The Official Joomla! Book is the authoritative, and comprehensive Joomla! reference for every administrator, developer, designer, and content manager. Distilling the extensive experience of two long-time Joomla! contributors, it teaches exactly what you need to know, through practical example sites and crystal-clear explanations.
If you’re new to Joomla!, you’ll learn how to quickly create usable, effective sites. If you’re an experienced Joomla! user, you’ll learn how to make your sites more flexible, feature-rich, visually attractive, and useful. And whether new or experienced, you’ll learn how Joomla! really works, so you can fully leverage its power whenever you’re ready. You'll also get to know the Joomla! community by hearing from twelve community members through in-depth interviews, and you’ll learn how to participate in the Joomla! project in ways that make sense for you.
Excerpt from Appendix C
A Look at Joomla! 1.6 ACL
The implementation of access control is the most important change in Joomla! 1.6. In this appendix, we will demonstrate how to implement a basic access control system for the school site example shown in Chapter 10. This example assumes you have installed Joomla! 1.6 without the sample data. Some images will differ if you have installed the sample data.
In our school site, we want to achieve the following:
- Limit the ability to create and edit articles in a department category to members of that department;
- Give all member of the administration the ability to publish articles;
- Limit the ability to see certain content to the school administration only.
The first thing to notice is that the first two of the previous list involve limitations on the actions that users can take, specifically the actions of creating and publishing articles. The third item concerns the ability to view certain items.
In planning 1.6 access control, we need to clearly separate the ability to do actions and the ability to see things.
Controlling What People Can Do
In a 1.6 implementation of the school site, the department sections will be replaced with categories, and the news categories that we created within each department’s section will now be subcategories within the main department categories.
When creating a new category, on the right there is a section called Category Access Rules. This is shown with the default values in Figure C.4. By default, as in Joomla! 1.5, editors have the right to create and edit in all categories, and authors have the right to create in all categories. Neither authors nor editors can edit state, which means to change an article state to published, unpublished, trash, or archive. Only managers, administrators, and super administrators can delete completely.
Because we want each department to have its own separate content, the first step will be to make new user groups for each department. To do that, we go to the User Manager: User Group tab. Initially these groups are set as in Joomla! 1.5. However, in 1.6, the Super Administrator group is called the Super User group and is in its own branch. This is just a difference of display. All of these groups have the same permissions that they had in Joomla! 1.5.
In the example site, we had most users in the Registered group. We will make the new user groups children of the Registered group. To make a new group,click New, and give the group a name and a parent. Once all the groups are defined, the Group tab will appear.
Now when we create or edit a user, we can assign that person to one of the groups by selecting the appropriate box in the Assigned Groups area of the User Manager. Now the user will appear with the new group in the list of users. Now we want to give users in the Social Studies group access to create and edit articles in the Social Studies category. To do this, return to the Content Category Manager, and click the Set Permission button to go to the Category Permissions area. Open the Social Studies slider. In the Category Permissions area, change Create, Edit, and Edit Own to Allowed, as shown in Figure C.10.
After saving the category, users in this group are now allowed to edit and create articles in this category. Now when Jane Smith logs into the front end of the site, she can edit and create articles in the Social Studies category. This is shown by the edit icon that appears on the articles in the Social Studies category but not for articles in the other categories.
To give everyone in the Administration group the ability to publish articles, we change the Administration action permission group’s parent to Publisher. Now anyone assigned to the Administration group can create, edit, or publish just as was true for publishers in Joomla! 1.5. One important element of the permissions system is that users in the Super User group (or any group with global administration) cannot ever have permission denied.
Controlling What People Can See
Next we want to create a way to have some content that can only be seen by the Administration group. We will do this by creating a new view permissions access level. In the User Manager, navigate to the View Permissions Level tab. It will show the three view permissions levels that are present in Joomla! 1.5: Public, Registered, and Special. Each level has groups assigned to it. In the case of Public, all groups are automatically able to see what Public users are able to see. This is because all groups by definition have Public as a parent (or grandparent and so on), and they inherit rights from it. In the case of Registered, because all the new groups that we created had Registered as a parent group (or in the case of Administration as a great, great grandparent group), they will all have access to any item that has its access set to Registered. This is because permission to view is inherited from parent groups to children groups. However, the public is not able to see items set to Registered because it does not inherit from the Registered or Manager group. This is exactly as it is in Joomla! 1.5 but with additional groups.
Next, by clicking New, we can create a new viewing access level, as shown in Figure C.18. This group is called Administration, and only the Administration group will have access to it.
As shown in Figure C.19, the new Administration group is now in the list of viewing access levels. Now when an article is created, its access can be set to Administration, as shown in Figure C.20.
This appendix shows a simple implementation of access control. The access control in Joomla! 1.6 is extremely powerful and flexible and can be used in very complex ways. However, for most sites, we think that the examples shown here will be typical use cases. As discussed in Chapter 11, it is important that you think carefully about your access control needs before implementing. Think about your groups of users and what actions they should be able to do on what content. Think separately about what restrictions you really need to place on viewing published content for what groups. Then examine how the two structures relate to each other, and develop your groups and levels accordingly.
Note: The images in this modified appendix from the Official Joomla! Book are based on the user interfaces for access control at the time of its writing. Although the concepts will remain the same, it is possible that the user interfaces (what you as a user will see on your site) will change. Please check http://officialjoomlabook.com for updated images and explanations of any changes.
Copyright 2010 Pearson Education, Inc. Excerpts republished with permission.