enrich your extensions with joomla! acl support

@sanderpotjer

J  and  Beyond  -­‐  May  20,  2012

Enrich your extensions with Joomla! ACL support

Sander Potjer

Sander Potjer?Twitter:@sanderpotjer

E-mail: sander@sanderpotjer.nl

Slides: http://www.slideshare.net/sanderpotjer/

Joomla! ACL

• http://www.slideshare.net/JohanJanssens/drupalcon-2005-joomla-drupal-and-you-presentation

DrupalCon, October 2005Johan Janssens

It took a while...

ACL = Access Control List

ACL?!?!

ACL = Access Control List

Access to parts of the website–e.g. menu / module visibility–“view” action

ACL?!?!

ACL = Access Control List

Access to parts of the website–e.g. menu / module visibility–“view” action

User actions on objectsexample: create / edit / edit state / delete article

ACL?!?!

ACL = Access Control List

Access to parts of the website–e.g. menu / module visibility–“view” action

User actions on objectsexample: create / edit / edit state / delete article

ACL?!?!

Joomla! 2.5 ACL Overview

• http://community.joomla.org/blogs/community/1252-16-acl.html

• http://community.joomla.org/blogs/community/1252-16-acl.html

•Guest is also a ‘user’

•Users can be assigned to one or multiple groups

User

• http://community.joomla.org/blogs/community/1252-16-acl.html

Assigned to group (not to a user!)

10 Actions–Site Login–Admin Login–Offline Access (since 1.7)–Super Admin / Configure–Access Administration

Interface–Create–Delete–Edit–Edit State–Edit Own

Permissions

• http://community.joomla.org/blogs/community/1252-16-acl.html

•Users with same permissions

• Inherited permissions from parent groups

•Unlimited nested groups

•Keep it simple! Only use nested groups if needed

Group

• http://community.joomla.org/blogs/community/1252-16-acl.html

•What is visible for the group(article, menu, module, etc.)

•Permissions are inheritbetween Access Levels

•Even Super Users can not view content on frontend ifnot assigned

Access Level

• http://community.joomla.org/blogs/community/1252-16-acl.html

4 possible permission settings

–Not Set

–Inherited

–Allowed

–Denied

Permissions Settings

Level 1: Global configuration –default permissions settings for actions for a group

Permission Hierarchy (levels)

Level 1: Global configuration –default permissions settings for actions for a group

Level 2: Component Options –can override the permissions of Level 1

Permission Hierarchy (levels)

Level 1: Global configuration –default permissions settings for actions for a group

Level 2: Component Options –can override the permissions of Level 1

Level 3: Category –can override the permissions of Level 1 & Level 2–available for components with categories (Articles, Banners, etc...)

Permission Hierarchy (levels)

Level 1: Global configuration –default permissions settings for actions for a group

Level 2: Component Options –can override the permissions of Level 1

Level 3: Category –can override the permissions of Level 1 & Level 2–available for components with categories (Articles, Banners, etc...)

Level 4: Item –can override the permissions of Level 1 & Level 2 & Level 3–only available for article manager in Joomla core

Permission Hierarchy (levels)

Level 1: Global configuration –default permissions settings for actions for a group

Level 2: Component Options –can override the permissions of Level 1

Level 3: Category –can override the permissions of Level 1 & Level 2–available for components with categories (Articles, Banners, etc...)

Level 4: Item –can override the permissions of Level 1 & Level 2 & Level 3–only available for article manager in Joomla core

Override permissions of higher levels only works if permission setting is not ‘Denied’!

Permission Hierarchy (levels)

• http://www.theartofjoomla.com/home/5-commentary/84-introducing-the-new-permissions-in-joomla-16.html

Level 1

Level 2

Level 3

Level 4

Inheriting example for ‘Create’ Action

Database: #__assets

Database: #__assets: rules names10 Actions:–Site Login: core.login.site–Admin Login: core.login.admin–Offline Access: core.login.offline–Super Admin / Configure: core.admin–Access Administration Interface: core.manager–Create: core.create–Delete: core.delete–Edit: core.edit–Edit State: core.edit.state–Edit Own: core.edit.own

Database: #__assets: rules valuesPermissions values “Null”, ‘0’ and ‘1’ –Null: Not Set or Inherited –0: Denied–1: Allowed

Database: #__assets: rules format

{"core.login.site":{"6":1,"2":1}

Database: #__assets: name format

com_content.category.19

Database: #__assets

Joomla Basic ACL support

2 actions required

ConfigureTo configure the access settings via the 'Options' toolbar button

Access Administration InterfaceTo define which group is able to access/manage the component

18 lines of code4 steps

couple minutes

1. Add/modify config.xmlFile: administrator/components/com_foobar/config.xml

<?xml version="1.0" encoding="utf-8"?><config> <fieldset name="permissions" label="JCONFIG_PERMISSIONS_LABEL" description="JCONFIG_PERMISSIONS_DESC"> <field name="rules" type="rules" label="JCONFIG_PERMISSIONS_LABEL" filter="rules" component="com_foobar" section="component"> <action name="core.admin" title="JACTION_ADMIN" description="JACTION_ADMIN_COMPONENT_DESC" /> <action name="core.manage" title="JACTION_MANAGE" description="JACTION_MANAGE_COMPONENT_DESC" /> </field> </fieldset></config>

2. Add access checkFile: administrator/components/com_foobar/foobar.php

defined('_JEXEC') or die('Restricted access');

// Access check.if (!JFactory::getUser()->authorise('core.manage', 'com_foobar')) { return JError::raiseWarning(404, JText::_('JERROR_ALERTNOAUTHOR'));}

3. Add the 'Options' toolbar buttonFile: administrator/components/com_foobar/views/foobars/view.html.php

// Options button.if (JFactory::getUser()->authorise('core.admin', 'com_foobar')) { JToolBarHelper::preferences('com_foobar');}

4. Add one language stringFile: administrator/language/en-GB/en-GB.com_foobar.ini

COM_FOOBAR_CONFIGURATION="FooBar Options"

That’s all!

Actually, basic ACL support is not optional, it should be a requirement for a “native”

Joomla 2.5 extension.

Adding custom actions

Adding custom actionsExample: administrator/components/com_foobar/access.xml

<?xml version="1.0" encoding="utf-8" ?><access component="com_helloworld">! <section name="component">! ! <action name="core.admin" title="JACTION_ADMIN" description="JACTION_ADMIN_COMPONENT_DESC" />! ! <action name="core.manage" title="JACTION_MANAGE" description="JACTION_MANAGE_COMPONENT_DESC" />! ! <action name="core.create" title="JACTION_CREATE" description="JACTION_CREATE_COMPONENT_DESC" />! ! <action name="core.delete" title="JACTION_DELETE" description="JACTION_DELETE_COMPONENT_DESC" />! ! <action name="foobar.delete.own" title="FOOBAR_DELETE_OWN" description="FOOBAR_DELETE_OWN_DESC" />! </section>! <section name="message">! ! <action name="core.delete" title="JACTION_DELETE" description="COM_HELLOWORLD_ACCESS_DELETE_DESC" />! ! <action name="core.edit" title="JACTION_EDIT" description="COM_HELLOWORLD_ACCESS_EDIT_DESC" /> <action name="foobar.delete.own" title="FOOBAR_DELETE_OWN" description="FOOBAR_DELETE_OWN_DESC" />! </section></access>

Adding custom actionsExample: administrator/components/com_foobar/config.xml

<?xml version="1.0" encoding="utf-8"?><config>! <fieldset! ! name="greetings"! ! label="COM_FOOBAR_CONFIG_GREETING_SETTINGS_LABEL"! ! description="COM_FOOBAR_CONFIG_GREETING_SETTINGS_DESC"! >! ! <field! ! ! name="show_category"! ! ! type="radio"! ! ! label="COM_FOOBAR_HELLOWORLD_FIELD_SHOW_CATEGORY_LABEL"! ! ! description="COM_FOOBAR_HELLOWORLD_FIELD_SHOW_CATEGORY_DESC"! ! ! default="0"! ! >! ! ! <option value="0">JHIDE</option>! ! ! <option value="1">JSHOW</option>! ! </field>! </fieldset>! <fieldset! ! name="permissions"! ! label="JCONFIG_PERMISSIONS_LABEL"! ! description="JCONFIG_PERMISSIONS_DESC"! >! ! <field! ! ! name="rules"! ! ! type="rules"! ! ! label="JCONFIG_PERMISSIONS_LABEL"! ! ! class="inputbox"! ! ! validate="rules"! ! ! filter="rules"! ! ! component="com_foobar"! ! ! section="component"! ! />! </fieldset></config>

Extension X (not so good) example

Extension X (not so good) example

Extension X (not so good) example

Extension X (not so good) example

Action check

Simple action checkFile: administrator/components/com_foobar/views/foobars/view.html.php

// Options button.if (JFactory::getUser()->authorise('core.admin', 'com_foobar')) { JToolBarHelper::preferences('com_foobar');}

Multiple action checkFile: administrator/components/com_foobar/views/foobars/view.html.php

/**! * Setting the toolbar! */! protected function addToolBar() ! {! ! $canDo = FoobarHelper::getActions();! ! JToolBarHelper::title(JText::_('COM_FOOBAR_MANAGER_HELLOWORLDS'), 'foobar');! ! if ($canDo->get('core.create')) ! ! {! ! ! JToolBarHelper::addNew('foobar.add', 'JTOOLBAR_NEW');! ! }! ! if ($canDo->get('core.edit')) ! ! {! ! ! JToolBarHelper::editList('foobar.edit', 'JTOOLBAR_EDIT');! ! }! ! if (($canDo->get('core.delete')) || ($canDo->get('foobar.delete.own'))) ! ! {! ! ! JToolBarHelper::deleteList('', 'foobar.delete', 'JTOOLBAR_DELETE');! ! }! ! if ($canDo->get('core.admin')) ! ! {! ! ! JToolBarHelper::divider();! ! ! JToolBarHelper::preferences('com_foobar');! ! }! }

Multiple action checkFile: administrator/components/com_foobar/helpers/foobar.php

/**! * Get the actions! */! public static function getActions($messageId = 0)! {!! ! jimport('joomla.access.access');! ! $user ! = JFactory::getUser();! ! $result! = new JObject; ! ! if (empty($messageId)) {! ! ! $assetName = 'com_foobar';! ! }! ! else {! ! ! $assetName = 'com_foobar.message.'.(int) $messageId;! ! } ! ! $actions = JAccess::getActions('com_foobar', 'component'); ! ! foreach ($actions as $action) {! ! ! $result->set($action->name, $user->authorise($action->name, $assetName));! ! } ! ! return $result;! }

Multiple action checkFile: administrator/components/com_content/helpers/content.php

Displaying permission interface

Display permission interfaceFile: administrator/components/com_foobar/views/foobar/tmpl/edit.php

<?php if ($this->canDo->get('core.admin')): ?> <div class="width-100 fltlft"> <?php echo JHtml::_('sliders.start', 'permissions-sliders-'.$this->item->id, array('useCookie'=>1)); ?> <?php echo JHtml::_('sliders.panel', JText::_('COM_HELLOWORLD_FIELDSET_RULES'), 'access-rules'); ?> <fieldset class="panelform"> <?php echo $this->form->getLabel('rules'); ?> <?php echo $this->form->getInput('rules'); ?> </fieldset> <?php echo JHtml::_('sliders.end'); ?> </div> <?php endif; ?>

Display permission interfaceFile: administrator/components/com_foobar/views/foobar/tmpl/edit.php

Usage examples in MVC

Usage examples - ModelFile: administrator/components/com_content/models/article.php

Usage examples - ModelFile: administrator/components/com_content/models/articles.php

Usage examples - ViewFile: administrator/components/com_content/views/articles/tmpl/default.php

Usage examples - ViewFile: administrator/components/com_content/views/articles/tmpl/default.php

Usage examples - ControllerFile: administrator/components/com_content/controllers/articles.php

Be Creative!

Resources

• http://www.aclmanager.net/news/general/28-is-your-extension-really-joomla-17-ready

• http://www.aclmanager.net/news/general/31-how-to-add-basic-acl-support-to-your-extension

• http://docs.joomla.org/Developing_a_Model-View-Controller_(MVC)_Component_for_Joomla!2.5_-_Part_14

• http://docs.joomla.org/How_to_implement_actions_in_your_code• http://community.joomla.org/blogs/community/1252-16-acl.html • http://docs.joomla.org/ACL_Tutorial_for_Joomla_1.6 • http://docs.joomla.org/Access_Control_System_In_Joomla_1.6 • http://magazine.joomla.org/issues/Issue-May-2012/item/761-Joomla-ACL-

Configuring-back-end