Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Joomla ACL introduction, limit site access

2,395 views

Published on

Introduction to the Joomla ACL system. Given at:
- Joomla World Conference 2015, Bangalore, India
- JoomlaDay UK 2016, London, United Kingdom

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Joomla ACL introduction, limit site access

  1. 1. Joomla ACL Sander Potjer - @sanderpotjer www.sanderpotjer.com Joomla World Conference 2015
  2. 2. - Enjoy contributing to Joomla
  3. 3. - Enjoy contributing to Joomla - Joomla Agency: Perfect Web Team
  4. 4. - Enjoy contributing to Joomla - Joomla Agency: Perfect Web Team - Joomla Extension: ACL Manager
  5. 5. Sander Potjer - Enjoy contributing to Joomla - Joomla Agency: Perfect Web Team - Joomla Extension: ACL Manager - sander@sanderpotjer.nl - Slides: sanderpotjer.com
  6. 6. Photo by: Mark Fischer Joomla ACL
  7. 7. ACL?!?! ACL = Access Control List
  8. 8. ACL?!?! ACL = Access Control List 1) Visibility of content
  9. 9. ACL?!?! ACL = Access Control List 1) Visibility of content 2) Actions on objects
  10. 10. Photo by: Chris Smith Overview
  11. 11. user
  12. 12. user permissions
  13. 13. user permissionspermissions Site Login Admin Login Offline Access Super Admin / Configure Access Admin. Interface Create Delete Edit Edit State Edit Own
  14. 14. user permissions group
  15. 15. user permissions access level group
  16. 16. user permissions access level group
  17. 17. user permissions access level group
  18. 18. user permissions access level group
  19. 19. user permissions access level group
  20. 20. user permissions access level group
  21. 21. user permissions access level role
  22. 22. user permissions Site Login Admin Login Offline Access Super Admin / Configure Access Admin. Interface Create Delete Edit Edit State Edit Own access level group
  23. 23. ACL levels Photo by: Ian Sane
  24. 24. Global Configuration permissions Component permissions Category / Module permissions Article permissions
  25. 25. Photo by: Andreas Inheritance
  26. 26. Global Configuration permissions Component permissions Category / Module permissions Article permissions
  27. 27. Global Configuration permissions Component permissions Category / Module permissions Article permissions
  28. 28. Global Configuration permissions Component permissions Category / Module permissions Article permissions not set inherited inherited inherited
  29. 29. Global Configuration permissions Component permissions Category / Module permissions Article permissions allowed inherited inherited inherited
  30. 30. Global Configuration permissions Component permissions Category / Module permissions Article permissions allowed inherited denied locked
  31. 31. Global Configuration permissions Component permissions Category / Module permissions Article permissions not set allowed inherited inherited
  32. 32. Global Configuration permissions Component permissions Category / Module permissions Article permissions not set inherited allowed inherited
  33. 33. Global Configuration permissions Component permissions Category / Module permissions Article permissions denied allowed locked locked
  34. 34. Global Configuration permissions Component permissions Category / Module permissions Article permissions denied allowed locked locked CONFLICT
  35. 35. Photo by: Andreas Inheritance #2
  36. 36. Photo by: Andreas Inheritance #1 + #2
  37. 37. Inheriting example for ‘Create’ Level 1 Level 2 Level 3 Level 4
  38. 38. Inheriting example for ‘Create’ Level 1 Level 2 Level 3 Level 4
  39. 39. Why? Photo by: jon jordan
  40. 40. Why not! Photo by: Peter Reed
  41. 41. Usability Photo by: Rick Dolishny
  42. 42. Don’t make me think Photo by: Alper Çuğun
  43. 43. Users want it!
  44. 44. Users want it!
  45. 45. Photo by: Mark Fischer ACL Demo
  46. 46. Basic ACL implementation Photo by: Daniel Kulinski
  47. 47. Configure To configure the access settings via the 'Options' toolbar button Access Administration Interface To define which group is able to access/manage the component 2 actions required
  48. 48. 4 steps 18 lines of code couple minutes
  49. 49. Add actions 1
  50. 50. File: administrator/components/com_foobar/config.xml
  51. 51. Access check 2
  52. 52. File: administrator/components/com_foobar/foobar.php
  53. 53. ‘Options’ toolbar button 3
  54. 54. File: administrator/components/com_foobar/views/foobars/view.html.php
  55. 55. File: administrator/components/com_foobar/views/foobars/view.html.php
  56. 56. Add language string 4
  57. 57. File: administrator/language/en-GB/en-GB.com_foobar.ini
  58. 58. Done!
  59. 59. Basic ACL support is not optional, it is a requirement for any Joomla extension!
  60. 60. Advanced ACL implementationPhoto by: Patrick Lauke
  61. 61. Database
  62. 62. Rules - JSON encoded {"core.login.site":{"6":1,"2":1}
  63. 63. com_content.article.24 [extension].[section].[object id] Action name format (database)
  64. 64. JTable
  65. 65. Access.xml
  66. 66. File: administrator/components/com_foobar/config.xml
  67. 67. File: administrator/components/com_content/access.xml
  68. 68. File: administrator/components/com_content/access.xml
  69. 69. File: administrator/components/com_content/access.xml
  70. 70. File: administrator/components/com_content/access.xml
  71. 71. File: administrator/components/com_content/access.xml
  72. 72. File: administrator/components/com_content/access.xml Component permissions Category / Module permissions Article permissions
  73. 73. File: administrator/components/com_content/access.xml
  74. 74. Site Login: core.login.site Admin Login: core.login.admin Offline Access: core.login.offline Super Admin / Configure: core.admin Access Administration Interface: core.manager Create: core.create Delete: core.delete Edit: core.edit Edit State: core.edit.state Edit Own: core.edit.own Title vs Name
  75. 75. File: administrator/components/com_content/access.xml
  76. 76. File: administrator/components/com_content/access.xml Component permissions Category / Module permissions Article permissions allowed inherited inherited
  77. 77. Custom Actions
  78. 78. File: administrator/components/com_akeeba/access.xml
  79. 79. File: administrator/components/com_akeeba/access.xml
  80. 80. File: administrator/components/com_akeeba/access.xml
  81. 81. File: administrator/components/com_akeeba/access.xml
  82. 82. File: administrator/components/com_akeeba/access.xml
  83. 83. Action name format (xml) akeeba.backup [name extension].[name action]
  84. 84. Keep it structured
  85. 85. Interface
  86. 86. File: administrator/components/com_foobar/views/foobar/tmpl/edit.php
  87. 87. getActions helper
  88. 88. File: libraries/cms/helper/content.php
  89. 89. File: can be used anywhere
  90. 90. File: can be used anywhere
  91. 91. addToolbar
  92. 92. File: administrator/components/com_foobar/views/foobars/view.html.php
  93. 93. File: administrator/components/com_foobar/views/foobars/view.html.php
  94. 94. Photo by: Chris Smith Overview?????
  95. 95. Action: Edit State • Global configuration – default permissions for each action and group • Component options (permissions) – can override the default permissions for a component • Category – can override the default permissions and component options – applies to components with categories (Articles, Banners, etc...) • Object – can override all permissions above for an object – only applies to articles in Joomla 1.6 core
  96. 96. Many permission screens.... • Global configuration – default permissions for each action and group • Component options (permissions) – can override the default permissions for a component • Category – can override the default permissions and component options – applies to components with categories (Articles, Banners, etc...) • Object – can override all permissions above for an object – only applies to articles in Joomla 1.6 core
  97. 97. Many permission screens.... • Global configuration – default permissions for each action and group • Component options (permissions) – can override the default permissions for a component • Category – can override the default permissions and component options – applies to components with categories (Articles, Banners, etc...) • Object – can override all permissions above for an object – only applies to articles in Joomla 1.6 core
  98. 98. Many permission screens.... • Global configuration – default permissions for each action and group • Component options (permissions) – can override the default permissions for a component • Category – can override the default permissions and component options – applies to components with categories (Articles, Banners, etc...) • Object – can override all permissions above for an object – only applies to articles in Joomla 1.6 core
  99. 99. Many permission screens.... • Global configuration – default permissions for each action and group • Component options (permissions) – can override the default permissions for a component • Category – can override the default permissions and component options – applies to components with categories (Articles, Banners, etc...) • Object – can override all permissions above for an object – only applies to articles in Joomla 1.6 core
  100. 100. Idea?!
  101. 101. Action: Edit State • Global configuration – default permissions for each action and group • Component options (permissions) – can override the default permissions for a component • Category – can override the default permissions and component options – applies to components with categories (Articles, Banners, etc...) • Object – can override all permissions above for an object – only applies to articles in Joomla 1.6 core ACL Manager for Joomla! 1.6
  102. 102. ACL Manager for Joomla! 1.6 • USA group – Allow on edit ‘USA’ category – Deny on edit ‘Europe’ category • Europe group – Allow on edit ‘Europe’ category – Deny on edit ‘USA’ category • User in USA & Europe group – Deny on edit ‘Europe’ category – Deny on edit ‘USA’ category – Deny always win www.aclmanager.net
  103. 103. Resources Photo by: Schub@
  104. 104. Is your extension really Joomla 1.7 ready?
 http://www.aclmanager.net/news/general/28-is-your-extension-really-joomla-17-ready How to add basic ACL support to your extension http://www.aclmanager.net/news/general/31-how-to-add-basic-acl-support-to-your- extension 
 Developing a MVC Component/Adding ACL http://docs.joomla.org/J2.5:Developing_a_MVC_Component/Adding_ACL 
 Adding ACL rules to your component http://docs.joomla.org/Adding_ACL_rules_to_your_component Access Control List Tutorial http://docs.joomla.org/J2.5:Access_Control_List_Tutorial Support for ACL permissions per module in com_modules https://github.com/joomla/joomla-cms/pull/1930/files JHelperContent::getActions() improvements
 https://github.com/joomla/joomla-cms/pull/2728 This presentation http://slideshare.net/sanderpotjer/

×