The Joomla! Forum ™

I searched on this but did not find an answer that I understood. Is there a way to add user groups to Joomla 1.5? I thought that was one of the things I was looking forward to. I do not see how to do it.

I would like to add, for example, a "subscriber" group and an "agent" group. I would like to be able to allow them to see content based on the group they are in.

The existing (default) groups are fine for editing content and administering teh site, but I thought we were going to get a little more granular control of user groups and access in 1.5

Ideally, an "agent" could see everything that all other "agents" can see, but also they could see content specific to that particular agent.
Example:
All "agents" can see agent information for the entire US that is relevant to all agents.
The "agent" for Atlanta, GA, can see additional content specific to him/her and he/she can add content that will be visible to a "subscriber" within his area.

A "subscriber" can see all content relevant to all subscribers across the US, but they can ALSO see content specific to the "agent" area. ... a "subscriber" from Atlanta can then see content presented by the Atlanta "agent".

I don't see how to use the default groups to accomplish this and I can not see how to add groups. I thought maybe Community Builder was a way to do this, but I've never used it before and reading about it doesn't seem to clarify this.

Do I have to forget about Joomla for this project and go to something else? I would prefer to stay with Joomla. It just akes my life easier   But this user/groups issue is going to be important going forward.

Thanks

joomla says here
http://help.joomla.org/content/view/25/125/

ARO's are able to be assigned to a group. The defaultARO groups provided in Joomla are:

ROOT
| - USERS
| -- PublicFrontend
| - - - Registered
| - - - - Author
| - - - - - Editor
| - - - - - - Publisher
| - - Public Backend
| - - - Manager
| - - - - Administrator
| - - - - - Super Administrator


i need assistance for 1.5 i think the code given below  is for older joomla versions. can anyone assist me for joomla 1.5


To add a new user group "support" by hand you would use the following SQL:

i tried replacing mos with jos , some field changes are present in joomla 1.5, this code will be complete if it matches the field names used by joomla 1.5 version


SET @parent_name = 'Registered';
SET @new_name = 'Support';

-- Select the parent node to insert after
SELECT @ins_id := group_id, @ins_lft := lft, @ins_rgt := rgt
FROM mos_core_acl_aro_groups
WHERE name = @parent_name;

SELECT @new_id := MAX(group_id) + 1 FROM mos_core_acl_aro_groups;

-- Make room for the new node
UPDATE mos_core_acl_aro_groups SET rgt=rgt+2 WHERE rgt>=@ins_rgt;
UPDATE mos_core_acl_aro_groups SET lft=lft+2 WHERE lft>@ins_rgt;

-- Insert the new node
INSERT INTO mos_core_acl_aro_groups (group_id,parent_id,name,lft,rgt)
VALUES (@new_id,@ins_id,@new_name,@ins_rgt,@ins_rgt+1);



------------------------------------------------------------

8)
from the above reply message, a small change in code
i tried the following sql code &  i think this is solved now ?

SET @parent_name = 'Registered';
SET @new_name = 'Support';

-- Select the parent node to insert after
SELECT @ins_id := id, @ins_lft := lft, @ins_rgt := rgt
FROM jos_core_acl_aro_groups
WHERE name = @parent_name;

SELECT @new_id := MAX(id) + 1 FROM jos_core_acl_aro_groups;

-- Make room for the new node
UPDATE jos_core_acl_aro_groups SET rgt=rgt+2 WHERE rgt>=@ins_rgt;
UPDATE jos_core_acl_aro_groups SET lft=lft+2 WHERE lft>@ins_rgt;

-- Insert the new node
INSERT INTO jos_core_acl_aro_groups (id,parent_id,name,lft,rgt,value)
VALUES (@new_id,@ins_id,@new_name,@ins_rgt,@ins_rgt+1,"Support");



-------------------------------

access level
public ,registered , special

in joomla user manager

group
;
list of groups
ROOT
| - USERS
| -- PublicFrontend
| - - - Registered
| - - - - Author
| - - - - - Editor
| - - - - - - Publisher
| - - - - Support
| - - Public Backend
| - - - Manager
| - - - - Administrator
| - - - - - Super Administrator

very interesting.

In your example, "Support" is at the same level as "Author" with "Registered" as parent.

Does "Support" have the same rights as "Author" by default?

I am trying to create different levels of access for a business client.

Unregistered Guests see information to help them determine if they want to purchase service.

Subscriber1 level sees all of Guest but also sees some things that guest can not see and are only available to Subscriber1 level.

Subscriber2 level has purchased the next level of service and can see all of Guest and subscriber1 items, and can now see items visible only to subscriber2 level as well.

What I am trying to do has only to do with VIEWING. I don't need these people to be able to write articles or anything. This is only to give them increasing access to higher and higher levels of information.

I would LOVE to be able to do this with Joomla.

** edit **
I am also wondering if we begin to add groups like this... will we be able to SEE these groups in the administrative back end? Will we have to also modify administrative pages so that there is room to DISPLAY a larger tree structure?

I do not currently have a test site so it will be difficult for me to test this.

I get a SQL error

Error

SQL query: Documentation

-- Select the parent node to insert after
SELECT @ins_id := id, @ins_lft := lft, @ins_rgt := rgt
FROM jos_core_acl_aro_groups
WHERE name = @parent_name ;

MySQL said: Documentation
#1267 - Illegal mix of collations (utf8_general_ci,IMPLICIT) and (utf8_unicode_ci,IMPLICIT) for operation '='

**EDIT** ok I figured out the error and got around it by changing one line from:
WHERE name = @parent_name ;
to
WHERE name COLLATE utf8_general_ci  = @parent_name ;

So now I have a new group and I can put new users IN that group, but when you create a new article and want to set Access Level, you only have 3 choices: Public, Registered, and Special.

If you wanted to make an article viewable only by those in the new group.... how do you do it? I added a new group "Support" to the jog_groups table, but the new group doesn't show up in the list of Access Level when you make or edit an article.

Note: Take a  backup copy  of your jos_core_acl_aro_groups table before you do these changes

joomla 1.5+  and future versions roadmap says http://dev.joomla.org/content/view/23/61/
"User and Access Control sytem Improvements
This allows for the ability to add and edit the user groups system. It also allows for administrators to alter the access permissions based on function though the user interface. For example, you will be able to define which group(s) can install components or template, and so on.
Also, we will allow for controlling permissions at the object level in a more detailed way. For example, you will be able to select sections and categories that are viewable only to certain groups.
"

i am also in requirement of such group levels, will let you know once i fully understand how this joomla - phpGACLTree works

if you change the parent name  to Author,  Editor or  Publisher and "new name"( support or agent or subscriber ) which is a child group will inherit its parent's property.

SET @parent_name = 'Editor';
SET @new_name = 'Agent';
--
.
.
-- rest of the sql code
.
--

for now your question:
"
... I added a new group "Support" to the jog_groups table, but the new group doesn't show up in the list of Access Level when you make or edit an article."

"
Exactly new groups("support") are added in groups, which you can see if you go to "User Manager". Subsequently  an article can be assigned access  for public or registered or special     access level type.

how to set group rights for example "support" for accessing different pages of your website, i am studying it now. will let you know if i get a solution .




check this forum thread about group privileges:
http://forum.joomla.org/index.php?topic=26169.0;wap2

I am looking forward to hearing a solution too

I'm stumbling in your footsteps and do not really know much about SQL but I've been trying to accomplish the same thing on a redundant db.

When I pasted the same SQL code (using PHPMyAdmin) and changed mos to jos, I get the following error:
-----------------------------------------------------------------------------------------
SQL query:

-- Select the parent node to insert after
SELECT @ins_id := group_id, @ins_lft := lft, @ins_rgt := rgt
FROM jos_core_acl_aro_groups
WHERE name = @parent_name

MySQL said:
#1054 - Unknown column 'group_id' in 'field list'
-----------------------------------------------------------------------------------------
The field list for Table: jos_core_acl_aro_groups is:
id
parent_id
name
lft
rgt
value

Do I need to replace "group_id" with one of these?

I'm building a swim team website and would like to create a group to assign to actual team members to restrict access to things like contact lists or maybe even a message forum.

in joomla 1.5

table jos_core_acl_aro_groups
field group_id is identified simply as "id".

The above code in blue will work for you without any edition of code.

(only thing u require to edit is : chose the parent name and its new child member.)
hope that helps you.

You can add all the groups you want, but if you can't assign them to content, what good is it?

There's more to this than simply creating the groups. There has to be some corresponding connection to access control.

Thank you that did work on the alt host server and it showed up in that database. I thought I would test it on my local dev server so I can actually see how it works in joomla but now I keep getting this error:

----------------------------------------
SQL query:

-- Select the parent node to insert after
SELECT @ins_id := id, @ins_lft := lft, @ins_rgt := rgt
FROM jos_core_acl_aro_groups
WHERE name = @parent_name ;

MySQL said:
#1267 - Illegal mix of collations (utf8_general_ci,IMPLICIT) and (utf8_unicode_ci,IMPLICIT) for operation '='
--------------------------------------

I even loaded phpmyadmin so that I'm using the same thing my hosting provider is. I sense my problem is probably painfully obvious for those that know what they are doing!

I was hoping the new security group would magically show up in the "Access Level" when you set the permissions for a particular area. Is there a way to do this?

I had this error as well.

change:

to


That fixed it for me and I was able to insert a new group name properly. Doesn't do any good though as you can not assign ACCESS based on group name. So there is more to this that we have not gotten to yet.

Thank you, that worked. I can even assign this group to a user but as you indicated, it can't be used for anything. I'll just watch this thread to see if any more tips emerge.

Thanks again!

OK, I've been playing with this a little.

I have successfully managed to add a Suppliers usergroup to the jos_core_acl_aro_groups table (using the blue SQL code above), and I am able to add a new user to this group in the Joomla User Manager.

I have also created a new 'Suppliers' Access-Level Group in the jos_groups table (a simple SQL insert worked here), and I am now able to assign menu-items/articles to my new access level in the Joomla menu-item manager.


Unfortunately this still doesnt function as we would like, as I cant figure out where the usergroups are linked/assigned to the access group - I would of thought there would be a simple table matching ID's from either group, but apparently not. If we can just locate where the connection between usergroup and accessgroup is made, we'll have the basis for managing simple user groups through Joomla.

_________________
http://www.cache-community.co.uk (MY first ever J! site) | http://www.vcwebdesigns.com

Can Forum moderators help us out in getting a clear way to define new access levels, we now know how to add new groups ?

This is also an area of interest for me as I am looking to use Joomla to manage 'confidential' content for a range of different clients and prospects. It would be most useful to be able to quarantine specfic users/groups to customised articles.
As I am not proficient with the code side of things I have to rely on an appropriate module.(Or is that extension?)
At present it seems I can only allow registered users in for a limited period before deregistering them and moving on to the next user/presentation.
It would seem to be part of the natural evolution of this remarkable system.
Any other leads?

Try entering ACL into the Google Custom Search Bar at the top of the forum and you will get a lot of detail on the work being carried out on it- in particular the White Papers viewtopic.php?f=500&t=275897#p1239600

_________________
Andy Wallace - Author of The Joomla! 1.5 Installation Manual http://joomlacode.org/gf/download/docmanfileversion/664/17471/1.5_Installation_Manual_version_0.5.pdf over 800,000 downloads and counting and translated into multiple languages!!
Version 2.5 under preparation...

I've converted a couple sites to Website Baker. Now, granted, it has nowhere near the functionality of Joomla, but it has much better access control. Seems a shame really. I love Joomla. It just can't handle access control like some simpler CMS solutions can.

Oh... and white papers are fine. And I really do appreciate all the work going into Joomla, but it seems that even though better access control has been promised for quite some time, it falls by the wayside.

Hi.

I having the same problem as you guys. But here is what I did:

I used the Blue code mentioned.

I edited /administrator/components/com_users/views/user/view.html.php line 112 according to http://forum.joomla.org/viewtopic.php?f=236&t=257886

I inserted a new group using INSERT INTO `jos_groups` (`id`,`name`) VALUES ('3','Support')

And now i was able to a new user to the new "Support" group and a new menu item to access level "support"

I hope this is right.

Please give feedback if i'm totally off

Nicolai

Hi,

I think i've found a solution for this issue (sorry for my bad English)
Here it is what i have done (in Joomla 1.5.6):


table 'jos_core_acl_aro_groups'

I call 'USERS', 'Public Fontend' and 'Public Backend' accesslevels ; I've added 'Nieuw' as shown above and a sublevel 'test'
Look especially to the tree-structure of the parameters.

Now I may assign a user to the new levels


Now the table : 'jos_groups' :



I've added 'Leden' to it.
(both can be done before installing in \installation\sql\mysql\joomla.sql - line 306 and line 783 like this


I can assign now an article or menu to the new acceslgroup 'Leden'




Now adding some code:

in \plugins\user\joomla.php line 117 add the red lines


// Fudge Authors, Editors, Publishers and Super Administrators into the special access group
if ($acl->is_group_child_of($grp->name, 'Registered') ||
$acl->is_group_child_of($grp->name, 'Public Backend')) {
$instance->set('aid', 2);
}
// Fudge test into the Leden access group
if ($acl->is_group_child_of($grp->name, 'Registered') ||
$acl->is_group_child_of($grp->name, 'Nieuw')) {
$instance->set('aid', 3);
}
//Set the usertype based on the ACL group name
$instance->set('usertype', $grp->name);

in administrator\components\com_users\views\users\view.html.php line 54 add

if ( $filter_type )
{
if ( $filter_type == 'Public Frontend' )
{
$where[] = ' a.usertype = \'Registered\' OR a.usertype = \'Author\' OR a.usertype = \'Editor\' OR a.usertype = \'Publisher\' ';
}
else if ( $filter_type == 'Public Backend' )
{
$where[] = 'a.usertype = \'Manager\' OR a.usertype = \'Administrator\' OR a.usertype = \'Super Administrator\' ';
}

else if ( $filter_type == 'Nieuw' )
{
$where[] = 'a.usertype = \'test\' ';
}

else
{
$where[] = 'a.usertype = LOWER( '.$db->Quote($filter_type).' ) ';
}
}


in \administrator\components\com_content\models\article.xml line 7 add the red line

<param name="access" type="list" size="20" default="0" label="Access Level" description="DETAILACCESS">
<option value="0">Public</option>
<option value="1">Registered</option>
<option value="2">Special</option>
<option value="3">Leden</option>
</param>


Now login at your site as user with 'test'-accesslevel and only this user can see
the modules and menus/ articles assigned to the accessgroup 'Leden'

Perhaps this will need some more testing, don't try this on a live-site !

I would like to HIDE some of the menu items for people of e certain group.

I've followed your code, added the new role/group and assigned the menu item to the new role.
But then, REGISTERED users don't see the menu item, but ANY other assigned role (even Author) will allow you to see the menu.... I expected that only people in the new group/role would see the menu item!

Anything new in this area? Maybe also something "native" where you don't have to dig into the code to change...

Hiding an item is harder
the access-algorithm in joomla is very simple

For example:
User : registered user = acceslevel 2
menuitem acces : Special (= acceslevel 3)

when a registerd user visits the webpage then Joomla does:
If acceslevel user(=2) < acceslevel menu ( = 3) then -> no access
So if you want to hide a menu for a certain group you have to create accesslevels between Public and Registered and this means more digging into the code.

And that is what I have tried now but in a different way
I've changed the logical operation u<m ->no access (on more than twenty different places in the code) with the logical bitwise operation ((2 power u) AND m) ->access
where m stands for an integer number in where every bit who is set has access to the (menu)item

Now I can give any item (menu or article or section..) access to any group separately : m = 1010010(binary) = 82 (dec) gives access to the 2e, 5e and 7e group.

If you want additional groups without hacking the code you have to go to 3e-party extensions like Juga but none of them I get to work and also these extensions do hack the code

All I can say is, if it were really as easy as the code examples you are posting, there would be no need for JACLPlus.

NOTE: This applies to JACLPlus for Joomla 1.0.x.

JACLPlus makes substantial core changes to over 20 files in Joomla. Why? Because Joomla is not really ACL/ARO aware. Menu items cannot be hidden by user. Functionality cannot be blocked off by user. Usergroups cannot be created. There are really no access privileges built into Joomla besides User, Author, and Publisher and those grant full View, Write, and Publish access to the whole site. You cannot create a Section or Category and grant access to a certain user or usergroup. You cannot limit modification of a Component to a certain user or usergroup. This is simply how Joomla/Mambo were built.

JACLPlus fixes all of that by providing full usergroup control over Joomla, and they even have provided ACL-aware versions of several popular 3rd party Joomla add-ons. The interface of JACLPlus is a little quirky but once you understand what ACO, AXO, and ARO are, it makes sense.

Upgrading a site with JACLPlus installed is not that difficult because they provide full download of Joomla with JACLPlus changes already applied. You can download Joomla 1.5.7+JACLPlus as well as upgrade packages that upgrade both Joomla and JACLPlus simultaneously.

I am not marketing for JACLPlus, but I almost gave up Joomla until I found this add-on. After I already spent a year building a website in Joomla, my client told me they MUST have usergroup controls so other employees around the world can tinker with part of the site. Without JACL, I would have had to start over with some other software, cause Joomla doesn't allow this.

It is expected that Joomla 1.6 or 2.0 will have real ACL (as well hopefully getting rid of the ridiculous Section-Category-Article dogma which makes logical hierarchical site management impossible). Unfortunately the Joomla Future Development info is rather hidden (there's a white papers forum about feature that might included but not a lot of detail and no definite version number that it is slated for). I have yet to find one article "Joomla 1.6 will contain X, Y, and Z."

Addendum regarding JACL and Joomla 1.5.

It seems that ByOSTech got greedy and decided to make JACL only available for Joomla 1.5 on a paid basis. They made it Zend encrypted software, making it impossible to use on IIS or servers that do not have Zend. They could at least have allowed ionCube, but the problems run deeper. They claim it is free software, but costs $36 every 3 months to download it. Further, there is NO FORUM TECH SUPPORT. All forum posts asking how to use it are ignored. There are dozens of negative reviews and posts saying it will not install or is extremely buggy and support e-mails are ignored.

Looks like I am stuck with JACLPlus for Joomla 1.0.x and I have to wait for Joomla 1.6 and see if it delivers. This is not just a rewrite of the core of Joomla permissions, but also any Joomla Plugins which come with Joomla need to be updated to be ACL-aware. Such as Glossary, FAQ, Banners, etc.

I have made the following post to ByOSTech forum. I'm sure it will be deleted so I post it here for posterity.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

It is very discouraging to see this message that ByOSTech no longer supports their product or forum:


But it is even more discouraging that the website seems abandoned. The following pages do not mention JACLPro or version 1.5. Why?

• Product - JACLPlus!
• JACLPlus Support List
• How To - JACLPlus!
• Downloads
• Enhance Access Control
• Installation Guide

This page contains comments which are no longer true:

• Chartered Membership

These facts are very discouraging!

• ByOSTech no longer has support or free components.
• ByOSTech does not offer JACLPlus Component for Joomla! 1.5.
• JACL requires Zend Optimizer (no ioncube, no IIS server)
• No updated Documentation for 1.5.
• Tech support by e-mail only (very secretive!)

I cannot believe this topic gets no response from ByOSTech:

• How Do I Download JACLPlus for Joomla 1.5?

I eventually found this hidden website which is the LICENSE AGREEMENT for JACLPro 1.5.


When is $108 a year = free software?

It seems to me that maybe it is not just the website, but all of JACL which is abandoned. Just take the money and run? I used to be a strong advocate of JACLPlus, but it seems like it's time to jump off this ship!

Hi,

feldon27,
You are right, JACL seems not to be very serious!

lancia11,
Did you test more your solution?

I wouldn't be too quick to flame JACL's developers for the Community member thing because, in the end, you're paying for support which is a common enough thing in the FOSS world these days.

People would be better served to aim their frustration/flames at the developers and documenters of Jooma! who hold onto the simplistic ACL model that's still used like grim death.

Add to that there is nowhere, that I can find, that explains in detail the ACL/security model used in 1.5.x. which is radically different than 1.0.x.

The three level model used by Joomla! makes it particularly poor, as I'm discovering, for an e-commerce application.

If that's what you're wanting to do you may be better serves looking at Drupal which is what I'm looking at now. Too bad, too, because all in all, Joomla! is a wonderful platform except for this near fatal drawback.

ttfn

John

I do feel that not going forward with the ACL changes in Joomla 1.5 meant that much longer of a delay before all components, modules, and plugins are fully ACL-aware.

Joomla 1.5 is really impossible to use in large applications unless everyone is an Administrator. Adding full ACL to Joomla 1.6 will improve things substantially. I just hope it does not take a lot of work on the part of developers to support it.

As for the Section-Category-Item system, something tells me that's not going away in Joomla 1.6. Which is unfortunate, but I've learned to work around it like so:

(one level deep)
Top Level Items -> Content -> Items

(two levels deep)
Section -> Content -> Items

(three levels deep)
Section -> Category -> Items

An alternate would be instead of Content to call it Uncategorized.

Given that 1.5 did mark a major departure from how ACL was coded in extentions I don't think it would have changed much of anything. Given that the developers chose to go half way and put the framework in place to support an expanded ACL system and then stopped, for whatever reason it wouldn't have changed a thing except perhaps to break backwards compatibility. Then again, there are times you have to give up that shibboleth in order to improve a system.



I can think of a couple of hundred more, myself. :-)

Still, I agree that this way of organizing (some) content will be with us a while longer even if it was far from ideal back in the Mambo days.

Of course, to get around it in Joomla now, as in the past, is by purchasing mostly commercial components and/or support which is also far from ideal.

Then again one of the things humans do best is muddling through!

ttfn

John

@feldon27,

couldn't agree more, JACLplus is a joke, not only is it over priced, but poorly coded and the encryption limits the potential, as you've mentioned.

@ALL
Couldn't agree more, J1.5 + + NEEDS granular ACL, for users, groups and hopefully content based items. Even a glance at Drupal, or even a 'lesser' CMS like WebsiteBaker, shows this is a Major hold back for Joomla in the coming years.. if this can get ironed out, Joomla will no doubt excel, if it doesn't.. who knows.

In his post here: viewtopic.php?p=1209189#p1209189
nakedbod has a VERY good image that shows what proper, granular ACL looks like. This may be overkill for some, but would cover all the bases for the majority of sites AND be extremely useful for larger, more complex sites.

Some articles of interest:
JXtended donating component to J1.6
http://community.joomla.org/blogs/commu ... la-16.html

ACL in 1.6:
http://www.jfoobar.org/blog/44-first-lo ... 6-acl.html

Let's hope the shape of things to come for Joomla! continue in this direction..

If not, who'd like to start a dev team to create 'The Best CMS of the Century' ?

_________________
My favorite web design/dev tools:
Rackspace Cloud Files + Cloud9 http://cloud9manager.com
24" iMac, MAMP Pro, Logitech MX Revolution, Coda, TextMate, Transmit, Snippley and Adobe CS4
For small ecommerce: http://nanao-cart.com