Will be a better access control in Joomla RC* ?

[petoroth]

For 4 months I wrote in: http://forum.joomla.org/index.php/topic ... #msg807735
I don't like user managment in Joomla.
I thought that is normal, that the administrator (in any CMS) can make so many user groups, he will  - to make some content items vissible only for specific users. I don't mind registred users in Joomla, but registred users they should belong to a specific group, for them is specific content visible.
So I propose to solve this problem in Joomla team.

Now the Joomla 1.5RC2 is avaible and this problem is still actual. How many months should I wait fot better acces control in Joomla. I think it should be a change in the CORE of Joomla system. I think it is not a work for any component or plugin.

[MuffinDCC]

According to some posts I have read, Andrew Eddie has developed RokACL which is a powerful ACL component for 1.5 and should be fully incorporated into Joomla 1.6

[masterchief]

Yep, that's the plan anyway.

[Asphyx]

Glad I found this thread...saves me from making a new topic! LOL

Andrew I have a question (consider it a suggestion if the answer is no LOL)

Does any of the planned ACL (I suppose ROK is what is planned) have a system to limit or ban users from specific domains?
I have a site that is getting a lot of spam user regs from mail.ru
In VBull I can ban certain email accounts from registering and it notifies the user the email is not valid.
Now I know Joomla wisely allows you to send a confirmation email they must use to activate the account, and even though that stops the spammers from activating (in most cases) it still clutters up the userlist with a bunch of unactivated accounts.
will the new ACL system have a few good banning parameters we could set?

[petoroth]

Thanks for answers
I have 2 questions:
Is RokACL anywhere possible to use it, or test?
How long do I have to wait for Joomla 1.6 with a correct ACL build in CORE system of Joomla?

[masterchief]

@Asphyx

Not in ACL but I've flagged that sort of thing for consideration in 1.6.  You could possibly get a combination of user plugins to work this way.

@petoroth

RokACL is available as a proof-of-concept on the RocketWerx project on Joomlacode.
http://joomlacode.org/gf/project/rocketwerx/scmsvn/

It's not really in the form I'd like it for the general masses to use and only the admin interface is done at present.  However, it will be available for 1.5 but will probably require a few manual hacks to allow it to integrate with com_content.  Availability is subject to a few me winning a few commercial projects that will help fund this.  My hope is then that this proof testing in 1.5 land means that the whole shebang can be just dropped into 1.6 in a very mature state early in the development cycle.

[Asphyx]

Thanks Andrew....

Now that I think about it...what I want would probably be better done in the registration component anyway....
ACL is tough enough to try and tackle that in there as well...
Look forward to your first beta on Rok...

[petoroth]

To masterchief:

When I good understand, you are the author of the project ROKACL.
In your reply I didn´t find, how long should I wait for minimally test version of ROKACL?
In the site you mentioned the are only codes of these files.

[masterchief]

Hi petoroth

I don't have a date yet unfortunately.  It depends on my workloads (which are pretty high at the moment).

[petoroth]

To: masterchief

Ok, I will wait...

Btw.: What do you think about another components or plugins to improve the ACL in Joomla?
For example:  JUGA, iACLMinus and another (http://extensions.joomla.org/index.php? ... &Itemid=35)

[masterchief]

I haven't looked at them, sorry.

[pacovell]

Andrew, I've been referred to you by another reader on a thread I started about ACL:
(http://forum.joomla.org/index.php/topic ... msg1174975)

It looks like you've written the back-end and I've written much of the front-end of this.  I'd be happy to put it together if you're up for it.  Don't think it would really take much of your time except to review with your more experienced PHP/Joomla eyes. 

I need to have this for a project, so either way I'm planning to finish it for my own use.  Let me know how I can help get it into the larger project if that's of use.

Cheers,
-Paul

[reikimaster]

Where is RokACL at this point in time?
It was my understanding for a very long time that we'd see better ACL in 1.5. I've been a Joomla since the beginning. I now have a project that will REQUIRE better and more granular access control and sadly, my beloved Joomla is simply not up to the task. In fact I am getting better access control for communication and files distribution from Simple Machines Forum than I am from Joomla. That doesn't work well for web content though... only files.

I am anxious to get this back on Joomla. In its current state as a CMS, Joomla has this one sticky point. the only thing you can actually MANAGE is who is able to WRITE or submit content. You have VERY little control over to whom you DELIVER or display content. (Public and Registered are simply not enough)

I am hopeful that RokACL will solve this and I look forward to seeing it. Right now the JXtended site appears to be place holder.

thank you, Andrew, for working on this. I am certain that when ready, it will blow peoples' socks off. It will surely fill a need that has been promised for quite a while and YOUR involvement just gives me a much higher level of confidence as to HOW it will be done.

[petoroth]

I agree with reikimaster. I´ve expected an improve of ACL in Joomla 1.5.

According to some posts I have read, Andrew Eddie has developed RokACL which is a powerful ACL component for 1.5 and should be fully incorporated into Joomla 1.6

A question to Andrew Eddie:
When we can expect Joomla 1.6 with better ACL or RokACL?
When starts the project  http://www.jxtended.com ?

[masterchief]

When we can expect Joomla 1.6 with better ACL or RokACL?

That's completely up to the community now.  There's some Joomla! News coming about this at the end of this week.

As for Control (was RokACL) I've got it working in principle but only for my own components.  I won't be doing hacks for core components because this will almost without a doubt be done in 1.6.  There are a few of us with different ideas and we'll be asking the community for theirs as well.

The jXtended site is "nearly" there   I've been a bit busy.

[oliverp]

As above, I am also glad I found this post as not to post the same message again.
I 2nd the having Joomla group management available so we can create groups and deliver access and content to specific users and groups.
BUT I just popped in to say that My team has written a group security component that addresses this in 1.5 that we are using corporately with an expected 500 users each with their own group, with tiered access within the group. This also works alongside the existing Joomla groups so instead of:

--backend
frontend {
-----Pub
-------Author
----------Editor
-------------Reg
-----------------User
}

You can now have
----backend
---frontend {
Group [ $x ]                   
----Pub
-------Au
------------Edit
---------------Reg
}
With access (in respective tiers) to certain shared or private content.  This way we section off each of our $x customers to create edit and view as well as distribute to the public their own content.  My point being, nvm so much if the adds to J1.6 aren't as flexible as you may need, for some of us  group management is a necessity and steps have already been taken to mod Joomla to work the way every other CMS/Forum/etc works.  Look out for com_groupsec hitting the beta area soon

I should add that this component does also deliver group permissioning to custom group delivered menus with these tiers applied as well.

[adrianlewis]

I might be going slightly off topic here but one idea that I'd love to see which might be feasible with the new phpGACL framework is the ability to have 3 modes of being authenticated. Instead of simply anonymous or authenticated, having a cookie based semi-logged in status would be great. This is what you get with amazon where even though you've not logged in, it recognises you and gives you personal content. As soon as you need to do anything that requires more security, you have to log in fully.

Could anyone say whether this is something that could be done or am I just dreaming here?