Joomla! 1.6 ACL

Joomla! 1.6 ACLSander Potjer

Joomla!Days UK - 30th & 31st October 2010

Joomla! 1.6 ACL

Sander Potjer

• Co-founder of Dutch community: JoomlaCommunity.eu

• Organizer Joomla!Day Netherlands

• Organizer Joomla! User Groups in The Netherlands

• Company: Sander Potjer Webdesign

• Yireo team member

• Student Architecture

Joomla! 1.6 ACL

Joomla! 1.6 ACL

Joomla! 1.6 ACL

It took a while...

• http://www.slideshare.net/JohanJanssens/drupalcon-2005-joomla-drupal-and-you-presentation

DrupalCon, October 2005Johan Janssens

Joomla! 1.6 ACL

• ACL = Access Control List

• Access to parts of the website– e.g. menu / module visibility– “view” action

• User actions on objects– e.g. create / edit / delete article

ACL?!

Joomla! 1.6 ACL

ACL in Joomla! 1.5 & 1.6 (Access)

• 7 fixed Groups– Public, Registered, Author, Editor,

Publisher, Manager, Administrator and Super-Administrator

– Hierarchical structure

• User can be assigned to one group

• 3 fixed Access Levels– Public, Registered and Special

• Fixed relation between Groups and Access Levels

Joomla! 1.6 ACL

• 7 fixed Groups– Public, Registered, Author, Editor,

Publisher, Manager, Administrator and Super-Administrator

– Hierarchical structure

• User can be assigned to one group

• 3 fixed Access Levels– Public, Registered and Special

• Fixed relation between Groups and Access Levels

• Unlimited Groups– user-defined– not hierarchical

• User can be assigned to multiple groups

• Unlimited Access Levels– user-defined

• Any combination of Groups can be assigned to any Access Level

ACL in Joomla! 1.5 & 1.6 (Access)

Joomla! 1.6 ACL

ACL in Joomla! 1.5 & 1.6 (Actions)

• Fixed Actions per group– Create / edit / delete /

admin access / etc.

• Permission scope for entire site– Same permission for all objects

• Permission inheritance not applicable

• http://brian.teeman.net/joomla-gps/joomla-15-acl-explained.html

Joomla! 1.6 ACL

• Fixed Actions per group– Create / edit / delete /

admin access / etc.

• Permission scope for entire site– Same permission for all objects

• Permission inheritance not applicable

• User defined Actions per group

– Create / edit / delete / admin access / etc.

• Permission scope at multiple levels

– Site, Component, Category, Object

• Permission can be inherited

– from parent Groups and parent Categories

ACL in Joomla! 1.5 & 1.6 (Actions)

Joomla! 1.6 ACL

Joomla! 1.6 ACL Overview(r19286, 29-10-2010)

Joomla! 1.6 ACL

Joomla 1.6 ACL Overview

• http://community.joomla.org/blogs/community/1252-16-acl.html

Joomla! 1.6 ACL

Joomla 1.6 ACL: User

• Guest is also a user

• Users can be assigned to one or several groups

Joomla! 1.6 ACL

Joomla 1.6 ACL: Permissions

• Assigned to group (not user!)

• 9 Actions– Site Login– Admin Login– Configure– Access Comp.– Create– Delete– Edit– Edit State– Edit Own

Joomla! 1.6 ACL

Joomla 1.6 ACL: Action Permission Groups

• Users with same permissions

• User can be in multiple groups

• Permissions are inherited between groups

• Unlimited (sub-)groups

Joomla! 1.6 ACL

Joomla 1.6 ACL: Access Level

• Which group can view what (article, menu, module, etc.)

• Permissions are not inherited between Access Levels

• Even Super Users can not view

Joomla! 1.6 ACL

Permissions

Joomla! 1.6 ACL

How Action Permissions work

• Not set– ‘soft’ deny– can be overridden by ‘allow’

• Inherited– value from a higher permission level– value from a higher user group

• Allowed– action for this permission level and lower levels– action for this user group and child groups

• Denied & Locked– action for this permission level and lower levels– action for this user group and child groups– always win!

Joomla! 1.6 ACL

Permission Hierarchy Levels

• Global configuration (Level 1)– default permissions for each action and group

• Component Options (Level 2)– can override the default permissions for a component

• Category (Level 3)– can override the default permissions and component options– applies to components with categories (Articles, Banners, etc...)

• Item (Level 4)– can override all permissions above for an object– only applies to articles in Joomla 1.6 core

• Override permissions only works if higher level is not denied & locked!

Joomla! 1.6 ACL

Permissions: Global Configuration (Level 1)

Joomla! 1.6 ACL

Permissions: Component Options (Level 2)

Joomla! 1.6 ACL

Permissions: Category (Level 3)

Joomla! 1.6 ACL

Permissions: Item (Level 4)

Joomla! 1.6 ACL

Inheriting example for action ‘Create’

• http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new-permissions-in-joomla-16.html

Level 1

Level 2

Level 3

Level 4

Joomla! 1.6 ACL

Inheriting example for action ‘Create’

• http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new-permissions-in-joomla-16.html

Level 1

Level 2

Level 3

Level 4

Joomla! 1.6 ACL

Available Joomla 1.6Permissions and Levels

for a Group

Joomla! 1.6 ACL

Action: Edit State

Joomla! 1.6 ACL

ACL Manager by Sander Potjer

Joomla! 1.6 ACL

ACL Manager for Joomla! 1.6

Joomla! 1.6 ACL

ACL Manager for Joomla! 1.6

Joomla! 1.6 ACL

ACL Manager for Joomla! 1.6

Joomla! 1.6 ACL

ACL Manager for Joomla! 1.6

www.aclmanager.net

Joomla! 1.6 ACL

Joomla! 1.6 ACL live demo

Joomla! 1.6 ACL

Some Notes

Joomla! 1.6 ACL

User in multiple groups

• USA group– Allow on edit ‘USA’ category– Deny on edit ‘Europe’ category

• Europe group– Allow on edit ‘Europe’ category– Deny on edit ‘USA’ category

• User in USA & Europe group– Deny on edit ‘Europe’ category– Deny on edit ‘USA’ category– Deny always win

Joomla! 1.6 ACL

What if I locked myself out? :-)

Joomla! 1.6 ACL

What if I locked myself out? :-)

• No need to access your database

• Open your configuration.php and add:– public $root_user = 'username';

• You can login again and perform all actions

• Great for playing around with the new ACL

• Don’t forget to remove the $root_user line!

Joomla! 1.6 ACL

Debug Permissions

• Turn on the ‘Debug System’ in the Global Configuration

• Go to ‘User Manager’ or ‘Groups’

• Click on ‘Debug Permission Report’ below User or Group name

Joomla! 1.6 ACL

Practical ACL Tips

Joomla! 1.6 ACL

ACL Tips

• Write down your ACL requirements for a website before implementing

• Joomla 1.5 User Groups are for backward compatibility in Joomla 1.6, you may remove them

• Use multi-nested Groups only if needed / know what you are doing (so inheriting value only between levels, not also groups)

Joomla! 1.6 ACL

ACL Tips

• Structure your content properly to handle the permissions (don’t set permissions per article/make a parent category with nested categories with same permissions)

• Keep flexible for lower permission levels/groups: try to avoid the ‘Denied & Locked’ as long as possible

• Idea: Make a Group for each Action so you can assign actions directly to a user

Joomla! 1.6 ACL

Resources

• http://www.yireo.com/tutorials/joomla/joomla-administration/402-joomla-16-acls-1-marketing-group

• http://community.joomla.org/blogs/community/1252-16-acl.html• http://docs.joomla.org/ACL_Tutorial_for_Joomla_1.6• http://docs.joomla.org/Access_Control_System_In_Joomla_1.6• http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new-

permissions-in-joomla-16.html• http://www.theartofjoomla.com/home/38-talks/101-the-joomla-16-video-

access-controls.html• http://www.aclmanager.net