ACL in Joomla 1.6 at #jd11nl
-
Upload
sander-potjer -
Category
Technology
-
view
1.955 -
download
0
description
Transcript of ACL in Joomla 1.6 at #jd11nl
Sander Potjer Webdesigntwi$er: @sanderpotjerweb: www.sanderpotjer.nl
Joomla! 1.6 ACLSander Potjer
Joomla! 1.6 ACL
About me
• Co-founder of JoomlaCommunity.eu
• Organizer Joomla!Days Netherlands
• Organizer Joomla! User Groups in The Netherlands
• Company: Sander Potjer Webdesign
• Yireo/Jira ICT
• Student Architecture
Joomla! 1.6 ACL
Joomla! 1.6 ACL
Joomla! 1.6 ACL
It took a while...
• http://www.slideshare.net/JohanJanssens/drupalcon-2005-joomla-drupal-and-you-presentation
DrupalCon, October 2005Johan Janssens
Joomla! 1.6 ACL
• ACL = Access Control List
• Access to parts of the website– e.g. menu / module visibility– “view” action
• User actions on objects– e.g. create / edit / delete article
ACL?!
Joomla! 1.6 ACL
• 7 fixed Groups– Public, Registered, Author, Editor,
Publisher, Manager, Administrator and Super-Administrator
– Hierarchical structure
• User can be assigned to one group
• Unlimited Groups– user-defined– not hierarchical
• User can be assigned to multiple groups
ACL in Joomla! 1.5 & 1.6 (Access)
Joomla! 1.6 ACL
• 3 fixed Access Levels– Public, Registered and Special
• Fixed relation between Groups and Access Levels
• Unlimited Access Levels– user-defined
• Any combination of Groups can be assigned to any Access Level
ACL in Joomla! 1.5 & 1.6 (Access)
Joomla! 1.6 ACL
ACL in Joomla! 1.5 & 1.6 (Actions)
• Fixed Actions per group– Create / edit / delete /
admin access / etc.
• Permission scope for entire site– Same permission for all objects
• Permission inheritance not applicable
• http://brian.teeman.net/joomla-gps/joomla-15-acl-explained.html
Joomla! 1.6 ACL
ACL in Joomla! 1.5 & 1.6 (Actions)
• http://brian.teeman.net/joomla-gps/joomla-15-acl-explained.html
Joomla! 1.6 ACL
• Fixed Actions per group– Create / edit / delete /
admin access / etc.
• Permission scope for entire site– Same permission for all objects
• Permission inheritance not applicable
• User defined Actions per group
– Create / edit / delete / admin access / etc.
• Permission scope at multiple levels
– Site, Component, Category, Object
• Permission can be inherited
– from parent Groups and parent Categories
ACL in Joomla! 1.5 & 1.6 (Actions)
Joomla! 1.6 ACL
Joomla! 1.6 ACL Overview
Joomla! 1.6 ACL
Joomla 1.6 ACL Overview
• http://community.joomla.org/blogs/community/1252-16-acl.html
Joomla! 1.6 ACL
Joomla 1.6 ACL Overview
• http://community.joomla.org/blogs/community/1252-16-acl.html
Joomla! 1.6 ACL
Joomla 1.6 ACL: User• Guest is also a
user
• Users can be assigned to one or several groups
Joomla! 1.6 ACL
Joomla 1.6 ACL Overview
• http://community.joomla.org/blogs/community/1252-16-acl.html
Joomla! 1.6 ACL
Joomla 1.6 ACL: Permissions• Assigned to group (not to a user!)
• 9 Actions– Site Login– Admin Login– Super Admin– Access Component– Create– Delete– Edit– Edit State– Edit Own
Joomla! 1.6 ACL
Joomla 1.6 ACL Overview
• http://community.joomla.org/blogs/community/1252-16-acl.html
Joomla! 1.6 ACL
Joomla 1.6 ACL: Groups
• Users with same permissions
• User can be in multiple groups
• Inherit permissions from parent groups
• Unlimited (sub-)groups
• Keep it simple! Only use nested groups if needed
Joomla! 1.6 ACL
Joomla 1.6 ACL Overview
• http://community.joomla.org/blogs/community/1252-16-acl.html
Joomla! 1.6 ACL
Joomla 1.6 ACL: Access Level
• Which group can view what (article, menu, module, etc.)
• Permissions are not inherited between Access Levels
• Even Super Users can not view content onfrontend
Joomla! 1.6 ACL
Joomla 1.6 ACL Overview
• http://community.joomla.org/blogs/community/1252-16-acl.html
Joomla! 1.6 ACL
Permissions
Joomla! 1.6 ACL
How Permissions work
• 4 possible permission settings
– Not Set
– Inherited
– Allowed
– Denied
Joomla! 1.6 ACL
How Permissions work• Not set
– ‘soft’ deny– can be overridden by ‘Allowed’ or ‘Denied’
Joomla! 1.6 ACL
How Permissions work• Inherited
– value from a parent permission level– value from a parent user group– can be overridden by ‘Allowed’ or ‘Denied’
Joomla! 1.6 ACL
How Permissions work• Allowed
– action for current permission level and lower levels– action for current user group and child groups– can be overridden by ‘Denied’
Joomla! 1.6 ACL
How Permissions work• Denied
– action for current permission level and lower levels– action for current user group and child groups– can’t be overridden at all– always win!
Joomla! 1.6 ACL
Permission Hierarchy Levels
• Level 1: Global configuration – default permissions settings for actions for a group
Joomla! 1.6 ACL
Permissions: Global Configuration (Level 1)
Joomla! 1.6 ACL
Permission Hierarchy Levels
• Level 1: Global configuration – default permissions settings for actions for a group
• Level 2: Component Options – can override the permissions of Level 1
Joomla! 1.6 ACL
Permissions: Component Options (Level 2)
Joomla! 1.6 ACL
Permissions: Component Options (Level 2)
Joomla! 1.6 ACL
Permission Hierarchy Levels
• Level 1: Global configuration – default permissions settings for actions for a group
• Level 2: Component Options – can override the permissions of Level 1
• Level 3: Category – can override the permissions of Level 1 & Level 2– available for components with categories (Articles, Banners, etc...)
Joomla! 1.6 ACL
Permissions: Category (Level 3)
Joomla! 1.6 ACL
Permissions: Category (Level 3)
Joomla! 1.6 ACL
Permission Hierarchy Levels
• Level 1: Global configuration – default permissions settings for actions for a group
• Level 2: Component Options – can override the permissions of Level 1
• Level 3: Category – can override the permissions of Level 1 & Level 2– available for components with categories (Articles, Banners, etc...)
• Level 4: Item – can override the permissions of Level 1 & Level 2 & Level 3– only available for articles in Joomla 1.6 core
Joomla! 1.6 ACL
Permissions: Item (Level 4)
Joomla! 1.6 ACL
Permissions: Item (Level 4)
Joomla! 1.6 ACL
Permission Hierarchy Levels• Level 1: Global configuration
– default permissions settings for actions for a group
• Level 2: Component Options – can override the permissions of Level 1
• Level 3: Category – can override the permissions of Level 1 & Level 2– available for components with categories (Articles, Banners, etc...)
• Level 4: Item – can override the permissions of Level 1 & Level 2 & Level 3– only available for articles in Joomla 1.6 core
Joomla! 1.6 ACL
Permission Hierarchy Levels• Level 1: Global configuration
– default permissions settings for actions for a group
• Level 2: Component Options – can override the permissions of Level 1
• Level 3: Category – can override the permissions of Level 1 & Level 2– available for components with categories (Articles, Banners, etc...)
• Level 4: Item – can override the permissions of Level 1 & Level 2 & Level 3– only available for articles in Joomla 1.6 core
• Override permissions of higher levels only works if permission setting is not ‘Denied’!
Joomla! 1.6 ACL
Inheriting example for ‘Create’ action
• http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new-permissions-in-joomla-16.html
Level 1
Level 2
Level 3
Level 4
Joomla! 1.6 ACL
• http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new-permissions-in-joomla-16.html
Level 1
Level 2
Level 3
Level 4
Inheriting example for ‘Create’ action
Joomla! 1.6 ACL
• http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new-permissions-in-joomla-16.html
Level 1
Level 2
Level 3
Level 4
Inheriting example for ‘Create’ action
Joomla! 1.6 ACL
• http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new-permissions-in-joomla-16.html
Level 1
Level 2
Level 3
Level 4
Inheriting example for ‘Create’ action
Joomla! 1.6 ACL
• http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new-permissions-in-joomla-16.html
Level 1
Level 2
Level 3
Level 4
Inheriting example for ‘Create’ action
Joomla! 1.6 ACL
Available Permissions and Levelsfor a Group of Users
Joomla! 1.6 ACL
Action: Edit State
Joomla! 1.6 ACL
ACL Managerfor Joomla! 1.6
by Sander Potjer
Joomla! 1.6 ACL
ACL Manager for Joomla! 1.6
Joomla! 1.6 ACL
ACL Manager for Joomla! 1.6
Joomla! 1.6 ACL
ACL Manager for Joomla! 1.6
Joomla! 1.6 ACL
ACL Manager for Joomla! 1.6
www.aclmanager.net
Joomla! 1.6 ACL
Debug Permissions
Joomla! 1.6 ACL
Debug Permissions
• Turn on the ‘Debug System’ in the Global Configuration
• Go to ‘User Manager’ or ‘Groups’
• Click on ‘Debug Permission Report’ next to the User or User Group
Joomla! 1.6 ACL
Debug Permissions
Joomla! 1.6 ACL
• Disadvantage: need to turn ‘Debug System’
Debug Permissions
Joomla! 1.6 ACL
Plan your ACL implementation
Joomla! 1.6 ACL
Describe the problem
• Most of the website is public available, specific content only for a group of users (e.g. teachers & students)
• A teacher can see content specifically for teachers, all student content and all public content
• Students can see content specifically for students and all public content
Joomla! 1.6 ACL
Viewing or action problem?
• Define the problem, is it a viewing problem or action problem (create/delete/edit/etc..)? Or both?
• Viewing: define the Viewing Access Levels
• Access: define the permissions for the actions
Joomla! 1.6 ACL
Think ahead! Maintenance?
• Structure your content properly to handle the permissions
• Make usage of parent categories with nested categories with same permissions
• No need to set permissions per article
Joomla! 1.6 ACL
Some Notes
Joomla! 1.6 ACL
User in multiple groups
• Class 1– Allowed on edit ‘Class 1’ category– Denied on edit ‘Class 2’ category
• Class 2– Allowed on edit ‘Class 2’ category– Denied on edit ‘Class 1’ category
• User in Class 1 & Class 2 group– Denied on edit ‘Class 1’ category– Denied on edit ‘Class 1’ category– Denied always win– Solution: don’t use denied (soft deny)
Joomla! 1.6 ACL
What if I locked myself out? :-)
Joomla! 1.6 ACL
What if I locked myself out? :-)• No need to access your database
• Open your configuration.php and add:– public $root_user = 'username';
• You can login again and perform all actions
• Great for playing around with the new ACL
• Don’t forget to remove the $root_user line!
Joomla! 1.6 ACL
Practical ACL Tips
Joomla! 1.6 ACL
ACL Tips
• Write down your ACL requirements for a website before implementing
• Joomla 1.5 User Groups are for backward compatibility in Joomla 1.6, you may remove them!
• Use multi-nested Groups only if needed / know what you are doing(so inheriting value only between levels, not groups as well)
Joomla! 1.6 ACL
ACL Tips
• Assign User Group with backend access to a Viewing Access Level
• Keep flexible for lower permission levels/groups: Avoid the ‘Denied’ permission setting as long as possible
• Idea: Make a Group for each Action so you can assign actions directly to a user
Joomla! 1.6 ACL
Resources• http://www.yireo.com/tutorials/joomla/joomla-administration/402-joomla-16-
acls-1-marketing-group• http://community.joomla.org/blogs/community/1252-16-acl.html• http://docs.joomla.org/ACL_Tutorial_for_Joomla_1.6• http://docs.joomla.org/Access_Control_System_In_Joomla_1.6• http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new-
permissions-in-joomla-16.html• http://www.theartofjoomla.com/home/38-talks/101-the-joomla-16-video-
access-controls.html• http://www.aclmanager.net