Actions

Difference between revisions of "ACL Technique in Joomla!"

From Joomla! Documentation

(Added some references to related (unfinished) Wiki-pages)
(added a section "ACL-related methods in JControllerForm and JModelAdmin")
(9 intermediate revisions by one user not shown)
Line 1: Line 1:
 
{{JVer|Platform}}{{JVer|2.5}}{{JVer|3.0}}
 
{{JVer|Platform}}{{JVer|2.5}}{{JVer|3.0}}
 +
 
A technical overview of how Access Control is implemented in Joomla!.
 
A technical overview of how Access Control is implemented in Joomla!.
 +
 +
== Introduction ==
 +
TODO: short intro about different parts that work together as one Access Control system.
  
 
== The #__assets table ==
 
== The #__assets table ==
 +
The #__assets database table has the following structure (MySql):
 +
<source lang="mysql">
 +
CREATE TABLE IF NOT EXISTS `#__assets` (
 +
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT COMMENT 'Primary Key',
 +
  `parent_id` int(11) NOT NULL DEFAULT '0' COMMENT 'Nested set parent.',
 +
  `lft` int(11) NOT NULL DEFAULT '0' COMMENT 'Nested set lft.',
 +
  `rgt` int(11) NOT NULL DEFAULT '0' COMMENT 'Nested set rgt.',
 +
  `level` int(10) unsigned NOT NULL COMMENT 'The cached level in the nested tree.',
 +
  `name` varchar(50) NOT NULL COMMENT 'The unique name for the asset.',
 +
  `title` varchar(100) NOT NULL COMMENT 'The descriptive title for the asset.',
 +
  `rules` varchar(5120) NOT NULL COMMENT 'JSON encoded access control.',
 +
  PRIMARY KEY (`id`),
 +
  UNIQUE KEY `idx_asset_name` (`name`),
 +
  KEY `idx_lft_rgt` (`lft`,`rgt`),
 +
  KEY `idx_parent_id` (`parent_id`)
 +
);
 +
</source>
 +
 
TODO: describe the Assets database table. Fields, layout and purpose.
 
TODO: describe the Assets database table. Fields, layout and purpose.
 +
 +
Also see: [[Fixing the assets table]]
  
 
== JTableAsset ==
 
== JTableAsset ==
 
TODO: describe the methods of JTableAsset, a JTableNested.
 
TODO: describe the methods of JTableAsset, a JTableNested.
Also see: http://docs.joomla.org/JTableAsset and subpages
+
 
 +
Also see:  
 +
* http://docs.joomla.org/JTableAsset and subpages
 +
* http://api.joomla.org/Joomla-Platform/Table/JTableAsset.html
  
 
== JAccessRule and JAccessRules ==
 
== JAccessRule and JAccessRules ==
 
TODO: describe the methods of AccessRule and JAccessRules
 
TODO: describe the methods of AccessRule and JAccessRules
Also see: deprecated docs.joomla.org/JRule, docs.joomla.org/JRules and subpages
+
 
 +
Also see:  
 +
* deprecated http://docs.joomla.org/JRule, http://docs.joomla.org/JRules and subpages
 +
* http://api.joomla.org/Joomla-Platform/Access/JAccessRule.html and http://api.joomla.org/Joomla-Platform/Access/JAccessRules.html
  
 
== JAccess ==
 
== JAccess ==
 
TODO: describe the (static) methods and (static) properties of JAccess
 
TODO: describe the (static) methods and (static) properties of JAccess
Also see: http://docs.joomla.org/JAccess and subpages
+
 
 +
Also see:  
 +
* http://docs.joomla.org/JAccess and subpages
 +
* http://api.joomla.org/Joomla-Platform/Access/JAccess.html
 +
 
 +
== Users, Usergroups and View Access Levels ==
 +
Used tables and classes
 +
 
 +
Also see: http://docs.joomla.org/Access_Control_System_In_Joomla_1.6
  
 
== JUser authorisation methods and properties ==
 
== JUser authorisation methods and properties ==
 
TODO: describe the authorisation methods and properties of JUser: authorise(), authorisedLevels(), getAuthorisedCategories(), getAuthorisedGroups(), getAuthorisedViewLevels(), $_authActions, $_authGroups, $_authLevels
 
TODO: describe the authorisation methods and properties of JUser: authorise(), authorisedLevels(), getAuthorisedCategories(), getAuthorisedGroups(), getAuthorisedViewLevels(), $_authActions, $_authGroups, $_authLevels
Also see: http://docs.joomla.org/JUser and subpages
+
 
 +
Also see:  
 +
* http://docs.joomla.org/JUser and subpages
 +
* http://api.joomla.org/Joomla-Platform/User/JUser.html
 +
* http://api.joomla.org/Joomla-Platform/User/JUserHelper.html
 +
* http://api.joomla.org/Joomla-Platform/User/JAuthentication.html and http://api.joomla.org/Joomla-Platform/User/JAuthenticationResponse.html
 +
* http://api.joomla.org/Joomla-Platform/Table/JTableUser.html and http://api.joomla.org/Joomla-Platform/Table/JTableUsergroup.html
  
 
== JTable methods and properties for storing access permissions ==
 
== JTable methods and properties for storing access permissions ==
 
TODO: describe the JTable methods and properties for storing access permissions: getRules(), setRules(), etc.
 
TODO: describe the JTable methods and properties for storing access permissions: getRules(), setRules(), etc.
 +
 
http://docs.joomla.org/JTable is only for 1.5 and lacks those new methods and properties
 
http://docs.joomla.org/JTable is only for 1.5 and lacks those new methods and properties
 +
 +
Also see:
 +
* http://api.joomla.org/Joomla-Platform/Table/JTable.html
  
 
== access.xml ==
 
== access.xml ==
 
TODO: describe the use of the access.xml file
 
TODO: describe the use of the access.xml file
 +
 +
== setting permissions in a form ==
 +
TODO: describe the use of a "rules"-fieldset to set the permissions
 +
 +
== ACL-related methods in JControllerForm and JModelAdmin ==
 +
TODO: describe what those methods do, how they are used and when/how to override them.
 +
* JControllerForm: allowAdd(), allowEdit(), allowSave()
 +
* JModelAdmin: canDelete(), canEditState()
  
 
== How it all comes together ==
 
== How it all comes together ==
TODO: describe how the above parts are used together in a workflow
+
TODO: describe how all the above parts are used together in a workflow
  
== References ==
+
== Further reading ==
TODO: add
+
More information on Joomla!'s Access Control can be found on the following pages:
 +
* General information and use: [[Access Control List/1.6-2.5/Tutorial]]
 +
* Tutorial how to use it in your component: [[Developing a Model-View-Controller Component/2.5/Adding ACL]]
  
N.B.: in http://docs.joomla.org/Access_Control_System_In_Joomla_1.6 this was started and usergroups are referenced there too. TODO: include usergroups here too, for they are an integral part of the Joomla-ACL.
+
== Contributors ==
 +
*[[User:HermanPeeren|Herman Peeren]]

Revision as of 03:13, 24 September 2012

Joomla PlatformJoomla 2.5Joomla 3.0

A technical overview of how Access Control is implemented in Joomla!.

Contents

Introduction

TODO: short intro about different parts that work together as one Access Control system.

The #__assets table

The #__assets database table has the following structure (MySql):

CREATE TABLE IF NOT EXISTS `#__assets` (
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT COMMENT 'Primary Key',
  `parent_id` int(11) NOT NULL DEFAULT '0' COMMENT 'Nested set parent.',
  `lft` int(11) NOT NULL DEFAULT '0' COMMENT 'Nested set lft.',
  `rgt` int(11) NOT NULL DEFAULT '0' COMMENT 'Nested set rgt.',
  `level` int(10) unsigned NOT NULL COMMENT 'The cached level in the nested tree.',
  `name` varchar(50) NOT NULL COMMENT 'The unique name for the asset.',
  `title` varchar(100) NOT NULL COMMENT 'The descriptive title for the asset.',
  `rules` varchar(5120) NOT NULL COMMENT 'JSON encoded access control.',
  PRIMARY KEY (`id`),
  UNIQUE KEY `idx_asset_name` (`name`),
  KEY `idx_lft_rgt` (`lft`,`rgt`),
  KEY `idx_parent_id` (`parent_id`)
);

TODO: describe the Assets database table. Fields, layout and purpose.

Also see: Fixing the assets table

JTableAsset

TODO: describe the methods of JTableAsset, a JTableNested.

Also see:

JAccessRule and JAccessRules

TODO: describe the methods of AccessRule and JAccessRules

Also see:

JAccess

TODO: describe the (static) methods and (static) properties of JAccess

Also see:

Users, Usergroups and View Access Levels

Used tables and classes

Also see: http://docs.joomla.org/Access_Control_System_In_Joomla_1.6

JUser authorisation methods and properties

TODO: describe the authorisation methods and properties of JUser: authorise(), authorisedLevels(), getAuthorisedCategories(), getAuthorisedGroups(), getAuthorisedViewLevels(), $_authActions, $_authGroups, $_authLevels

Also see:

JTable methods and properties for storing access permissions

TODO: describe the JTable methods and properties for storing access permissions: getRules(), setRules(), etc.

http://docs.joomla.org/JTable is only for 1.5 and lacks those new methods and properties

Also see:

access.xml

TODO: describe the use of the access.xml file

setting permissions in a form

TODO: describe the use of a "rules"-fieldset to set the permissions

ACL-related methods in JControllerForm and JModelAdmin

TODO: describe what those methods do, how they are used and when/how to override them.

  • JControllerForm: allowAdd(), allowEdit(), allowSave()
  • JModelAdmin: canDelete(), canEditState()

How it all comes together

TODO: describe how all the above parts are used together in a workflow

Further reading

More information on Joomla!'s Access Control can be found on the following pages:

Contributors