Joomla ACL introduction, limit site access

1. Joomla ACL Sander Potjer - @sanderpotjer www.sanderpotjer.com Joomla World Conference 2015

2. - Enjoy contributing to Joomla

3. - Enjoy contributing to Joomla - Joomla Agency: Perfect Web Team

4. - Enjoy contributing to Joomla - Joomla Agency: Perfect Web Team - Joomla Extension: ACL Manager

5. Sander Potjer - Enjoy contributing to Joomla - Joomla Agency: Perfect Web Team - Joomla Extension: ACL Manager - sander@sanderpotjer.nl - Slides: sanderpotjer.com

6. Photo by: Mark Fischer Joomla ACL

7. ACL?!?! ACL = Access Control List

8. ACL?!?! ACL = Access Control List 1) Visibility of content

9. ACL?!?! ACL = Access Control List 1) Visibility of content 2) Actions on objects

10. Photo by: Chris Smith Overview

11. user

12. user permissions

13. user permissionspermissions Site Login Admin Login Offline Access Super Admin / Configure Access Admin. Interface Create Delete Edit Edit State Edit Own

14. user permissions group

15. user permissions access level group

21. user permissions access level role

22. user permissions Site Login Admin Login Offline Access Super Admin / Configure Access Admin. Interface Create Delete Edit Edit State Edit Own access level group

23. ACL levels Photo by: Ian Sane

24. Global Configuration permissions Component permissions Category / Module permissions Article permissions

25. Photo by: Andreas Inheritance

28. Global Configuration permissions Component permissions Category / Module permissions Article permissions not set inherited inherited inherited

29. Global Configuration permissions Component permissions Category / Module permissions Article permissions allowed inherited inherited inherited

30. Global Configuration permissions Component permissions Category / Module permissions Article permissions allowed inherited denied locked

31. Global Configuration permissions Component permissions Category / Module permissions Article permissions not set allowed inherited inherited

32. Global Configuration permissions Component permissions Category / Module permissions Article permissions not set inherited allowed inherited

33. Global Configuration permissions Component permissions Category / Module permissions Article permissions denied allowed locked locked

34. Global Configuration permissions Component permissions Category / Module permissions Article permissions denied allowed locked locked CONFLICT

35. Photo by: Andreas Inheritance #2

36. Photo by: Andreas Inheritance #1 + #2

37. Inheriting example for ‘Create’ Level 1 Level 2 Level 3 Level 4

38. Inheriting example for ‘Create’ Level 1 Level 2 Level 3 Level 4

39. Why? Photo by: jon jordan

40. Why not! Photo by: Peter Reed

41. Usability Photo by: Rick Dolishny

42. Don’t make me think Photo by: Alper Çuğun

43. Users want it!

44. Users want it!

45. Photo by: Mark Fischer ACL Demo

46. Basic ACL implementation Photo by: Daniel Kulinski

47. Configure To configure the access settings via the 'Options' toolbar button Access Administration Interface To define which group is able to access/manage the component 2 actions required

48. 4 steps 18 lines of code couple minutes

49. Add actions 1

50. File: administrator/components/com_foobar/config.xml

51. Access check 2

52. File: administrator/components/com_foobar/foobar.php

53. ‘Options’ toolbar button 3

54. File: administrator/components/com_foobar/views/foobars/view.html.php

56. Add language string 4

57. File: administrator/language/en-GB/en-GB.com_foobar.ini

58. Done!

59. Basic ACL support is not optional, it is a requirement for any Joomla extension!

60. Advanced ACL implementationPhoto by: Patrick Lauke

61. Database

62. Rules - JSON encoded {"core.login.site":{"6":1,"2":1}

63. com_content.article.24 [extension].[section].[object id] Action name format (database)

64. JTable

65. Access.xml

66. File: administrator/components/com_foobar/config.xml

67. File: administrator/components/com_content/access.xml

72. File: administrator/components/com_content/access.xml Component permissions Category / Module permissions Article permissions

74. Site Login: core.login.site Admin Login: core.login.admin Offline Access: core.login.offline Super Admin / Configure: core.admin Access Administration Interface: core.manager Create: core.create Delete: core.delete Edit: core.edit Edit State: core.edit.state Edit Own: core.edit.own Title vs Name

76. File: administrator/components/com_content/access.xml Component permissions Category / Module permissions Article permissions allowed inherited inherited

77. Custom Actions

78. File: administrator/components/com_akeeba/access.xml

83. Action name format (xml) akeeba.backup [name extension].[name action]

84. Keep it structured

85. Interface

86. File: administrator/components/com_foobar/views/foobar/tmpl/edit.php

87. getActions helper

88. File: libraries/cms/helper/content.php

89. File: can be used anywhere

90. File: can be used anywhere

91. addToolbar

94. Photo by: Chris Smith Overview?????

95. Action: Edit State • Global configuration – default permissions for each action and group • Component options (permissions) – can override the default permissions for a component • Category – can override the default permissions and component options – applies to components with categories (Articles, Banners, etc...) • Object – can override all permissions above for an object – only applies to articles in Joomla 1.6 core

96. Many permission screens.... • Global configuration – default permissions for each action and group • Component options (permissions) – can override the default permissions for a component • Category – can override the default permissions and component options – applies to components with categories (Articles, Banners, etc...) • Object – can override all permissions above for an object – only applies to articles in Joomla 1.6 core

100. Idea?!

101. Action: Edit State • Global configuration – default permissions for each action and group • Component options (permissions) – can override the default permissions for a component • Category – can override the default permissions and component options – applies to components with categories (Articles, Banners, etc...) • Object – can override all permissions above for an object – only applies to articles in Joomla 1.6 core ACL Manager for Joomla! 1.6

102. ACL Manager for Joomla! 1.6 • USA group – Allow on edit ‘USA’ category – Deny on edit ‘Europe’ category • Europe group – Allow on edit ‘Europe’ category – Deny on edit ‘USA’ category • User in USA & Europe group – Deny on edit ‘Europe’ category – Deny on edit ‘USA’ category – Deny always win www.aclmanager.net

103. Resources Photo by: Schub@

104. Is your extension really Joomla 1.7 ready?  http://www.aclmanager.net/news/general/28-is-your-extension-really-joomla-17-ready How to add basic ACL support to your extension http://www.aclmanager.net/news/general/31-how-to-add-basic-acl-support-to-your- extension   Developing a MVC Component/Adding ACL http://docs.joomla.org/J2.5:Developing_a_MVC_Component/Adding_ACL   Adding ACL rules to your component http://docs.joomla.org/Adding_ACL_rules_to_your_component Access Control List Tutorial http://docs.joomla.org/J2.5:Access_Control_List_Tutorial Support for ACL permissions per module in com_modules https://github.com/joomla/joomla-cms/pull/1930/files JHelperContent::getActions() improvements  https://github.com/joomla/joomla-cms/pull/2728 This presentation http://slideshare.net/sanderpotjer/