enrich your extensions with joomla! acl support
DESCRIPTION
Enrich your extensions with Joomla! ACL support during J and Beyond 2012TRANSCRIPT
@sanderpotjer
J and Beyond -‐ May 20, 2012
Enrich your extensions with Joomla! ACL support
Sander Potjer
Sander Potjer?Twitter:@sanderpotjer
E-mail: [email protected]
Slides: http://www.slideshare.net/sanderpotjer/
Joomla! ACL
• http://www.slideshare.net/JohanJanssens/drupalcon-2005-joomla-drupal-and-you-presentation
DrupalCon, October 2005Johan Janssens
It took a while...
ACL = Access Control List
ACL?!?!
ACL = Access Control List
Access to parts of the website–e.g. menu / module visibility–“view” action
ACL?!?!
ACL = Access Control List
Access to parts of the website–e.g. menu / module visibility–“view” action
User actions on objectsexample: create / edit / edit state / delete article
ACL?!?!
ACL = Access Control List
Access to parts of the website–e.g. menu / module visibility–“view” action
User actions on objectsexample: create / edit / edit state / delete article
ACL?!?!
Joomla! 2.5 ACL Overview
• http://community.joomla.org/blogs/community/1252-16-acl.html
• http://community.joomla.org/blogs/community/1252-16-acl.html
•Guest is also a ‘user’
•Users can be assigned to one or multiple groups
User
• http://community.joomla.org/blogs/community/1252-16-acl.html
Assigned to group (not to a user!)
10 Actions–Site Login–Admin Login–Offline Access (since 1.7)–Super Admin / Configure–Access Administration
Interface–Create–Delete–Edit–Edit State–Edit Own
Permissions
• http://community.joomla.org/blogs/community/1252-16-acl.html
•Users with same permissions
• Inherited permissions from parent groups
•Unlimited nested groups
•Keep it simple! Only use nested groups if needed
Group
• http://community.joomla.org/blogs/community/1252-16-acl.html
•What is visible for the group(article, menu, module, etc.)
•Permissions are inheritbetween Access Levels
•Even Super Users can not view content on frontend ifnot assigned
Access Level
• http://community.joomla.org/blogs/community/1252-16-acl.html
4 possible permission settings
–Not Set
–Inherited
–Allowed
–Denied
Permissions Settings
Level 1: Global configuration –default permissions settings for actions for a group
Permission Hierarchy (levels)
Level 1: Global configuration –default permissions settings for actions for a group
Level 2: Component Options –can override the permissions of Level 1
Permission Hierarchy (levels)
Level 1: Global configuration –default permissions settings for actions for a group
Level 2: Component Options –can override the permissions of Level 1
Level 3: Category –can override the permissions of Level 1 & Level 2–available for components with categories (Articles, Banners, etc...)
Permission Hierarchy (levels)
Level 1: Global configuration –default permissions settings for actions for a group
Level 2: Component Options –can override the permissions of Level 1
Level 3: Category –can override the permissions of Level 1 & Level 2–available for components with categories (Articles, Banners, etc...)
Level 4: Item –can override the permissions of Level 1 & Level 2 & Level 3–only available for article manager in Joomla core
Permission Hierarchy (levels)
Level 1: Global configuration –default permissions settings for actions for a group
Level 2: Component Options –can override the permissions of Level 1
Level 3: Category –can override the permissions of Level 1 & Level 2–available for components with categories (Articles, Banners, etc...)
Level 4: Item –can override the permissions of Level 1 & Level 2 & Level 3–only available for article manager in Joomla core
Override permissions of higher levels only works if permission setting is not ‘Denied’!
Permission Hierarchy (levels)
• http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new-permissions-in-joomla-16.html
Level 1
Level 2
Level 3
Level 4
Inheriting example for ‘Create’ Action
Database: #__assets
Database: #__assets: rules names10 Actions:–Site Login: core.login.site–Admin Login: core.login.admin–Offline Access: core.login.offline–Super Admin / Configure: core.admin–Access Administration Interface: core.manager–Create: core.create–Delete: core.delete–Edit: core.edit–Edit State: core.edit.state–Edit Own: core.edit.own
Database: #__assets: rules valuesPermissions values “Null”, ‘0’ and ‘1’ –Null: Not Set or Inherited –0: Denied–1: Allowed
Database: #__assets: rules format
{"core.login.site":{"6":1,"2":1}
Database: #__assets: name format
com_content.category.19
Database: #__assets
Joomla Basic ACL support
2 actions required
ConfigureTo configure the access settings via the 'Options' toolbar button
Access Administration InterfaceTo define which group is able to access/manage the component
18 lines of code4 steps
couple minutes
1. Add/modify config.xmlFile: administrator/components/com_foobar/config.xml
<?xml version="1.0" encoding="utf-8"?><config> <fieldset name="permissions" label="JCONFIG_PERMISSIONS_LABEL" description="JCONFIG_PERMISSIONS_DESC"> <field name="rules" type="rules" label="JCONFIG_PERMISSIONS_LABEL" filter="rules" component="com_foobar" section="component"> <action name="core.admin" title="JACTION_ADMIN" description="JACTION_ADMIN_COMPONENT_DESC" /> <action name="core.manage" title="JACTION_MANAGE" description="JACTION_MANAGE_COMPONENT_DESC" /> </field> </fieldset></config>
2. Add access checkFile: administrator/components/com_foobar/foobar.php
defined('_JEXEC') or die('Restricted access');
// Access check.if (!JFactory::getUser()->authorise('core.manage', 'com_foobar')) { return JError::raiseWarning(404, JText::_('JERROR_ALERTNOAUTHOR'));}
3. Add the 'Options' toolbar buttonFile: administrator/components/com_foobar/views/foobars/view.html.php
// Options button.if (JFactory::getUser()->authorise('core.admin', 'com_foobar')) { JToolBarHelper::preferences('com_foobar');}
4. Add one language stringFile: administrator/language/en-GB/en-GB.com_foobar.ini
COM_FOOBAR_CONFIGURATION="FooBar Options"
That’s all!
Actually, basic ACL support is not optional, it should be a requirement for a “native”
Joomla 2.5 extension.
Adding custom actions
Adding custom actionsExample: administrator/components/com_foobar/access.xml
<?xml version="1.0" encoding="utf-8" ?><access component="com_helloworld">! <section name="component">! ! <action name="core.admin" title="JACTION_ADMIN" description="JACTION_ADMIN_COMPONENT_DESC" />! ! <action name="core.manage" title="JACTION_MANAGE" description="JACTION_MANAGE_COMPONENT_DESC" />! ! <action name="core.create" title="JACTION_CREATE" description="JACTION_CREATE_COMPONENT_DESC" />! ! <action name="core.delete" title="JACTION_DELETE" description="JACTION_DELETE_COMPONENT_DESC" />! ! <action name="foobar.delete.own" title="FOOBAR_DELETE_OWN" description="FOOBAR_DELETE_OWN_DESC" />! </section>! <section name="message">! ! <action name="core.delete" title="JACTION_DELETE" description="COM_HELLOWORLD_ACCESS_DELETE_DESC" />! ! <action name="core.edit" title="JACTION_EDIT" description="COM_HELLOWORLD_ACCESS_EDIT_DESC" /> <action name="foobar.delete.own" title="FOOBAR_DELETE_OWN" description="FOOBAR_DELETE_OWN_DESC" />! </section></access>
Adding custom actionsExample: administrator/components/com_foobar/config.xml
<?xml version="1.0" encoding="utf-8"?><config>! <fieldset! ! name="greetings"! ! label="COM_FOOBAR_CONFIG_GREETING_SETTINGS_LABEL"! ! description="COM_FOOBAR_CONFIG_GREETING_SETTINGS_DESC"! >! ! <field! ! ! name="show_category"! ! ! type="radio"! ! ! label="COM_FOOBAR_HELLOWORLD_FIELD_SHOW_CATEGORY_LABEL"! ! ! description="COM_FOOBAR_HELLOWORLD_FIELD_SHOW_CATEGORY_DESC"! ! ! default="0"! ! >! ! ! <option value="0">JHIDE</option>! ! ! <option value="1">JSHOW</option>! ! </field>! </fieldset>! <fieldset! ! name="permissions"! ! label="JCONFIG_PERMISSIONS_LABEL"! ! description="JCONFIG_PERMISSIONS_DESC"! >! ! <field! ! ! name="rules"! ! ! type="rules"! ! ! label="JCONFIG_PERMISSIONS_LABEL"! ! ! class="inputbox"! ! ! validate="rules"! ! ! filter="rules"! ! ! component="com_foobar"! ! ! section="component"! ! />! </fieldset></config>
Extension X (not so good) example
Extension X (not so good) example
Extension X (not so good) example
Extension X (not so good) example
Action check
Simple action checkFile: administrator/components/com_foobar/views/foobars/view.html.php
// Options button.if (JFactory::getUser()->authorise('core.admin', 'com_foobar')) { JToolBarHelper::preferences('com_foobar');}
Multiple action checkFile: administrator/components/com_foobar/views/foobars/view.html.php
/**! * Setting the toolbar! */! protected function addToolBar() ! {! ! $canDo = FoobarHelper::getActions();! ! JToolBarHelper::title(JText::_('COM_FOOBAR_MANAGER_HELLOWORLDS'), 'foobar');! ! if ($canDo->get('core.create')) ! ! {! ! ! JToolBarHelper::addNew('foobar.add', 'JTOOLBAR_NEW');! ! }! ! if ($canDo->get('core.edit')) ! ! {! ! ! JToolBarHelper::editList('foobar.edit', 'JTOOLBAR_EDIT');! ! }! ! if (($canDo->get('core.delete')) || ($canDo->get('foobar.delete.own'))) ! ! {! ! ! JToolBarHelper::deleteList('', 'foobar.delete', 'JTOOLBAR_DELETE');! ! }! ! if ($canDo->get('core.admin')) ! ! {! ! ! JToolBarHelper::divider();! ! ! JToolBarHelper::preferences('com_foobar');! ! }! }
Multiple action checkFile: administrator/components/com_foobar/helpers/foobar.php
/**! * Get the actions! */! public static function getActions($messageId = 0)! {!! ! jimport('joomla.access.access');! ! $user ! = JFactory::getUser();! ! $result! = new JObject; ! ! if (empty($messageId)) {! ! ! $assetName = 'com_foobar';! ! }! ! else {! ! ! $assetName = 'com_foobar.message.'.(int) $messageId;! ! } ! ! $actions = JAccess::getActions('com_foobar', 'component'); ! ! foreach ($actions as $action) {! ! ! $result->set($action->name, $user->authorise($action->name, $assetName));! ! } ! ! return $result;! }
Multiple action checkFile: administrator/components/com_content/helpers/content.php
Displaying permission interface
Display permission interfaceFile: administrator/components/com_foobar/views/foobar/tmpl/edit.php
<?php if ($this->canDo->get('core.admin')): ?> <div class="width-100 fltlft"> <?php echo JHtml::_('sliders.start', 'permissions-sliders-'.$this->item->id, array('useCookie'=>1)); ?> <?php echo JHtml::_('sliders.panel', JText::_('COM_HELLOWORLD_FIELDSET_RULES'), 'access-rules'); ?> <fieldset class="panelform"> <?php echo $this->form->getLabel('rules'); ?> <?php echo $this->form->getInput('rules'); ?> </fieldset> <?php echo JHtml::_('sliders.end'); ?> </div> <?php endif; ?>
Display permission interfaceFile: administrator/components/com_foobar/views/foobar/tmpl/edit.php
Usage examples in MVC
Usage examples - ModelFile: administrator/components/com_content/models/article.php
Usage examples - ModelFile: administrator/components/com_content/models/articles.php
Usage examples - ViewFile: administrator/components/com_content/views/articles/tmpl/default.php
Usage examples - ViewFile: administrator/components/com_content/views/articles/tmpl/default.php
Usage examples - ControllerFile: administrator/components/com_content/controllers/articles.php
Be Creative!
Resources
• http://www.aclmanager.net/news/general/28-is-your-extension-really-joomla-17-ready
• http://www.aclmanager.net/news/general/31-how-to-add-basic-acl-support-to-your-extension
• http://docs.joomla.org/Developing_a_Model-View-Controller_(MVC)_Component_for_Joomla!2.5_-_Part_14
• http://docs.joomla.org/How_to_implement_actions_in_your_code• http://community.joomla.org/blogs/community/1252-16-acl.html • http://docs.joomla.org/ACL_Tutorial_for_Joomla_1.6 • http://docs.joomla.org/Access_Control_System_In_Joomla_1.6 • http://magazine.joomla.org/issues/Issue-May-2012/item/761-Joomla-ACL-
Configuring-back-end