It's Friday - what a day to visit jfoobar!
First look at Joomla! 1.6 ACL
Written by Antonie de Wilde Saturday, 01 November 2008 14:31
On october 11, the first step towards a full featured ACL (Access Control List) has been pushed into the development branch of what is to become Joomla! 1.6. It's not finished, but there is enough to check out a few of the features that it's going to bring.
Use cases of ACL
When people mention they want a better ACL, they often forget to specify what they expect from it. Before looking it, I'll specify a few very simple often-requested use cases I have seen over time on the Joomla! Forum. Administrators need the ability to set permissions on:
- sections/categories/articles. With Joomla! 1.6, it should be possible to give people permissions on a subset of all available content.
- components and modules. When giving people permissions on the administrator backend, you want them to be able to do their job as easy as possible. When you can restrict access to components/modules to people, you make it easier for people to navigate the administrator backend, or manage specific components or modules.
- Use profiles/home directory. Community websites often want their users to have a personal page or even home directory. While this looks technically the same as giving a person rights to a single article, it is special. You don't want to manually set permissions on it, so it would save lots of time if this is can be a site configuration.
If you have any other ACL features that you can't live without in Joomla! 1.6, please use the comment form.
Current ACL in development snapshot
Now that we have a few very simple use cases, we're going to take a look in the latest development snapshot to check if they are around. In the administrator backend, we now see a menu item called 'Access Control'.
At the moment, the 'Access Control' menu gives you access to three different rule types, user groups and access levels.
Rule type 1 allows you to set permissions on certain actions, for example: manage content, manage banners, install extensions, etc.
Rule type 2 is used to give people rights to specific content items (sections/categories/articles).
Rules type 3 gives permissions to actions that deal with access levels (public, registered, special).
User groups (strangely enough) gives you the ability to create new user groups.
Access levels is giving me a big fat error when trying to access it, but this will most likely be used to create new access levels besides the ones that are in a default Joomla! Installation (public/registered/special).
Conclusion
When looking through the images and explanations of the current options, you can see that from my use cases number 1 (access to sections/categories/articles), and number 2 (access to specific (parts) of extensions)) are possible. Number 3, the last use-case, (private pages), is not possible by default. For this, you would have to give each specific site member rights to one article which can be used.
The work behind ACL is not done yet, as it is in full development. With the currently implemented ACL, a lot of people are going to be happy with the change from Joomla! 1.5. I can only hope development on Joomla! 1.6 will continue nicely as it has done in the last month.
This post is updated at - 2008-11-22 - with:
- Dutch: Een eerste blik op Joomla! 1.6: ACL (Translation by Ruud van Zuidam)
About the author Antonie de Wilde
Antonie de Wilde is a designer of identity management solutions, helping organizations creating and maintaining identity life cycle management solutions. He has been part of the Joomla! Project almost since the beginning, spending a considerable amount of time on the Joomla! core team. In this time he was responsible for the websites and website infrastructure. At the moment, he is one of the forum administrators of the always busy forum at http://forum.joomla.org.
More about Antonie de WildeLike it? Share it!
bookmark.it
del.icio.us
digg
furl
blinkllist
reddit
feedmelinks
technorati
yahoo
rawsugar
netvouz
rojo
shadows
gabbr
dzone
newsvine
ma.gnolia
stumbleupon
google
squidoo
spurl
blinkbits
blogmarks
bloglines
co.mments
scuttle
ask
slashdot
There are 28 comments posted.
Re: First look at Joomla! 1.6 ACL
There now is a task called 'Users Backend: Manage'. You want to add the ability to give somebody the ability to only use that particular task if a user is member of a group ('Finance', for example). This is indeed a good example of another feature the ACL could provide, and which would be a good addition for big sites that require this delegation of control (to create authors for their departments, for example).
Re: Awesome
This is looking amazing. I can't wait. Good job!
Re: Ooooh... I feel giddy
I'm getting all excited, The POWER of open source... I'm sitting here in Forrest Australia, and someone, somewhere else in the world is coming up with new features for MY clients.
Way to go
Re: Ich freu mich drauf
Hallo ich finde Ihr macht einen super Jop. Ich freue mich auf die 1.6er Version. Vielen Dank und weiter so.
Manuel
Re: Finally! :)
Hey!
I (and I guess all the universe) have been waiting for sooo long! Permission on a per component and even module basis! I can only say: WOW! I almost downloaded Drupal because heard that in that this is included but after I saw their extension directory...
So! Thanks a million!
Bests!
Zsolt
Re: wow
Wow. Can't wait. I also get tempted by Drupal sometimes, but the limited templates usually stop me from jumping ship...
Impressive.
Re: Where's the Menu Rule?
ACL control of the Menu Item Manager would be a good feature. Limiting item additions to a menu or the adding of child trees to a menu item by ACL would be powerful.
Alternatively controlling management (viewing and editing) of a specific Menu by ACL and then adding an additional MENU ITEM TYPE to nest Menus together into a master menu would give the same capability.
Some food for thought.
you know what, ive been searching forums for months trying to find out how to do something like this and could only find a plugin and it worked well enough, this is amazing! this kind of thing should have been there from the start, now I can give people access to "specific" content without worrying about anything else!
dont know if this is true, but I read somewhere that joomla! 1.6 would have no legacy plugin, so that lazy developers would have to update there components and modules to be native, thats all great but if I upgrade to 1.6 it will render some of my site useless as I have quite a few legacy components and modules...
Re: durpal,... but...
ACL with Joomla would be a very very very good thing. After something like 30 joomla website, we still are waiting for this solution. We already ue hacks such as JACLplus to manage it, but it is not taht good solution. We also have developed few websites with Drupal, but come back with Joomla for different reasons.
So... a powerful ACL for Joomla would be of course THE best evolution required.
Thanks for it...
La Souris Verte
Re: GMACCESS
Hello,
If I had to spécify what I want for the ACL in Joomla, I'll said that I exactly want what already do GMACCESS which is open source and very good.
http://www.eduvs.ch/gmaccess/index.php
Why developping a new ACL when you could use the excellent GMACESS?
Thank you for your answer,
Kafi
Re: Core ACL is better
When I first tried Joomla!, I was very disappointed by the lack of ACL. So I'm glad to learn that - at last - ACL will be integrated in Joomla. (As others, I also tried Drupal in quest of this feature, but without much more success). This is definitely a feature eagerly expected by all the administrators concerned with security questions.
I didn't try GMACCES, but one can read on its site :
"Afin, de permettre une gestion optimale et transparante des accès, étendue à un nombre illimité de groupes, GMAccess doit modifier le code source de certains fichiers de Joomla! "
That is "(...) GMAccess has to modify the source code of some Joomla! files". A bad thing, on my opinion, for several reasons, the main being the critical status of ACL. That's why ACL must be part of the core of Joomla! and not some kind of patch. Even if it doesn't bring more than GMAccess features, being part of the core will be an obvious advantage.
ACL in Joomla! 1.6 will add an other good reason to choose this CMS among the many others.
Re: Core ACL is better
Yes I do agree,
But if gmaccess was becoming the joomla ACL, it would'nt be a hack anymore and would'nt have to modify the core anymore.
As 1.6 with is own ACL will need a different core than 1.5.
Take a look at gmaccess and you'll see it really worth it.
All i say is to use gmaccess as the acl for joomla instead of developping a new one.
Kafi
Re: The snag...
The snag is that everybody has different ideas of what is required for ACL. Many options have been considered by those who have invested enough effort and will be doing the work, and they have decided on this approach. So there we are :)
Just wondering, did you use a SVN of joomla 1.6? If so, where is it? I tried one I found, but there are things missing that don't seem to allow it to install.
Re: First look at Joomla! 1.6 ACL
I did use 1.6 SVN. As you can see, the article has been written a while ago, there have been loads of code changes since then. It is my intention to redo the article against current SVN.
I would be interested in reading that. I am looking toward getting that SVN, if I can get it to install. The ACL features are something that I need for clients so I'm looking forward to this process!
What I'm looking for in an ACL is this:
1) Can I create groups of people and give them permissions to various and sundry parts of the site? (In my case mostly menu items and articles.)
2) Can I give specific permissions to an individual (example: the administrator in charge of a peer-review section.)
3) Can I, as site owner, set these group permissions based on the full flexibility of joomla? I'm more worried about front end than back end access, but I want to be able to set sections, catagories, articles, menu items, the whole nine yards to be set based on individual or groupings I make.
4) I want the defaults to be logical and reasonable. (Current Joomla defaults are consistent and reasonable, so I'm not anticipating this to be a problem.)
I'm building a research site, and want the peer-review sections to be specific and confidential until the article goes to publication. When we get experimental groups together, I want those experiments to be confidential until the group is ready to release their results.
Re: Subcategories and ACL?
Agree about this previous comments "..to be set based on individual or groupings I make..."
If this also could work with Joomla subcategories and if the subcategory project hack could be implemented as a core than it would be a dream really.
http://forum.joomla.org/viewtopic.php?f=231&t=298117
I have tried this subcat hack with J 1.5.9 and it works but you cant see the hierarchies when setting up a article to a subcategory.
They are all in a raw not showing right structure.
-category
-category1
-category1.1
Thats the only problem I found there and that it doesn't work with GMaccess...
Re: First look at Joomla! 1.6 ACL
@ssnobben
subcategories is another feature wish that has been around for a long time. Unfortunately, this will not be solved with the ACL that is coming. Basically all of com_content (articles/categories/sections) has to be rewritten, this is one of the features that should be added.
Re: Subcategories and ACL?
@Antonie de Wilde Thanks for the reply.
Yeah hope it will be sooner than later bcs this solution that now is in the forum for a subcategory hack would be possible to include pretty fast.
New version subcategories_patches-0.5_J1.5.9.zip that I have not test for J 1.5.9 http://forum.joomla.org/viewtopic.php?f=231&t=298117&start=60
Its a problem now with the view subcategory tree hierarchies for adding an item to correct subcategory. You can not select the right subcategory bcs the hierarchy tree could not show a correct subcategory structure tree with many subcategories and when some of them are with the same name.
Maybe you can fix this out and implement into J 1.6.1 core?
Re: Hillfe
ich bauche hillfe ich komme nicht mer weiter !
BITTE DENKEN SIE DARAN
DAS INSTALLATIONSVERZEICHNIS VOLLSTÄNDIG ZU LÖSCHEN!
Sie können nicht fortfahren, wenn Sie das Verzeichnis „installation” nicht löschen! Dieses ist ein Sicherheitsmerkmal von Joomla!.
Klicken Sie hier, wenn Sie das Verzeichnis gelöscht haben.
Re: J 1.6 improvment discussion in Joomla forum
Hope you have not missed this interesting discussion in Joomla forum.
This discussion should be good if it could continued and be copied and open in another new thread.
Link:
http://forum.joomla.org/viewtopic.php?f=500&t=273958
Re: A question of granularity
It's not clear to me if I will be able to achieve this critical function with Joomla 1.6's ACL:
I need to give different groups of users access to different content items. For example, all of the Group A users get access only to Form 1. Group B gets exclusive access to Form 2. Group C gets access to Form 1 and Form 2.
Will this be possible?
Thanks for your work!
Really one more step to bring joomla to top. Thank to all developers.
Re: Re: A question of granularity
I second the query of the above poster.
Maybe I've missed something really simple, but what I need (and I can't imagine I'm unique) is the possibility to have different types of registered users. "Customers" and "Staff" for example. This appears to be difficult (impossible?) in Joomla.
Registered User A should get a menu for staff users.
Registered User B should get a menu for prime customers.
Before getting involved with various levels of permissions, a few extra categories of registered users would be useful.
Re: Medyum
Really one more step to bring joomla to top. Thank to all developers.
Blogging team
We have a team that works on the blogs presented on this site. Below you will find all present members who are actively working on blogs on this site.
Please contact us if you are interested in helping us out with the creation of the blogs.
Post translations
jfoobar has readers from all over the world and in many languages. If you create a translation of one of our posts and link to it than please let us know so we can add a link back to the translation at the original post.
JFoobar friends on Twitter
Sponsored Links
Latest Comments
- Aaron wrote:
- 2009-12-23 13:19:22 - Genius! Thanks, Wilco. I've been dying to take .
- Posted in How to downlo .
- Amy Stephen wrote:
- 2009-12-22 18:39:37 - Happy Birthday to one of Joomla!'s most noble - .
- Posted in Mister Joomla .
- Antonie de Wilde wrote:
- 2009-12-22 09:30:26 - Congrats Robin. Have a good day and watch out w .
- Posted in Mister Joomla .
- Robert wrote:
- 2009-12-22 08:51:02 - Happy Birthday Robin .
- Posted in Mister Joomla .
- Arno wrote:
- 2009-12-22 08:43:28 - Happy Birthday Robin, love your suit, you wife .
- Posted in Mister Joomla .
- Brian Teeman wrote:
- 2009-12-22 00:17:41 - Happy Birthday Robin, Welcome to the big four oh .
- Posted in Mister Joomla .
Re: Extension of use case #2
# 1 - Posted by: Paolo De Dionigi on 2008-11-02 15:57:46
Hello, as I wrote in my little white paper, one of the things I'd like and I haven't seen described in this post, is the possibility to give permission not only at generale component level but at specific actions inside the component. Moreover, the possibility to aplly a sort of filter regarding these actions.
An example: consider a website for an association which has some local chapters (or an organizaton with local departments).
Very often there's a people for each 'chapter' in charge of manage (among many other things) the 'users' belonging to his chapter. But only those users, not also users belonging to other chpaters.
So the acl which 'govern' the access to user management isn't enough if it doesn't provide a mean to give user xyz the possibility to manage only a subset of the users.
Regarding articles, this same need is fulfilled using categories and or sections management.
So, regarding users (and everything else) we would need a way to 'create' substes of the items we're going to manage and a way to assing permissions to these subsets.
Thank you for the possibility to discuss about this.
Paolo