Post on 08-May-2015
description
Make your extension more powerful by
implementing Joomla ACL
Sander Potjer - @sanderpotjer www.aclmanager.net
J and Beyond 2014
Sander Potjer
Extension: ACL Manager Joomla Agency: Perfect Web Team
I love Joomla
Sander Potjer
Extension: ACL Manager Joomla Agency: Perfect Web Team
I love Joomla Slides: slideshare.net/sanderpotjer
Photo by: Mark Fischer
Joomla ACL
ACL?!?!ACL = Access Control List
!
!
!
!
!
!
!
ACL?!?!ACL = Access Control List
!
1) Visibility of content !
!
!
!
!
ACL?!?!ACL = Access Control List
!
1) Visibility of content !
!
!
!
2) Actions on objects
Photo by: Chris Smith
Overview
user
user permissions
user permissions permissions !
Site Login Admin Login
Offline Access Super Admin / Configure Access Admin. Interface
Create Delete
Edit Edit State Edit Own
user permissions
group
user permissions
access levelgroup
user permissions
access levelgroup
user permissions
access levelgroup
user permissions
access levelgroup
user permissions
access levelgroup
user permissions
access levelgroup
user permissions
access levelrole
ACL levels
Photo by: Ian Sane
Global Configuration permissions
Component permissions
Category / Module permissions
Article permissions
Photo by: Andreas
Inheritance
Global Configuration permissions
Component permissions
Category / Module permissions
Article permissions
Global Configuration permissions
Component permissions
Category / Module permissions
Article permissions
Global Configuration permissions
Component permissions
Category / Module permissions
Article permissions
not set
inherited
inherited
inherited
Global Configuration permissions
Component permissions
Category / Module permissions
Article permissions
allowed
inherited
inherited
inherited
Global Configuration permissions
Component permissions
Category / Module permissions
Article permissions
allowed
inherited
denied
locked
Global Configuration permissions
Component permissions
Category / Module permissions
Article permissions
not set
allowed
inherited
inherited
Global Configuration permissions
Component permissions
Category / Module permissions
Article permissions
not set
inherited
allowed
inherited
Global Configuration permissions
Component permissions
Category / Module permissions
Article permissions
denied
allowed
locked
locked
Global Configuration permissions
Component permissions
Category / Module permissions
Article permissions
denied
allowed
locked
locked
CONFLICT
Why?
Photo by: jon jordan
Why not!
Photo by: Peter Reed
Usability
Photo by: Rick Dolishny
Basic ACL implementation
Photo by: Daniel Kulinski
Configure To configure the access settings via the 'Options'
toolbar button !
Access Administration Interface To define which group is able to access/manage the
component
2 actions required
4 steps 18 lines of code couple minutes
Add actions 1
File: administrator/components/com_foobar/config.xml
Access check 2
File: administrator/components/com_foobar/foobar.php
‘Options’ toolbar button3
File: administrator/components/com_foobar/views/foobars/view.html.php
File: administrator/components/com_foobar/views/foobars/view.html.php
Add language string 4
Done!
Basic ACL support is not optional, it is a
requirement for any Joomla extension!
Advanced ACL implementation
Photo by: Patrick Lauke
Database
Rules - JSON encoded
{"core.login.site":{"6":1,"2":1}
com_content.article.24 [extension].[section].[object id]
Action name format (database)
JTable
Access.xml
File: administrator/components/com_foobar/config.xml
File: administrator/components/com_content/access.xml
File: administrator/components/com_content/access.xml
File: administrator/components/com_content/access.xml
File: administrator/components/com_content/access.xml
File: administrator/components/com_content/access.xml
File: administrator/components/com_content/access.xml
Component permissions
Category / Module permissions
Article permissions
File: administrator/components/com_content/access.xml
Site Login: core.login.site Admin Login: core.login.admin
Offline Access: core.login.offline Super Admin / Configure: core.admin
Access Administration Interface: core.manager Create: core.create Delete: core.delete
Edit: core.edit Edit State: core.edit.state Edit Own: core.edit.own
Title vs Name
File: administrator/components/com_content/access.xml
File: administrator/components/com_content/access.xml
Component permissions
Category / Module permissions
Article permissions
allowed
inherited
inherited
Custom Actions
File: administrator/components/com_akeeba/access.xml
File: administrator/components/com_akeeba/access.xml
File: administrator/components/com_akeeba/access.xml
File: administrator/components/com_akeeba/access.xml
File: administrator/components/com_akeeba/access.xml
Action name format (xml)
akeeba.backup [name extension].[name action]
Keep it structured
Interface
File: administrator/components/com_foobar/views/foobar/tmpl/edit.php
getActions helper
File: libraries/cms/helper/content.php
File: can be used anywhere
File: can be used anywhere
addToolbar
File: administrator/components/com_foobar/views/foobars/view.html.php
File: administrator/components/com_foobar/views/foobars/view.html.php
Resources
Photo by: Schub@
Is your extension really Joomla 1.7 ready?http://www.aclmanager.net/news/general/28-is-your-extension-really-joomla-17-ready
!How to add basic ACL support to your extension
http://www.aclmanager.net/news/general/31-how-to-add-basic-acl-support-to-your-extension
Developing a MVC Component/Adding ACL http://docs.joomla.org/J2.5:Developing_a_MVC_Component/Adding_ACL
Adding ACL rules to your component http://docs.joomla.org/Adding_ACL_rules_to_your_component
!Access Control List Tutorial
http://docs.joomla.org/J2.5:Access_Control_List_Tutorial !
Support for ACL permissions per module in com_modules https://github.com/joomla/joomla-cms/pull/1930/files
!JHelperContent::getActions() improvements
https://github.com/joomla/joomla-cms/pull/2728 !
This presentation http://slideshare.net/sanderpotjer/