Well after a bit of research here's what I came up with; and I am actually using this at a client site.
There's a component/module suite written by Gerard Korsten called "Group Access" (available at
http://www.shadowrain.co.za/index.php?option=content&task=view&id=7&Itemid=31). It consists of a component to create and manage the groups and a module which repalces the mod_mainmenu module. It displays the menus (main, user, top and/or other) and handles the appropriate display based on the user login. You can use the module to replace ALL of the menus or only the menus you want to control access on.
This allows you to create groups of users (or a group with just ONE user) and assign certain menu options to them. In my client's case for example (a school district), they wanted a section assigned to the Principal and a section assigned to the Nurse - while they wanted the public to be able to view entries, they only wanted the Principals or Nurses to have access to submit to it.
Using the usual methods, I created the sections/categories as necessary, then created a Section Submit menu option for each.
Using the Group Access component, I created a group for the Principal's Section Submit menu option and put ONLY the Principal in the group. I did the same with the School Nurse's Section menu option. Now when a Teacher or Staff member logs in, in their User menu they see only the option to submit news to the General News Section. That's the only sbmit link they see, so it's the only option available to them.
When the Principal logs in, the user menu shows the General submit link - but also shows the link for the Principal's Section (the client wanted the Principals/Nurses to have both options available to them), likewise for the Nurses. In this way, you can sort of control what menu links are visible to a specific user or group of users and in so doing, limit their access to a section.
This works great and is easier to use than to explain. Gerard has a flash tutorial on his site and it shows the component/mod in action (even he admits it's easier to understand once you see it
)
Note that this is NOT a secure solution; users will still be able to gain access to other parts of your website by changing the parameters in the url ....if they know how the parameters work. But it does offer a level of granularity missing from Joomla/Mambo ACLs and might work for you as it did for me. It's certainly worth a try. I found it quite easy to set up and use - but the tutorial is a definite prerequisite as it makes the whole concept easier to understand.
Nice job Gerard, this would be a great thing to fold into the core - though I think they are looking at implementing either phpGACL api, JACLplus or some combination of them both. Until Q3 2006 this seems to be my best answer...hope it helps you.
Login
Register
Rules
FAQ
The team
). 
