SlideShare a Scribd company logo

Cutting corners from a wheel -

K
kauselot

The document discusses Forkito ACL, an access control list system that aims to simplify and improve upon Joomla's ACL implementation. It covers Forkito ACL's goals of being easy to use and reusable across projects. It summarizes the Joomla fork flavor, Molajo flavor, and planned Nooku flavor. It also describes Forkito ACL's simplified user interface, operational logic, and API for developers to integrate authorization checks.

Technology
1 of 43
Download to read offline
CUTTING CORNERS FROM A WHEEL // Forkito ACL // FORKITO
FINAL GOAL Easy to use and understand ACL system Reusable ACL library compatible with most widespread Joomla based projects FORKITO
FORKITO ACL FLAVORS Ţ Joomla fork flavor (working - oh yeah) Ţ Molajo flavor (in progress) Ţ Nooku flavor (planned) FORKITO
JOOMLA FORK FLAVOR FORKITO
JOOMLA FORK FLAVOR Did he really say that? FORKITO
JOOMLA FORK FLAVOR Starting point for the whole project. Used as proof of concept FORKITO
Joomla fork form == contains changes to 70+ files due to poor Joomla ACL implementation in application layer Joomla - ACL hardcoded everywhere revision 7 FORKITO
COVERED PARTS New forkito ACL library Joomla library methods are changed to proxies to a new library methods Includes internal methods that take care of backwards compatibility with old Joomla ACL FORKITO
COVERED PARTS Web application framework layer Ţ categories Ţ menus, Ţ modules, Ţ plugins Mainly changes to multiple items queries FORKITO
COVERED PARTS Application Ţ Backend components: com_categories, com_menus, com_modules, com_plugins Ţ Content components: com_content (back and frontend) Ţ Pagenavigation plugin- Contains changes to 37 php and 15 xml files, most extensive changes to com_users and com_content FORKITO
WHERE I CAN GET IT git clone git://git.forkito.org/forkito FORKITO
MOLAJO FLAVOR FORKITO
Completely new classes Where most development goes at the moment The most important part FORKITO
Molajo ? - web application layer will be completely redone together with components - layer includes hooks for ACL plugins Just few library overrides (JUser, JCategories, JMenu … ) Joomla compatibility methods removed – extension either uses Joomla or Forkito ACL FORKITO
Molajo ? - web application layer will be completely redone together with components - layer includes hooks for ACL plugins Just few library overrides (JUser, JCategories, JMenu … ) Joomla compatibility methods removed – extension either uses Joomla or Forkito ACL yes, it can be done FORKITO
NOOKU FLAVOR FORKITO
Will come after Molajo flavour it is expected that only minor changes will be needed in Forkito ACl for it to work with Nooku framework. Forkito will represent an addon library here FORKITO
Unified ACL // Forkito to Joomla ACL comparision// FORKITO
REMOVED VIEW ACCESS LEVELS AND ADDED VIEW TO ACTIONS 50% less users effort needed, 50% less complicated. View == action No need for a separate ACL system for managing view permissions. onfusing for the user and inefficient from the system point of view. FORKITO
RADICALLY IMPROVED AND SIMPLIFIED USER INTERFACE Ţ Simple matryx of groups and actions Ţ One-click permission changes Ţ Instantly visible changes in inherited values FORKITO
SIMPLIFIED OPERATIONAL LOGIC Lower level always wins Global >Component>(Category)>(Item) Anything set on the lower level beats what was set on the higher one (denied or allowed) Assigned permission beats inherited Users are auto assigned to parent groups, so anything that is set in parents will affect user's permissions, but only if it is not set explicitly in assigned groups. FORKITO
SIMPLIFIED OPERATIONAL LOGIC If one group gives you access you are in (key analogy) If you have a key that opens certain doors, it doesn't matter if another key doesn't work, you still can get in. When user is allowed to do something trough his membership in one of the assigned groups, all others are irrelevant. FORKITO
DRY-ED AND RE-ARCHITECTURED No code repetition A single method for a single purpose. Classes reusing other classes methods and not replicating them. Very low amount of code, will cut off even more in the future. FORKITO
JSON ENCODED RULES REPLACED WITH PERMISSIONS TABLE JSON encoded string of permissions, stored in simgle database field was one of the most horrible ideas ever seen in Joomla This kind of code crimes should be punishable with at least 100 hits with a stick. FORKITO
WHY ? FORKITO
It totally disables any database relations, conditional searches etc. with enormous impact on performance. FORKITO
To retrieve a list of items user has a permission to view (or edit or do any action) code would need to query for ALL items, unpack json string item by item and check permissions each item separately. Now imagine you have 100.000 or even 1 million items to inspect one by one and try to imagine how long that would take and e.g. how much memory it would consume. Get the picture? FORKITO
Having JSON in a database == a performance problem => you need more efficient system for managing thousands of users trying to view pages => you "solve" the problem by inventing another ACL system called access levels FORKITO
ALWAYS PRESENT BASIC SYSTEM GROUPS Groups that cannot be removed or their role changed While this might seem like a backwards step, this groups are really corner stones that CMS ACL cannot work without. Equivalent to unix wheel and anonymous groups roles. Having groups system can always rely on -> RELIABILITY, better performance and better security // including root configuration hack that is not need anymore // FORKITO
ALWAYS PRESENT BASIC SYSTEM GROUPS Everyone - Not-authenticated - anonymous visitors - Authenticated – anyone that is logged in -- Admins – replacing global core.admin permission (equivalent to unix wheel group) FORKITO
Simple API // Hod do I implement it // FORKITO
API GOAL Create minimal number of humanly understandable (self explaining) classes and method names. FORKITO
CHECK AUTHORIZATION - MACCESS CLASS Check single item's authorization : isUserAuthorizedTo + shortcut: isUserAuthorisedToView FORKITO
CHECK AUTHORIZATION - MACCESS CLASS Check multiple items authorization (by automatically inserting filtering sql in multiple items queries): insertFilterQuery FORKITO
MULTIPLE ITEMS AUTHORIZATION EXAMPLE JPluginHelper::_load() Joomla $levels = implode(',', $user->getAuthorisedViewLevels()); ... $query->select('folder AS type, element AS name, params') ->from('#__extensions') ->where('enabled >= 1') ->where('type ='.$db->Quote('plugin')) ->where('state >= 0') ->where('access IN ('.$levels.')') ->order('ordering'); FORKITO
MULTIPLE ITEMS AUTHORIZATION EXAMPLE Forkito ACL $query->select('e.folder AS type, e.element AS name, e.params, e.extension_id, e.asset_id') ->from('#__extensions AS e') ->where('enabled >= 1') ->where('type ='.$db->Quote('plugin')) ->where('state >= 0') ->order('ordering'); jimport('molajo.access.access'); MAccess::insertFilterQuery($db, $query, 'e.asset_id', 'core.view'); FORKITO
MULTIPLE ITEMS AUTHORIZATION EXAMPLE The same function is used in categories helper, modules helper, com_content articles model – anywhere where list of items needs to be filtered FORKITO
USER INTERFACE Insert acl widget HTML: MHtmlPermissions::aclWidget Get ready-made acl widget in shape of Joomla form field: MFormFieldAclwidget Very simple to include ACL widget in your component layout FORKITO
Future // Short term // FORKITO
Testing, testing. Bugfixing. Testing. Bugfixing. Bugfixing. Testing. Testing. Bugfixing. Testing, testing. Bugfixing. Testing. Bugfixing. Bugfixing. Testing. Testing. Bugfixing. Testing, testing. Bugfixing. Testing. Bugfixing. Bugfixing. Testing. Testing. Bugfixing. Testing, testing. Bugfixing. Testing. Bugfixing. Bugfixing. Testing. Testing. Bugfixing. Testing, testing. Bugfixing. Testing. Bugfixing. Bugfixing. Testing. Testing. Bugfixing. Testing, testing. Bugfixing. Testing. Bugfixing. Bugfixing. Testing. Testing. Bugfixing. FORKITO
USER INTERFACE IMPROVEMENT Inheritance breadcrumbs - show what this level is inheriting from FORKITO
Future // Long term // FORKITO
MORE ROUNDS OF SIMPLIFICATION Simple mode - flatten inheritance , keep only default and category (or item) permissions FORKITO

Recommended

Applet
Applet Applet
Applet
swapnac12
 
Awt, Swing, Layout managers
Awt, Swing, Layout managersAwt, Swing, Layout managers
Awt, Swing, Layout managers
swapnac12
 
IPaste SDK v.1.0
IPaste SDK v.1.0IPaste SDK v.1.0
IPaste SDK v.1.0
xrebyc
 
Design pattern in Symfony2 - Nanos gigantium humeris insidentes
Design pattern in Symfony2 - Nanos gigantium humeris insidentesDesign pattern in Symfony2 - Nanos gigantium humeris insidentes
Design pattern in Symfony2 - Nanos gigantium humeris insidentes
Giulio De Donato
 
Using Contexts & Dependency Injection in the Java EE 6 Platform
Using Contexts & Dependency Injection in the Java EE 6 PlatformUsing Contexts & Dependency Injection in the Java EE 6 Platform
Using Contexts & Dependency Injection in the Java EE 6 Platform
Arun Gupta
 
Utilize the Full Power of GlassFish Server and Java EE Security
Utilize the Full Power of GlassFish Server and Java EE SecurityUtilize the Full Power of GlassFish Server and Java EE Security
Utilize the Full Power of GlassFish Server and Java EE Security
Masoud Kalali
 
Disney World 2010v2
Disney World 2010v2Disney World 2010v2
Disney World 2010v2
ChristinaCo
 
Regents Pattaya The Student Guild
Regents Pattaya The Student GuildRegents Pattaya The Student Guild
Regents Pattaya The Student Guild
jhortop
 

Recommended

Applet
Applet Applet
Applet
swapnac12
 
Awt, Swing, Layout managers
Awt, Swing, Layout managersAwt, Swing, Layout managers
Awt, Swing, Layout managers
swapnac12
 
IPaste SDK v.1.0
IPaste SDK v.1.0IPaste SDK v.1.0
IPaste SDK v.1.0
xrebyc
 
Design pattern in Symfony2 - Nanos gigantium humeris insidentes
Design pattern in Symfony2 - Nanos gigantium humeris insidentesDesign pattern in Symfony2 - Nanos gigantium humeris insidentes
Design pattern in Symfony2 - Nanos gigantium humeris insidentes
Giulio De Donato
 
Using Contexts & Dependency Injection in the Java EE 6 Platform
Using Contexts & Dependency Injection in the Java EE 6 PlatformUsing Contexts & Dependency Injection in the Java EE 6 Platform
Using Contexts & Dependency Injection in the Java EE 6 Platform
Arun Gupta
 
Utilize the Full Power of GlassFish Server and Java EE Security
Utilize the Full Power of GlassFish Server and Java EE SecurityUtilize the Full Power of GlassFish Server and Java EE Security
Utilize the Full Power of GlassFish Server and Java EE Security
Masoud Kalali
 
Disney World 2010v2
Disney World 2010v2Disney World 2010v2
Disney World 2010v2
ChristinaCo
 
Regents Pattaya The Student Guild
Regents Pattaya The Student GuildRegents Pattaya The Student Guild
Regents Pattaya The Student Guild
jhortop
 
Molajo - Joomla based distributions
Molajo - Joomla based distributionsMolajo - Joomla based distributions
Molajo - Joomla based distributions
kauselot
 
Regents Bangkok
Regents BangkokRegents Bangkok
Regents Bangkok
jhortop
 
Turbocharging your extension // Joomla //
Turbocharging your extension // Joomla //Turbocharging your extension // Joomla //
Turbocharging your extension // Joomla //kauselot
 
Kis Sc
Kis ScKis Sc
Kis Sc
jhortop
 
Disney World 2010v4
Disney World 2010v4Disney World 2010v4
Disney World 2010v4ChristinaCo
 
Disney World 2010v3
Disney World 2010v3Disney World 2010v3
Disney World 2010v3ChristinaCo
 
Joomla 1.6. caching implemented #jab11
Joomla 1.6. caching implemented #jab11Joomla 1.6. caching implemented #jab11
Joomla 1.6. caching implemented #jab11
kauselot
 
Enrich your extensions with Joomla! ACL support
Enrich your extensions with Joomla! ACL supportEnrich your extensions with Joomla! ACL support
Enrich your extensions with Joomla! ACL support
Sander Potjer
 
Justin Herrin Comparing Joomla CCKs from jd12ne
Justin Herrin Comparing Joomla CCKs from jd12neJustin Herrin Comparing Joomla CCKs from jd12ne
Justin Herrin Comparing Joomla CCKs from jd12ne
Justin Herrin
 
Using spl tools in your code
Using spl tools in your codeUsing spl tools in your code
Using spl tools in your code
Elizabeth Smith
 
What is the Joomla Framework and why do we need it?
What is the Joomla Framework and why do we need it?What is the Joomla Framework and why do we need it?
What is the Joomla Framework and why do we need it?
Rouven Weßling
 
Dolibarr module development
Dolibarr module developmentDolibarr module development
Dolibarr module development
Rajib Hossain Pavel
 
David Rey Lessons Learned Updating Content Licensing To Be Plone 3 Compat...
David Rey Lessons Learned Updating Content Licensing To Be Plone 3 Compat...David Rey Lessons Learned Updating Content Licensing To Be Plone 3 Compat...
David Rey Lessons Learned Updating Content Licensing To Be Plone 3 Compat...
Vincenzo Barone
 
AtoZ about TYPO3 v8 CMS
AtoZ about TYPO3 v8 CMSAtoZ about TYPO3 v8 CMS
AtoZ about TYPO3 v8 CMS
NITSAN Technologies Pvt Ltd
 
jQuery Tips Tricks Trivia
jQuery Tips Tricks TriviajQuery Tips Tricks Trivia
jQuery Tips Tricks Trivia
Cognizant
 
Railo Presentation Railo 3.1
Railo Presentation Railo 3.1Railo Presentation Railo 3.1
Railo Presentation Railo 3.1Rhinofly
 
Introduction to building joomla! components using FOF
Introduction to building joomla! components using FOFIntroduction to building joomla! components using FOF
Introduction to building joomla! components using FOFTim Plummer
 
Alfresco monitoring with Nagios and ELK stack
Alfresco monitoring with Nagios and ELK stackAlfresco monitoring with Nagios and ELK stack
Alfresco monitoring with Nagios and ELK stack
Cesar Capillas
 
Mageguru - magento custom module development
Mageguru - magento custom module development Mageguru - magento custom module development
Mageguru - magento custom module development
Mage Guru
 
Understanding Framework Architecture using Eclipse
Understanding Framework Architecture using EclipseUnderstanding Framework Architecture using Eclipse
Understanding Framework Architecture using Eclipse
anshunjain
 
Developing Joomla Extensions JUG Bangladesh meetup dhaka-2012
Developing Joomla Extensions JUG Bangladesh meetup dhaka-2012Developing Joomla Extensions JUG Bangladesh meetup dhaka-2012
Developing Joomla Extensions JUG Bangladesh meetup dhaka-2012
Sabuj Kundu
 
KAAccessControl
KAAccessControlKAAccessControl
KAAccessControlWO Community
 

More Related Content

Viewers also liked

Molajo - Joomla based distributions
Molajo - Joomla based distributionsMolajo - Joomla based distributions
Molajo - Joomla based distributions
kauselot
 
Regents Bangkok
Regents BangkokRegents Bangkok
Regents Bangkok
jhortop
 
Turbocharging your extension // Joomla //
Turbocharging your extension // Joomla //Turbocharging your extension // Joomla //
Turbocharging your extension // Joomla //kauselot
 
Kis Sc
Kis ScKis Sc
Kis Sc
jhortop
 
Disney World 2010v4
Disney World 2010v4Disney World 2010v4
Disney World 2010v4ChristinaCo
 
Disney World 2010v3
Disney World 2010v3Disney World 2010v3
Disney World 2010v3ChristinaCo
 
Joomla 1.6. caching implemented #jab11
Joomla 1.6. caching implemented #jab11Joomla 1.6. caching implemented #jab11
Joomla 1.6. caching implemented #jab11
kauselot
 

Viewers also liked (7)

Molajo - Joomla based distributions
Molajo - Joomla based distributionsMolajo - Joomla based distributions
Molajo - Joomla based distributions
 
Regents Bangkok
Regents BangkokRegents Bangkok
Regents Bangkok
 
Turbocharging your extension // Joomla //
Turbocharging your extension // Joomla //Turbocharging your extension // Joomla //
Turbocharging your extension // Joomla //
 
Kis Sc
Kis ScKis Sc
Kis Sc
 
Disney World 2010v4
Disney World 2010v4Disney World 2010v4
Disney World 2010v4
 
Disney World 2010v3
Disney World 2010v3Disney World 2010v3
Disney World 2010v3
 
Joomla 1.6. caching implemented #jab11
Joomla 1.6. caching implemented #jab11Joomla 1.6. caching implemented #jab11
Joomla 1.6. caching implemented #jab11
 

Similar to Cutting corners from a wheel -

Enrich your extensions with Joomla! ACL support
Enrich your extensions with Joomla! ACL supportEnrich your extensions with Joomla! ACL support
Enrich your extensions with Joomla! ACL support
Sander Potjer
 
Justin Herrin Comparing Joomla CCKs from jd12ne
Justin Herrin Comparing Joomla CCKs from jd12neJustin Herrin Comparing Joomla CCKs from jd12ne
Justin Herrin Comparing Joomla CCKs from jd12ne
Justin Herrin
 
Using spl tools in your code
Using spl tools in your codeUsing spl tools in your code
Using spl tools in your code
Elizabeth Smith
 
What is the Joomla Framework and why do we need it?
What is the Joomla Framework and why do we need it?What is the Joomla Framework and why do we need it?
What is the Joomla Framework and why do we need it?
Rouven Weßling
 
Dolibarr module development
Dolibarr module developmentDolibarr module development
Dolibarr module development
Rajib Hossain Pavel
 
David Rey Lessons Learned Updating Content Licensing To Be Plone 3 Compat...
David Rey Lessons Learned Updating Content Licensing To Be Plone 3 Compat...David Rey Lessons Learned Updating Content Licensing To Be Plone 3 Compat...
David Rey Lessons Learned Updating Content Licensing To Be Plone 3 Compat...
Vincenzo Barone
 
AtoZ about TYPO3 v8 CMS
AtoZ about TYPO3 v8 CMSAtoZ about TYPO3 v8 CMS
AtoZ about TYPO3 v8 CMS
NITSAN Technologies Pvt Ltd
 
jQuery Tips Tricks Trivia
jQuery Tips Tricks TriviajQuery Tips Tricks Trivia
jQuery Tips Tricks Trivia
Cognizant
 
Railo Presentation Railo 3.1
Railo Presentation Railo 3.1Railo Presentation Railo 3.1
Railo Presentation Railo 3.1Rhinofly
 
Introduction to building joomla! components using FOF
Introduction to building joomla! components using FOFIntroduction to building joomla! components using FOF
Introduction to building joomla! components using FOFTim Plummer
 
Alfresco monitoring with Nagios and ELK stack
Alfresco monitoring with Nagios and ELK stackAlfresco monitoring with Nagios and ELK stack
Alfresco monitoring with Nagios and ELK stack
Cesar Capillas
 
Mageguru - magento custom module development
Mageguru - magento custom module development Mageguru - magento custom module development
Mageguru - magento custom module development
Mage Guru
 
Understanding Framework Architecture using Eclipse
Understanding Framework Architecture using EclipseUnderstanding Framework Architecture using Eclipse
Understanding Framework Architecture using Eclipse
anshunjain
 
Developing Joomla Extensions JUG Bangladesh meetup dhaka-2012
Developing Joomla Extensions JUG Bangladesh meetup dhaka-2012Developing Joomla Extensions JUG Bangladesh meetup dhaka-2012
Developing Joomla Extensions JUG Bangladesh meetup dhaka-2012
Sabuj Kundu
 
LOGBack and SLF4J
LOGBack and SLF4JLOGBack and SLF4J
LOGBack and SLF4J
jkumaranc
 
LOGBack and SLF4J
LOGBack and SLF4JLOGBack and SLF4J
LOGBack and SLF4J
jkumaranc
 
LOGBack and SLF4J
LOGBack and SLF4JLOGBack and SLF4J
LOGBack and SLF4Jjkumaranc
 
LOGBack and SLF4J
LOGBack and SLF4JLOGBack and SLF4J
LOGBack and SLF4Jjkumaranc
 
Improved Joomla! 3.6 Updates
Improved Joomla! 3.6 UpdatesImproved Joomla! 3.6 Updates
Improved Joomla! 3.6 Updates
SynapseIndia
 

Similar to Cutting corners from a wheel - (20)

Enrich your extensions with Joomla! ACL support
Enrich your extensions with Joomla! ACL supportEnrich your extensions with Joomla! ACL support
Enrich your extensions with Joomla! ACL support
 
Justin Herrin Comparing Joomla CCKs from jd12ne
Justin Herrin Comparing Joomla CCKs from jd12neJustin Herrin Comparing Joomla CCKs from jd12ne
Justin Herrin Comparing Joomla CCKs from jd12ne
 
Using spl tools in your code
Using spl tools in your codeUsing spl tools in your code
Using spl tools in your code
 
What is the Joomla Framework and why do we need it?
What is the Joomla Framework and why do we need it?What is the Joomla Framework and why do we need it?
What is the Joomla Framework and why do we need it?
 
Dolibarr module development
Dolibarr module developmentDolibarr module development
Dolibarr module development
 
David Rey Lessons Learned Updating Content Licensing To Be Plone 3 Compat...
David Rey Lessons Learned Updating Content Licensing To Be Plone 3 Compat...David Rey Lessons Learned Updating Content Licensing To Be Plone 3 Compat...
David Rey Lessons Learned Updating Content Licensing To Be Plone 3 Compat...
 
AtoZ about TYPO3 v8 CMS
AtoZ about TYPO3 v8 CMSAtoZ about TYPO3 v8 CMS
AtoZ about TYPO3 v8 CMS
 
jQuery Tips Tricks Trivia
jQuery Tips Tricks TriviajQuery Tips Tricks Trivia
jQuery Tips Tricks Trivia
 
Railo Presentation Railo 3.1
Railo Presentation Railo 3.1Railo Presentation Railo 3.1
Railo Presentation Railo 3.1
 
Introduction to building joomla! components using FOF
Introduction to building joomla! components using FOFIntroduction to building joomla! components using FOF
Introduction to building joomla! components using FOF
 
Alfresco monitoring with Nagios and ELK stack
Alfresco monitoring with Nagios and ELK stackAlfresco monitoring with Nagios and ELK stack
Alfresco monitoring with Nagios and ELK stack
 
Mageguru - magento custom module development
Mageguru - magento custom module development Mageguru - magento custom module development
Mageguru - magento custom module development
 
Understanding Framework Architecture using Eclipse
Understanding Framework Architecture using EclipseUnderstanding Framework Architecture using Eclipse
Understanding Framework Architecture using Eclipse
 
Developing Joomla Extensions JUG Bangladesh meetup dhaka-2012
Developing Joomla Extensions JUG Bangladesh meetup dhaka-2012Developing Joomla Extensions JUG Bangladesh meetup dhaka-2012
Developing Joomla Extensions JUG Bangladesh meetup dhaka-2012
 
KAAccessControl
KAAccessControlKAAccessControl
KAAccessControl
 
LOGBack and SLF4J
LOGBack and SLF4JLOGBack and SLF4J
LOGBack and SLF4J
 
LOGBack and SLF4J
LOGBack and SLF4JLOGBack and SLF4J
LOGBack and SLF4J
 
LOGBack and SLF4J
LOGBack and SLF4JLOGBack and SLF4J
LOGBack and SLF4J
 
LOGBack and SLF4J
LOGBack and SLF4JLOGBack and SLF4J
LOGBack and SLF4J
 
Improved Joomla! 3.6 Updates
Improved Joomla! 3.6 UpdatesImproved Joomla! 3.6 Updates
Improved Joomla! 3.6 Updates
 

Recently uploaded

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
Bhaskar Mitra
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
Abida Shariff
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
Fwdays
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 

Recently uploaded (20)

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 

Cutting corners from a wheel -

  • 1. CUTTING CORNERS FROM A WHEEL // Forkito ACL // FORKITO
  • 2. FINAL GOAL Easy to use and understand ACL system Reusable ACL library compatible with most widespread Joomla based projects FORKITO
  • 3. FORKITO ACL FLAVORS Ţ Joomla fork flavor (working - oh yeah) Ţ Molajo flavor (in progress) Ţ Nooku flavor (planned) FORKITO
  • 5. JOOMLA FORK FLAVOR Did he really say that? FORKITO
  • 6. JOOMLA FORK FLAVOR Starting point for the whole project. Used as proof of concept FORKITO
  • 7. Joomla fork form == contains changes to 70+ files due to poor Joomla ACL implementation in application layer Joomla - ACL hardcoded everywhere revision 7 FORKITO
  • 8. COVERED PARTS New forkito ACL library Joomla library methods are changed to proxies to a new library methods Includes internal methods that take care of backwards compatibility with old Joomla ACL FORKITO
  • 9. COVERED PARTS Web application framework layer Ţ categories Ţ menus, Ţ modules, Ţ plugins Mainly changes to multiple items queries FORKITO
  • 10. COVERED PARTS Application Ţ Backend components: com_categories, com_menus, com_modules, com_plugins Ţ Content components: com_content (back and frontend) Ţ Pagenavigation plugin- Contains changes to 37 php and 15 xml files, most extensive changes to com_users and com_content FORKITO
  • 11. WHERE I CAN GET IT git clone git://git.forkito.org/forkito FORKITO
  • 12. MOLAJO FLAVOR FORKITO
  • 13. Completely new classes Where most development goes at the moment The most important part FORKITO
  • 14. Molajo ? - web application layer will be completely redone together with components - layer includes hooks for ACL plugins Just few library overrides (JUser, JCategories, JMenu … ) Joomla compatibility methods removed – extension either uses Joomla or Forkito ACL FORKITO
  • 15. Molajo ? - web application layer will be completely redone together with components - layer includes hooks for ACL plugins Just few library overrides (JUser, JCategories, JMenu … ) Joomla compatibility methods removed – extension either uses Joomla or Forkito ACL yes, it can be done FORKITO
  • 16. NOOKU FLAVOR FORKITO
  • 17. Will come after Molajo flavour it is expected that only minor changes will be needed in Forkito ACl for it to work with Nooku framework. Forkito will represent an addon library here FORKITO
  • 18. Unified ACL // Forkito to Joomla ACL comparision// FORKITO
  • 19. REMOVED VIEW ACCESS LEVELS AND ADDED VIEW TO ACTIONS 50% less users effort needed, 50% less complicated. View == action No need for a separate ACL system for managing view permissions. onfusing for the user and inefficient from the system point of view. FORKITO
  • 20. RADICALLY IMPROVED AND SIMPLIFIED USER INTERFACE Ţ Simple matryx of groups and actions Ţ One-click permission changes Ţ Instantly visible changes in inherited values FORKITO
  • 21. SIMPLIFIED OPERATIONAL LOGIC Lower level always wins Global >Component>(Category)>(Item) Anything set on the lower level beats what was set on the higher one (denied or allowed) Assigned permission beats inherited Users are auto assigned to parent groups, so anything that is set in parents will affect user's permissions, but only if it is not set explicitly in assigned groups. FORKITO
  • 22. SIMPLIFIED OPERATIONAL LOGIC If one group gives you access you are in (key analogy) If you have a key that opens certain doors, it doesn't matter if another key doesn't work, you still can get in. When user is allowed to do something trough his membership in one of the assigned groups, all others are irrelevant. FORKITO
  • 23. DRY-ED AND RE-ARCHITECTURED No code repetition A single method for a single purpose. Classes reusing other classes methods and not replicating them. Very low amount of code, will cut off even more in the future. FORKITO
  • 24. JSON ENCODED RULES REPLACED WITH PERMISSIONS TABLE JSON encoded string of permissions, stored in simgle database field was one of the most horrible ideas ever seen in Joomla This kind of code crimes should be punishable with at least 100 hits with a stick. FORKITO
  • 25. WHY ? FORKITO
  • 26. It totally disables any database relations, conditional searches etc. with enormous impact on performance. FORKITO
  • 27. To retrieve a list of items user has a permission to view (or edit or do any action) code would need to query for ALL items, unpack json string item by item and check permissions each item separately. Now imagine you have 100.000 or even 1 million items to inspect one by one and try to imagine how long that would take and e.g. how much memory it would consume. Get the picture? FORKITO
  • 28. Having JSON in a database == a performance problem => you need more efficient system for managing thousands of users trying to view pages => you "solve" the problem by inventing another ACL system called access levels FORKITO
  • 29. ALWAYS PRESENT BASIC SYSTEM GROUPS Groups that cannot be removed or their role changed While this might seem like a backwards step, this groups are really corner stones that CMS ACL cannot work without. Equivalent to unix wheel and anonymous groups roles. Having groups system can always rely on -> RELIABILITY, better performance and better security // including root configuration hack that is not need anymore // FORKITO
  • 30. ALWAYS PRESENT BASIC SYSTEM GROUPS Everyone - Not-authenticated - anonymous visitors - Authenticated – anyone that is logged in -- Admins – replacing global core.admin permission (equivalent to unix wheel group) FORKITO
  • 31. Simple API // Hod do I implement it // FORKITO
  • 32. API GOAL Create minimal number of humanly understandable (self explaining) classes and method names. FORKITO
  • 33. CHECK AUTHORIZATION - MACCESS CLASS Check single item's authorization : isUserAuthorizedTo + shortcut: isUserAuthorisedToView FORKITO
  • 34. CHECK AUTHORIZATION - MACCESS CLASS Check multiple items authorization (by automatically inserting filtering sql in multiple items queries): insertFilterQuery FORKITO
  • 35. MULTIPLE ITEMS AUTHORIZATION EXAMPLE JPluginHelper::_load() Joomla $levels = implode(',', $user->getAuthorisedViewLevels()); ... $query->select('folder AS type, element AS name, params') ->from('#__extensions') ->where('enabled >= 1') ->where('type ='.$db->Quote('plugin')) ->where('state >= 0') ->where('access IN ('.$levels.')') ->order('ordering'); FORKITO
  • 36. MULTIPLE ITEMS AUTHORIZATION EXAMPLE Forkito ACL $query->select('e.folder AS type, e.element AS name, e.params, e.extension_id, e.asset_id') ->from('#__extensions AS e') ->where('enabled >= 1') ->where('type ='.$db->Quote('plugin')) ->where('state >= 0') ->order('ordering'); jimport('molajo.access.access'); MAccess::insertFilterQuery($db, $query, 'e.asset_id', 'core.view'); FORKITO
  • 37. MULTIPLE ITEMS AUTHORIZATION EXAMPLE The same function is used in categories helper, modules helper, com_content articles model – anywhere where list of items needs to be filtered FORKITO
  • 38. USER INTERFACE Insert acl widget HTML: MHtmlPermissions::aclWidget Get ready-made acl widget in shape of Joomla form field: MFormFieldAclwidget Very simple to include ACL widget in your component layout FORKITO
  • 39. Future // Short term // FORKITO
  • 40. Testing, testing. Bugfixing. Testing. Bugfixing. Bugfixing. Testing. Testing. Bugfixing. Testing, testing. Bugfixing. Testing. Bugfixing. Bugfixing. Testing. Testing. Bugfixing. Testing, testing. Bugfixing. Testing. Bugfixing. Bugfixing. Testing. Testing. Bugfixing. Testing, testing. Bugfixing. Testing. Bugfixing. Bugfixing. Testing. Testing. Bugfixing. Testing, testing. Bugfixing. Testing. Bugfixing. Bugfixing. Testing. Testing. Bugfixing. Testing, testing. Bugfixing. Testing. Bugfixing. Bugfixing. Testing. Testing. Bugfixing. FORKITO
  • 41. USER INTERFACE IMPROVEMENT Inheritance breadcrumbs - show what this level is inheriting from FORKITO
  • 42. Future // Long term // FORKITO
  • 43. MORE ROUNDS OF SIMPLIFICATION Simple mode - flatten inheritance , keep only default and category (or item) permissions FORKITO