joomla 1.6/1.7 access control lists (acl)
DESCRIPTION
Joomla's ACL changed radically between version 1.5 and more recent versions. This talk highlights the rules for thinking about ACL. The talk was followed by a live demo of the ACL system.TRANSCRIPT
![Page 1: Joomla 1.6/1.7 Access Control Lists (ACL)](https://reader033.vdocuments.mx/reader033/viewer/2022051208/5470911db4af9fb40a8b4832/html5/thumbnails/1.jpg)
Joomla 1.7 Access Control Lists (ACL)
Jen Kramer4Web, Inc.Joomla Day ChicagoAugust 2011
![Page 2: Joomla 1.6/1.7 Access Control Lists (ACL)](https://reader033.vdocuments.mx/reader033/viewer/2022051208/5470911db4af9fb40a8b4832/html5/thumbnails/2.jpg)
Agenda
• Understanding ACL terms• Understanding ACL hierarchy• ACL example configurations
![Page 3: Joomla 1.6/1.7 Access Control Lists (ACL)](https://reader033.vdocuments.mx/reader033/viewer/2022051208/5470911db4af9fb40a8b4832/html5/thumbnails/3.jpg)
What is ACL?
• Most people think of “who sees what”
• It’s also who creates, edits, and configures what
• Joomla separates viewing from all other permissions in a separate system (access levels)
![Page 4: Joomla 1.6/1.7 Access Control Lists (ACL)](https://reader033.vdocuments.mx/reader033/viewer/2022051208/5470911db4af9fb40a8b4832/html5/thumbnails/4.jpg)
Just because you can…
• ACL is NOT for newbies• ACL gets very complicated very
quickly• There is nothing wrong with using
the default settings, which approximate Joomla 1.5 ACL
![Page 5: Joomla 1.6/1.7 Access Control Lists (ACL)](https://reader033.vdocuments.mx/reader033/viewer/2022051208/5470911db4af9fb40a8b4832/html5/thumbnails/5.jpg)
If the implementation is hard to explain, it's a bad idea.
The Zen of Python
![Page 6: Joomla 1.6/1.7 Access Control Lists (ACL)](https://reader033.vdocuments.mx/reader033/viewer/2022051208/5470911db4af9fb40a8b4832/html5/thumbnails/6.jpg)
Joomla 1.5 ACL: Review
• 7 user groups, plus public. Groups cannot be expanded
• Any user in any group can do anything the group can do
• Groups are hierarchical: inherit permissions
• 3 access levels: Public, Registered, Special
![Page 7: Joomla 1.6/1.7 Access Control Lists (ACL)](https://reader033.vdocuments.mx/reader033/viewer/2022051208/5470911db4af9fb40a8b4832/html5/thumbnails/7.jpg)
Joomla 1.7 ACL
• 7 user groups by default, add as many more as you wish
• Any user in any group can do anything the group can do
• Groups are not hierarchical: they inherit permissions, but they can be set with whatever permissions you want
• 3 access levels by default, can add more. Permissions NOT inherited
![Page 8: Joomla 1.6/1.7 Access Control Lists (ACL)](https://reader033.vdocuments.mx/reader033/viewer/2022051208/5470911db4af9fb40a8b4832/html5/thumbnails/8.jpg)
![Page 9: Joomla 1.6/1.7 Access Control Lists (ACL)](https://reader033.vdocuments.mx/reader033/viewer/2022051208/5470911db4af9fb40a8b4832/html5/thumbnails/9.jpg)
Users (Users – User Manager – Add New User)
![Page 10: Joomla 1.6/1.7 Access Control Lists (ACL)](https://reader033.vdocuments.mx/reader033/viewer/2022051208/5470911db4af9fb40a8b4832/html5/thumbnails/10.jpg)
![Page 11: Joomla 1.6/1.7 Access Control Lists (ACL)](https://reader033.vdocuments.mx/reader033/viewer/2022051208/5470911db4af9fb40a8b4832/html5/thumbnails/11.jpg)
Core Permissions (Site – Global Configuration – Permissions)
![Page 12: Joomla 1.6/1.7 Access Control Lists (ACL)](https://reader033.vdocuments.mx/reader033/viewer/2022051208/5470911db4af9fb40a8b4832/html5/thumbnails/12.jpg)
![Page 13: Joomla 1.6/1.7 Access Control Lists (ACL)](https://reader033.vdocuments.mx/reader033/viewer/2022051208/5470911db4af9fb40a8b4832/html5/thumbnails/13.jpg)
User Groups (Users – Groups – Add New Group)
• User groups inherit core permissions from parents
• If you want to keep it (more) simple, keep parent as public and add required permissions
• “Flat is better than nested.” (Zen of Python)
![Page 14: Joomla 1.6/1.7 Access Control Lists (ACL)](https://reader033.vdocuments.mx/reader033/viewer/2022051208/5470911db4af9fb40a8b4832/html5/thumbnails/14.jpg)
![Page 15: Joomla 1.6/1.7 Access Control Lists (ACL)](https://reader033.vdocuments.mx/reader033/viewer/2022051208/5470911db4af9fb40a8b4832/html5/thumbnails/15.jpg)
Access Levels (Users – Access Levels – Add New Access Level)
• Access levels do NOT inherit permissions from other groups
• Possible for SU to not see certain content on front end
![Page 16: Joomla 1.6/1.7 Access Control Lists (ACL)](https://reader033.vdocuments.mx/reader033/viewer/2022051208/5470911db4af9fb40a8b4832/html5/thumbnails/16.jpg)
Now you know the terms…
• On to the planning!
![Page 17: Joomla 1.6/1.7 Access Control Lists (ACL)](https://reader033.vdocuments.mx/reader033/viewer/2022051208/5470911db4af9fb40a8b4832/html5/thumbnails/17.jpg)
Planning for ACL
• Describe the problem you are trying to solve. Example…• The general public can visit that site and
see most content. However, there is content behind the scenes for students and teachers.
• A teacher can see content specifically for teachers, all student content, and the public content.
• Students can only see student content (not teacher content) and the public content.
![Page 18: Joomla 1.6/1.7 Access Control Lists (ACL)](https://reader033.vdocuments.mx/reader033/viewer/2022051208/5470911db4af9fb40a8b4832/html5/thumbnails/18.jpg)
Planning for ACL
• Is your problem a reading problem? Or does it have to do with creating/editing/deleting content? Or both?• If it’s a reading problem, you need
to think about access levels.• If it’s an editing problem, you
might not need to think about access levels at all.
![Page 19: Joomla 1.6/1.7 Access Control Lists (ACL)](https://reader033.vdocuments.mx/reader033/viewer/2022051208/5470911db4af9fb40a8b4832/html5/thumbnails/19.jpg)
Planning for ACL
• Think about maintenance.• It’s easier to allow all content
within a category be editable or readable by a group, rather than setting individual articles.
![Page 20: Joomla 1.6/1.7 Access Control Lists (ACL)](https://reader033.vdocuments.mx/reader033/viewer/2022051208/5470911db4af9fb40a8b4832/html5/thumbnails/20.jpg)
Planning for ACL
• Think about inheritance.• Do users belong to more than
one user group? If so, how does that affect their permission to do things?• User group permissions ARE
inherited• Access levels are NOT inherited
![Page 21: Joomla 1.6/1.7 Access Control Lists (ACL)](https://reader033.vdocuments.mx/reader033/viewer/2022051208/5470911db4af9fb40a8b4832/html5/thumbnails/21.jpg)
Joomla 1.7 ACL demo