?• Viewing: define the Viewing Access Levels• Action: define the permissions for all actions
  60. 60. Describe the problem• Most of the website is public available, specific content only for a group of users (e.g. teachers & students)• A teacher can see content specifically for teachers, all student content and all public content• Students can see content specifically for students and all public content
  61. 61. <workshops> Joomla! ACL in de praktijk pagina 32 - 35 Joomla! ACL L DE EXPERT ange tijd was het één van de meest gewilde nieuwe functionaliteiten in Joomla en in de praktijk sinds de beschikbaarheid van Joomla 1.6 is het er dan eindelijk: uitgebreid toegangs- en rechtenbeheer, ook wel Access Control List (ACL) genoemd. Joomla 1.0 en 1.5 beschikten al over een ACL- systeem, maar dit was nog erg beperkt. De Sander Potjer is gebruikersgroepen, toegangsniveaus en rechten Met de Access Control List voorzitter van Stiching Sympathy en actief konden niet ingesteld worden. In Joomla 1.6, 1.7 en 2.5 kan dit nu wel, waardoor het ACL-systeem maak je snel onderscheid in met JoomlaCommu- nity.eu, de Joomla- weliswaar complexer is geworden, maar er tevens veel nieuwe mogelijkheden zijn ontstaan. het toegangsniveau van gebruikersgroepen en de Joomla!Dagen. Op Voor deze workshop gaan we een ACL- international gebied configuratie opzetten voor een kleine school in een verschillende gebruikers- maakt Sander deel uit Joomla 2.5-installatie, zonder Joomlavoorbeelddata. van het Joomla De school heeft drie klassen met leerlingen en groepen. Zo zet je je ACL op… Leadership Team. Sander is ook de diverse docenten. Een docent kan voor meerdere klassen staan. ontwikkelaar van ACL De school wil graag dat iedere klas een eigen Manager waarmee het klasblog heeft waar de leerlingen uit de klas Joomla ACL-beheer tools | tech | trends Joomla! 2.5 wordt vereenvoudigd. artikelen kunnen toevoegen en alleen de zelf experts Sander Potjer geschreven artikelen kunnen bewerken. Beide via de voorzijde van de website. De artikelen zijn voor iedereen zichtbaar op de website. De docent van een klas moet alle artikelen voor publicatie eerst goedkeuren, kan alle artikelen van de leerlingen in de klas bewerken en eventueel verwijderen, zowel via de voorzijde als het beheergedeelte van de website. In het beheergedeelte mag de docent alleen bij de artikelen van de eigen klas(sen) komen. De docent moet zelf ook artikelen kunnen plaatsen. Als laatste wens is er dat voor de docenten een aparte blog is voor intern gebruik waar de docenten artikelen kunnen plaatsen, een klein intranet dus. Dit mag alleen voor de docenten zichtbaar zijn.
  62. 62. Think ahead! Maintenance?• Structure your content properly to handle the permissions• Make usage of parent categories with nested categories with same permissions• No need to set permissions per article
  63. 63. Some Notes
  64. 64. User in multiple User Groups• The Netherlands – Allowed on edit ‘The Netherlands’ category – Denied on edit ‘Belgium’ category• Belgium – Allowed on edit ‘Belgium’ category – Denied on edit ‘The Netherlands’ category• User in The Netherlands & Belgium group – Denied on edit ‘The Netherlands’ category – Denied on edit ‘Belgium’ category – Denied always win (again) – Solution: don’t use denied but not set/inherited (=soft deny)
  65. 65. What if I locked myself out?
  66. 66. What if I locked myself out?• No need to access your database• Open your configuration.php and add: – public $root_user = username;• You can login again and perform all actions• Great for playing around with the new ACL• Don’t forget to remove the $root_user line!
  67. 67. Practical ACL Tips
  68. 68. ACL Tips• Write down your ACL requirements for a website before implementing• Joomla 1.5 User Groups are for backward compatibility in Joomla 2.5, you may remove them!• Use multi-nested Groups only if needed / know what you are doing (so inheriting value only between levels, not groups as well)
  69. 69. ACL Tips• Assign User Group with backend access to a Viewing Access Level• Keep flexible for lower permission levels/groups: Avoid the ‘Denied’ permission setting as long as possible• Idea: Make a Group for each Action so you can assign actions directly to a user
  70. 70. Quick ACL example
  71. 71. Resources• http://community.joomla.org/blogs/community/1252-16-acl.html• http://docs.joomla.org/ACL_Tutorial_for_Joomla_1.6• http://docs.joomla.org/Access_Control_System_In_Joomla_1.6• http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new- permissions-in-joomla-16.html• http://www.theartofjoomla.com/home/38-talks/101-the-joomla-16-video- access-controls.html• http://www.aclmanager.net• http://www.aclmanager.net/news/general/28-is-your-extension-really- joomla-17-ready• http://www.aclmanager.net/news/general/31-how-to-add-basic-acl-support-to- your-extension

×