Actions

Archived

Difference between revisions of "Access Control System In Joomla 1.6"

From Joomla! Documentation

(There is no reason to include outdated information on the wiki.)
 
(3 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{RightTOC}}
+
{{version|1.6}}{{archived|34362|Access Control List|reason=This page has not been maintained in some time and no longer contains information relevant or current. Joomla! 1.6 is no longer supported.|cat=Joomla! 1.6}}
{{future|1.6}}
+
 
+
''Note:Please note that much of the information in this document is out of date.
+
This is a pre alpha document Joomla! version 1.6 that shows early concepts
+
not all of which are implemented in 1.6. Since version 1.6 is still under
+
active development, screenshots and other information discussed in this
+
article may change before the final release of version 1.6. However,
+
it is expected that the basic concepts outlined here will not change.
+
''
+
 
+
 
+
==Overview==
+
 
+
===Users===
+
These are users stored in jos_users table. Please note that gid and usertype fields are only there for legacy purposes and are not used in the current ACL system.
+
Users can be mapped to rules via jos_user_rule_map table.
+
In phpGACL, users were called AROs (Access Request Object).
+
 
+
===User Groups===
+
These are user groups that are held in table jos_usergroups. You can have nested user groups. Each group obviously can hold an unlimited number of users and each user can be assigned to an unlimited number of user groups. These relations are held in the table jos_user_usergroup_map.
+
User groups can be mapped to rules via the jos_usergroup_rule_map table.
+
 
+
===Actions===
+
Actions are things your users will perform such as logging in to backend.
+
 
+
Actions have dependencies and precedence. For example, setting a group Admin rights will take precedence over lesser actions such as login. Thus, if a group has admin set to allow, you cannot deny them the ability to login.
+
 
+
===Assets===
+
Assets are items that you need to set access control on. For example each article on your site can be an asset and you can set edit permission for them. Currently these are not used in core.
+
 
+
===Rules===
+
Rules are combinations of actions and usergroups (or users) and optionally assets.
+
There are three types of rules:
+
* Type 1: These are rules that allow a user or user group to do an action. For example user group X can log in to backend.
+
* Type 2: These are rules that allow a user or user group to do an action on an asset. For example user group X can edit an article with the id of Y.
+
 
+
==Library==
+
TODO
+
==Examples==
+
===Core Access Levels===
+
There are three access levels in core by default: Public, Registered, Special. These are access levels. For them we use the action ''core.view''. Let's use '''Special''' for our example:
+
First of all there is an asset group named Special. We need to tie some user groups to it and selecting Manager is enough. Because the system will automatically include its child groups (being Administrator and Super Administrator by default) The rule needed for this level is ''core.view.3''. As you remember naming convention is action_name.asset_group_id and here our id is 3.
+
 
+
==Database tables==
+
 
+
 
+
* jos_assets: id, parent_id, lft, rgt, level, name, title, rules
+
* jos_usergroups: id, parent_id, lft, rgt, title
+
* jos_user_usergroup_map: user_id, group_id
+
* jos_viewlevels: id, title, ordering, rules
+
 
+
* jos_categories and jos_content contain foreign key asset_id
+
* Rules field is a JSON encoded string with content like this: '{"core.admin":{"7":1},"core.manage":{"6":1}}'
+
 
+
 
+
[[Category:Joomla! 1.6]]
+
[[Category:Access Control]]
+
[[Category:References]][[Category:Access Management]]
+

Latest revision as of 07:49, 27 May 2013

Replacement filing cabinet.png
This page has been archived - Please Do Not Edit or Create Pages placed in this namespace. The pages in the Archived namespace exist only as a historical reference, it will not be improved and its content may be incomplete.