Actions

Difference between revisions of "ACL Technique in Joomla!"

From Joomla! Documentation

(Add version tag)
m (The #__assets table: making <source> tags <pre> tags)
Line 8: Line 8:
 
== The #__assets table ==
 
== The #__assets table ==
 
The #__assets database table has the following structure (MySql):
 
The #__assets database table has the following structure (MySql):
<source lang="mysql">
+
<pre>
 
CREATE TABLE IF NOT EXISTS `#__assets` (
 
CREATE TABLE IF NOT EXISTS `#__assets` (
 
   `id` int(10) unsigned NOT NULL AUTO_INCREMENT COMMENT 'Primary Key',
 
   `id` int(10) unsigned NOT NULL AUTO_INCREMENT COMMENT 'Primary Key',
Line 23: Line 23:
 
   KEY `idx_parent_id` (`parent_id`)
 
   KEY `idx_parent_id` (`parent_id`)
 
);
 
);
</source>
+
</pre>
  
 
TODO: describe the Assets database table. Fields, layout and purpose.
 
TODO: describe the Assets database table. Fields, layout and purpose.

Revision as of 13:15, 22 April 2013

Contents

A technical overview of how Access Control is implemented in Joomla!.

Introduction

TODO: short intro about different parts that work together as one Access Control system.

The #__assets table

The #__assets database table has the following structure (MySql):

CREATE TABLE IF NOT EXISTS `#__assets` (
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT COMMENT 'Primary Key',
  `parent_id` int(11) NOT NULL DEFAULT '0' COMMENT 'Nested set parent.',
  `lft` int(11) NOT NULL DEFAULT '0' COMMENT 'Nested set lft.',
  `rgt` int(11) NOT NULL DEFAULT '0' COMMENT 'Nested set rgt.',
  `level` int(10) unsigned NOT NULL COMMENT 'The cached level in the nested tree.',
  `name` varchar(50) NOT NULL COMMENT 'The unique name for the asset.',
  `title` varchar(100) NOT NULL COMMENT 'The descriptive title for the asset.',
  `rules` varchar(5120) NOT NULL COMMENT 'JSON encoded access control.',
  PRIMARY KEY (`id`),
  UNIQUE KEY `idx_asset_name` (`name`),
  KEY `idx_lft_rgt` (`lft`,`rgt`),
  KEY `idx_parent_id` (`parent_id`)
);

TODO: describe the Assets database table. Fields, layout and purpose.

Also see: Fixing the assets table

JTableAsset

TODO: describe the methods of JTableAsset, a JTableNested.

Also see:

JAccessRule and JAccessRules

TODO: describe the methods of AccessRule and JAccessRules

Also see:

JAccess

TODO: describe the (static) methods and (static) properties of JAccess

Also see:

Users, Usergroups and View Access Levels

Used tables and classes

Also see: http://docs.joomla.org/Access_Control_System_In_Joomla_1.6

JUser authorisation methods and properties

TODO: describe the authorisation methods and properties of JUser: authorise(), authorisedLevels(), getAuthorisedCategories(), getAuthorisedGroups(), getAuthorisedViewLevels(), $_authActions, $_authGroups, $_authLevels

Also see:

JTable methods and properties for storing access permissions

TODO: describe the JTable methods and properties for storing access permissions: getRules(), setRules(), etc.

http://docs.joomla.org/JTable is only for 1.5 and lacks those new methods and properties

Also see:

access.xml

TODO: describe the use of the access.xml file

setting permissions in a form

TODO: describe the use of a "rules"-fieldset to set the permissions

ACL-related methods in JControllerForm and JModelAdmin

TODO: describe what those methods do, how they are used and when/how to override them.

  • JControllerForm: allowAdd(), allowEdit(), allowSave()
  • JModelAdmin: canDelete(), canEditState()

How it all comes together

TODO: describe how all the above parts are used together in a workflow

Further reading

More information on Joomla!'s Access Control can be found on the following pages:

Contributors