Upload
sander-potjer
View
1.928
Download
0
Embed Size (px)
Citation preview
Joomla ACL
Sander Potjer - @sanderpotjer www.sanderpotjer.com Joomla World Conference 2015
- Enjoy contributing to Joomla
- Enjoy contributing to Joomla - Joomla Agency: Perfect Web Team
- Enjoy contributing to Joomla - Joomla Agency: Perfect Web Team - Joomla Extension: ACL Manager
Sander Potjer
- Enjoy contributing to Joomla - Joomla Agency: Perfect Web Team - Joomla Extension: ACL Manager - [email protected] - Slides: sanderpotjer.com
Photo by: Mark Fischer
Joomla ACL
ACL?!?!ACL = Access Control List
ACL?!?!ACL = Access Control List
1) Visibility of content
ACL?!?!ACL = Access Control List
1) Visibility of content
2) Actions on objects
Photo by: Chris Smith
Overview
user
user permissions
user permissions permissions
Site Login Admin Login
Offline Access Super Admin / Configure Access Admin. Interface
Create Delete
Edit Edit State Edit Own
user permissions
group
user permissions
access levelgroup
user permissions
access levelgroup
user permissions
access levelgroup
user permissions
access levelgroup
user permissions
access levelgroup
user permissions
access levelgroup
user permissions
access levelrole
user permissions
Site Login Admin Login
Offline Access Super Admin / Configure Access Admin. Interface
Create Delete
Edit Edit State Edit Own
access levelgroup
ACL levels
Photo by: Ian Sane
Global Configuration permissions
Component permissions
Category / Module permissions
Article permissions
Photo by: Andreas
Inheritance
Global Configuration permissions
Component permissions
Category / Module permissions
Article permissions
Global Configuration permissions
Component permissions
Category / Module permissions
Article permissions
Global Configuration permissions
Component permissions
Category / Module permissions
Article permissions
not set
inherited
inherited
inherited
Global Configuration permissions
Component permissions
Category / Module permissions
Article permissions
allowed
inherited
inherited
inherited
Global Configuration permissions
Component permissions
Category / Module permissions
Article permissions
allowed
inherited
denied
locked
Global Configuration permissions
Component permissions
Category / Module permissions
Article permissions
not set
allowed
inherited
inherited
Global Configuration permissions
Component permissions
Category / Module permissions
Article permissions
not set
inherited
allowed
inherited
Global Configuration permissions
Component permissions
Category / Module permissions
Article permissions
denied
allowed
locked
locked
Global Configuration permissions
Component permissions
Category / Module permissions
Article permissions
denied
allowed
locked
locked
CONFLICT
Photo by: Andreas
Inheritance #2
Photo by: Andreas
Inheritance #1 + #2
Inheriting example for ‘Create’
Level 1
Level 2
Level 3
Level 4
Inheriting example for ‘Create’
Level 1
Level 2
Level 3
Level 4
Why?
Photo by: jon jordan
Why not!
Photo by: Peter Reed
Usability
Photo by: Rick Dolishny
Users want it!
Users want it!
Photo by: Mark Fischer
ACL Demo
Basic ACL implementation
Photo by: Daniel Kulinski
Configure To configure the access settings via the 'Options'
toolbar button
Access Administration Interface To define which group is able to access/manage the
component
2 actions required
4 steps 18 lines of code couple minutes
Add actions 1
File: administrator/components/com_foobar/config.xml
Access check 2
File: administrator/components/com_foobar/foobar.php
‘Options’ toolbar button3
File: administrator/components/com_foobar/views/foobars/view.html.php
File: administrator/components/com_foobar/views/foobars/view.html.php
Add language string 4
File: administrator/language/en-GB/en-GB.com_foobar.ini
Done!
Basic ACL support is not optional, it is a
requirement for any Joomla extension!
Advanced ACL implementation
Photo by: Patrick Lauke
Database
Rules - JSON encoded
{"core.login.site":{"6":1,"2":1}
com_content.article.24 [extension].[section].[object id]
Action name format (database)
JTable
Access.xml
File: administrator/components/com_foobar/config.xml
File: administrator/components/com_content/access.xml
File: administrator/components/com_content/access.xml
File: administrator/components/com_content/access.xml
File: administrator/components/com_content/access.xml
File: administrator/components/com_content/access.xml
File: administrator/components/com_content/access.xml
Component permissions
Category / Module permissions
Article permissions
File: administrator/components/com_content/access.xml
Site Login: core.login.site Admin Login: core.login.admin
Offline Access: core.login.offline Super Admin / Configure: core.admin
Access Administration Interface: core.manager Create: core.create Delete: core.delete
Edit: core.edit Edit State: core.edit.state Edit Own: core.edit.own
Title vs Name
File: administrator/components/com_content/access.xml
File: administrator/components/com_content/access.xml
Component permissions
Category / Module permissions
Article permissions
allowed
inherited
inherited
Custom Actions
File: administrator/components/com_akeeba/access.xml
File: administrator/components/com_akeeba/access.xml
File: administrator/components/com_akeeba/access.xml
File: administrator/components/com_akeeba/access.xml
File: administrator/components/com_akeeba/access.xml
Action name format (xml)
akeeba.backup [name extension].[name action]
Keep it structured
Interface
File: administrator/components/com_foobar/views/foobar/tmpl/edit.php
getActions helper
File: libraries/cms/helper/content.php
File: can be used anywhere
File: can be used anywhere
addToolbar
File: administrator/components/com_foobar/views/foobars/view.html.php
File: administrator/components/com_foobar/views/foobars/view.html.php
Photo by: Chris Smith
Overview?????
Action: Edit State• Global configuration
– default permissions for each action and group
• Component options (permissions) – can override the default permissions for a component
• Category – can override the default permissions and component options
– applies to components with categories (Articles, Banners, etc...)
• Object – can override all permissions above for an object
– only applies to articles in Joomla 1.6 core
Many permission screens....• Global configuration
– default permissions for each action and group
• Component options (permissions) – can override the default permissions for a component
• Category – can override the default permissions and component options
– applies to components with categories (Articles, Banners, etc...)
• Object – can override all permissions above for an object
– only applies to articles in Joomla 1.6 core
Many permission screens....• Global configuration
– default permissions for each action and group
• Component options (permissions) – can override the default permissions for a component
• Category – can override the default permissions and component options
– applies to components with categories (Articles, Banners, etc...)
• Object – can override all permissions above for an object
– only applies to articles in Joomla 1.6 core
Many permission screens....• Global configuration
– default permissions for each action and group
• Component options (permissions) – can override the default permissions for a component
• Category – can override the default permissions and component options
– applies to components with categories (Articles, Banners, etc...)
• Object – can override all permissions above for an object
– only applies to articles in Joomla 1.6 core
Many permission screens....• Global configuration
– default permissions for each action and group
• Component options (permissions) – can override the default permissions for a component
• Category – can override the default permissions and component options
– applies to components with categories (Articles, Banners, etc...)
• Object – can override all permissions above for an object
– only applies to articles in Joomla 1.6 core
Idea?!
Action: Edit State• Global configuration
– default permissions for each action and group
• Component options (permissions) – can override the default permissions for a component
• Category – can override the default permissions and component options
– applies to components with categories (Articles, Banners, etc...)
• Object – can override all permissions above for an object
– only applies to articles in Joomla 1.6 core
ACL Manager for Joomla! 1.6
ACL Manager for Joomla! 1.6• USA group
– Allow on edit ‘USA’ category
– Deny on edit ‘Europe’ category
• Europe group – Allow on edit ‘Europe’ category
– Deny on edit ‘USA’ category
• User in USA & Europe group – Deny on edit ‘Europe’ category
– Deny on edit ‘USA’ category
– Deny always winwww.aclmanager.net
Resources
Photo by: Schub@
Is your extension really Joomla 1.7 ready?http://www.aclmanager.net/news/general/28-is-your-extension-really-joomla-17-ready
How to add basic ACL support to your extension http://www.aclmanager.net/news/general/31-how-to-add-basic-acl-support-to-your-
extension
Developing a MVC Component/Adding ACL http://docs.joomla.org/J2.5:Developing_a_MVC_Component/Adding_ACL
Adding ACL rules to your component http://docs.joomla.org/Adding_ACL_rules_to_your_component
Access Control List Tutorial http://docs.joomla.org/J2.5:Access_Control_List_Tutorial
Support for ACL permissions per module in com_modules https://github.com/joomla/joomla-cms/pull/1930/files
JHelperContent::getActions() improvementshttps://github.com/joomla/joomla-cms/pull/2728
This presentation http://slideshare.net/sanderpotjer/