User Level Access Control

[windyweather]

Why: Background::
Currently, it does not appear to be possible to make a site where the site can communicate securely and uniquely with each individual user. There are many small business models that require such 1-1 interaction with secure password protected content on a continuing basis. Some examples include:
- Technical consulting. The consultant and client maintain a history of a relationship with requirements, specs, contracts, and final versions of you name it and communicate via the site.
- Contractors. Home construction remodeling.
- Legal services.
- etc etc. You get the idea.

What: Functional Requirements:

Control access by user, not just by defined groups, to:
- sections.
- categories.
- individual articles.
<<Other Content types?>>

Currently, it appears that user control requires creating a unique group for each user.
Also, it is not clear whether group access can be applied to categories and sections.

It seems that an "access" rollout - or whatever you call them - should be present for each content and classification type. This should provide a list such as:
- GROUP
- USER
- PUBLIC

and a list of permissions such as:
- READ ONLY
- READ and ADD ARTICLES
- NO ACCESS

A fully general system would allow this to create an access list of course so that individual users could be permitted or denied. But a useful default should be provided so that it is easy to set up articles / categories / sections with access only by an individual user, short list of users, or group, or short list of groups.

Inability to apply control to a category, and only providing the access to individual articles is error prone. It's much easier to get it right when an article is set to a category for that individual user, rather than having to apply the protection to each individual article as a separate step.

When an article is not visible, then no trace of it should be presented. For example, the categories, or sections, or article titles appear in no lists that are visible to unauthorized users.

THOUGHTS
o The design should be easy to understand by looking at the rollout for the feature.
o The design should not employ mathematically correct, but convoluted logic, such as embedding permissions in groups, rather than in the ACL.
o It might be useful to allow management of a list of ACLs and then quickly applying the ACLs to a content class, or instance. - Article, category, section.

- thanks for listening.
If this stuff is already present, I can't find it, and no replies were forthcoming in a posting in the EXTENSIONS section of the forums. I tried to do my due- diligence.

If it is present, I would appreciate knowing about it.

- windy

[user deleted]

Hi windy,

Extended ACL will be included in the next major version, 1.6. Check out the community blogs, there are already some posts about it there.

[purnendu]

Excellent question raised.

Infact I too am working on a website where there is need for client module.

A client can only see his section and articles published. Further whenever he submits an article, the article only gets added in his section / category.

So is that possible. If no such mod exists, are there any workarounds for it??

[dhuelsmann]

@windyweather -A preview of the fine granular ACL control to be available in 1.6 http://community.joomla.org/blogs/commu ... -wait.html