Joomla 2.5 ACL @ Dutch Joomla!Days #jd12nl

  • Published on
    22-May-2015

  • View
    2.964

  • Download
    1

DESCRIPTION

Slides of the Joomla ACL session on the Dutch Joomla!Days, 21 April 2012

Transcript

  • 1. Rechtenbeheer in Joomla! 2.5Sander Potjer @sanderpotjer www.sanderpotjer.nlJoomla!dagen 2012 - 21 april 2012

2. Who is Sander Potjer? Involved in the local Joomla community Joomla Community Leadership Team(CLT) member Company: Sander PotjerWebdevelopment E-mail: sander.potjer@community.joomla.org 3. Who is Sander Potjer? Involved in the local Joomla community Joomla Community Leadership Team(CLT) member Company: Sander PotjerWebdevelopment E-mail: sander.potjer@community.joomla.org Slides: http://www.slideshare.net/sanderpotjer 4. Joomla! ACL 5. It took a while...DrupalCon, October 2005Johan Janssens http://www.slideshare.net/JohanJanssens/drupalcon-2005-joomla-drupal-and-you-presentation 6. ACL?!?! ACL = Access Control List 7. ACL?!?! ACL = Access Control List Access to parts of the website e.g. menu / module visibility view action 8. ACL?!?! ACL = Access Control List Access to parts of the website e.g. menu / module visibility view action User actions on objects example: create / edit / edit state / delete article 9. ACL - Groups 7 fixed Groups Public, Registered, Author, Editor, Publisher, Manager, Administrator and Super- Administrator Hierarchical structure 10. ACL - Groups 7 fixed Groups Unlimited Groups Public, Registered, Author, user defined Editor, Publisher, Manager, Administrator and Super- No Hierarchical Structure Administrator required Hierarchical structure 11. ACL - User in Group User can be assigned toone group 12. ACL - User in Group User can be assigned to User can be assigned toone group multiple groups 13. ACL - Access Levels 3 fixed Access Levels Public Registered Special 14. ACL - Access Levels 3 fixed Access Levels Unlimited Access Levels Public user defined Registered Special 15. ACL - Access Levels & Groups relation Fixed relation betweenGroups and AccessLevels 16. ACL - Access Levels & Groups relation Fixed relation between Any combination of UserGroups and AccessGroups can be assignedLevels to any Access Level 17. ACL - Actions Fixed Actions per group Create / edit / delete / admin access / etc. Permission scope forentire site Same permission for all objects Permission inheritancenot applicable 18. ACL in Joomla! 1.5 & 1.6 (Actions) http://brian.teeman.net/joomla-gps/joomla-15-acl-explained.html 19. ACL - Actions Fixed Actions per group Defined Actions per group Create / edit / delete / Create / edit / delete / admin access / etc.admin access / etc. Permission scope for Permission scope atentire sitemultiple levels Same permission for all objects Site/Component/Category/Item Permission inheritance Permission can benot applicable inherited Parent Groups / Categories 20. Joomla! 2.5ACL Overview 21. http://community.joomla.org/blogs/community/1252-16-acl.html 22. http://community.joomla.org/blogs/community/1252-16-acl.html 23. User Guest is also a user Users can be assigned to one or multiple groups 24. http://community.joomla.org/blogs/community/1252-16-acl.html 25. Permissions Assigned to group (not to a user!) 10 Actions Site Login Admin Login Offline Access (since 1.7) Super Admin / Configure Access Component Create Delete Edit Edit State Edit Own 26. http://community.joomla.org/blogs/community/1252-16-acl.html 27. Group Users with same permissions Inherited permissions fromparent groups Unlimited nested groups Keep it simple! Only usenested groups if needed 28. http://community.joomla.org/blogs/community/1252-16-acl.html 29. Access Level What is visible for the group (article, menu, module, etc.) Permissions are not inherited between Access Levels Even Super Users can not view content on frontend if not assigned 30. http://community.joomla.org/blogs/community/1252-16-acl.html 31. Permissions 32. Permissions 4 possible permission settings Not Set Inherited Allowed Denied 33. Permissions - Not Set soft deny can be overridden by Allowed or Denied 34. Permissions - Inherited Value from a parent Permission level Value from a parent User Group Can be overridden by Allowed or Denied 35. Permissions - Allowed Action for current permission level and lower levels Action for current user group and child groups Can be overridden by Denied 36. Permissions - Denied Action for current Permission level and lower levels Action for current User Group and child Groups Can not be overridden at all Always win! 37. Permission Hierarchy (levels) Level 1: Global configuration default permissions settings for actions for a group 38. Permission Hierarchy (levels) Level 1: Global configuration default permissions settings for actions for a group Level 2: Component Options can override the permissions of Level 1 39. Permission Hierarchy (levels) Level 1: Global configuration default permissions settings for actions for a group Level 2: Component Options can override the permissions of Level 1 Level 3: Category can override the permissions of Level 1 & Level 2 available for components with categories (Articles, Banners, etc...) 40. Permission Hierarchy (levels) Level 1: Global configuration default permissions settings for actions for a group Level 2: Component Options can override the permissions of Level 1 Level 3: Category can override the permissions of Level 1 & Level 2 available for components with categories (Articles, Banners, etc...) Level 4: Item can override the permissions of Level 1 & Level 2 & Level 3 only available for article manager in Joomla core 41. Permission Hierarchy (levels) Level 1: Global configuration default permissions settings for actions for a group Level 2: Component Options can override the permissions of Level 1 Level 3: Category can override the permissions of Level 1 & Level 2 available for components with categories (Articles, Banners, etc...) Level 4: Item can override the permissions of Level 1 & Level 2 & Level 3 only available for article manager in Joomla core 42. Permission Hierarchy (levels) Level 1: Global configuration default permissions settings for actions for a group Level 2: Component Options can override the permissions of Level 1 Level 3: Category can override the permissions of Level 1 & Level 2 available for components with categories (Articles, Banners, etc...) Level 4: Item can override the permissions of Level 1 & Level 2 & Level 3 only available for article manager in Joomla core Override permissions of higher levels only worksif permission setting is not Denied! 43. Inheriting example for Create ActionLevel 1Level 2Level 3Level 4 http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new-permissions-in-joomla-16.html 44. Inheriting example for Create ActionLevel 1Level 2Level 3Level 4 http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new-permissions-in-joomla-16.html 45. Inheriting example for Create ActionLevel 1Level 2Level 3Level 4 http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new-permissions-in-joomla-16.html 46. Inheriting example for Create ActionLevel 1Level 2Level 3Level 4 http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new-permissions-in-joomla-16.html 47. Available Permissions and Levelsfor a Group of Users 48. Action: Edit State 49. ACL Manager for Joomla! 1.6 50. ACL Manager for Joomla! 1.6 51. ACL Manager for Joomla! 1.6www.aclmanager.net 52. 50% etgm in kort a!dagen! la l Joom upon!m cooet Jo.n orer voager anag man cl.a M wLwACwPotjer Webdevelopment - www.aclmanager.net 53. Debug Permissions 54. Debug Permissions Turn on the Debug System in theGlobal Configuration Go to User Manager or Groups Click on Debug Permission Report next to the Useror User Group 55. Debug Permissions Need to turn Debug System on... 56. So, what about the database? 57. Database: #__assets 58. Plan your ACL implementation 59. Viewing or Action problem Define the problem, is it a viewing problem or actionproblem (create/delete/edit/etc..)? Or both? Viewing: define the Viewing Access Levels Action: define the permissions for all actions 60. Describe the problem Most of the website is public available, specificcontent only for a group of users (e.g. teachers &students) A teacher can see content specifically for teachers, allstudent content and all public content Students can see content specifically for students andall public content 61. Joomla! ACL in de praktijkpagina 32 - 35 Joomla! ACL L DE EXPERT ange tijd was het n van de meest gewilde nieuwe functionaliteiten in Joomla en in de praktijk sinds de beschikbaarheid van Joomla 1.6 is het er dan eindelijk: uitgebreid toegangs- en rechtenbeheer, ook wel Access Control List (ACL) genoemd. Joomla 1.0 en 1.5 beschikten al over een ACL- systeem, maar dit was nog erg beperkt. De Sander Potjer is gebruikersgroepen, toegangsniveaus en rechten Met de Access Control Listvoorzitter van Stiching Sympathy en actief konden niet ingesteld worden. In Joomla 1.6, 1.7 en 2.5 kan dit nu wel, waardoor het ACL-systeem maak je snel onderscheid in met JoomlaCommu- nity.eu, de Joomla- weliswaar complexer is geworden, maar er tevens veel nieuwe mogelijkheden zijn ontstaan. het toegangsniveau vangebruikersgroepen en de Joomla!Dagen. OpVoor deze workshop gaan we een ACL- international gebiedconfiguratie opzetten voor een kleine school in een verschillende gebruikers- maakt Sander deel uit Joomla 2.5-installatie, zonder Joomlavoorbeelddata. van het JoomlaDe school heeft drie klassen met leerlingen en groepen. Zo zet je je ACL op Leadership Team. Sander is ook de diverse docenten. Een docent kan voor meerdere klassen staan. ontwikkelaar van ACLDe school wil graag dat iedere klas een eigen Manager waarmee het klasblog heeft waar de leerlingen uit de klas Joomla ACL-beheer tools | tech | trends Joomla! 2.5 wordt vereenvoudigd.artikelen kunnen toevoegen en alleen de zelf experts Sander Potjer geschreven artikelen kunnen bewerken. Beide via de voorzijde van de website. De artikelen zijn voor iedereen zichtbaar op de website.De docent van een klas moet alle artikelen voor publicatie eerst goedkeuren, kan alle artikelen van de leerlingen in de klas bewerken en eventueel verwijderen, zowel via de voorzijde als het beheergedeelte van de website. In het beheergedeelte mag de docent alleen bij de artikelen van de eigen klas(sen) komen. De docent moet zelf ook artikelen kunnen plaatsen.Als laatste wens is er dat voor de docenten een aparte blog is voor intern gebruik waar de docenten artikelen kunnen plaatsen, een klein intranet dus. Dit mag alleen voor de docenten zichtbaar zijn. 62. Think ahead! Maintenance? Structure your content properly to handle thepermissions Make usage of parent categories with nestedcategories with same permissions No need to set permissions per article 63. Some Notes 64. User in multiple User Groups The Netherlands Allowed on edit The Netherlands category Denied on edit Belgium category Belgium Allowed on edit Belgium category Denied on edit The Netherlands category User in The Netherlands & Belgium group Denied on edit The Netherlands category Denied on edit Belgium category Denied always win (again) Solution: dont use denied but not set/inherited (=soft deny) 65. What if I locked myself out? 66. What if I locked myself out? No need to access your database Open your configuration.php and add: public $root_user = username; You can login again and perform all actions Great for playing around with the new ACL Dont forget to remove the $root_user line! 67. Practical ACL Tips 68. ACL Tips Write down your ACL requirements for a websitebefore implementing Joomla 1.5 User Groups are for backwardcompatibility in Joomla 2.5, you may remove them! Use multi-nested Groups only if needed / know whatyou are doing (so inheriting value only between levels, not groups as well) 69. ACL Tips Assign User Group with backend access to a ViewingAccess Level Keep flexible for lower permission levels/groups: Avoid the Denied permission setting as long as possible Idea: Make a Group for each Action so you can assignactions directly to a user 70. Quick ACL example 71. Resources http://community.joomla.org/blogs/community/1252-16-acl.html http://docs.joomla.org/ACL_Tutorial_for_Joomla_1.6 http://docs.joomla.org/Access_Control_System_In_Joomla_1.6 http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new-permissions-in-joomla-16.html http://www.theartofjoomla.com/home/38-talks/101-the-joomla-16-video-access-controls.html http://www.aclmanager.net http://www.aclmanager.net/news/general/28-is-your-extension-really-joomla-17-ready http://www.aclmanager.net/news/general/31-how-to-add-basic-acl-support-to-your-extension