[15]Access Management in Joomla! 1.6

spektr
Joomla! Apprentice
Joomla! Apprentice
Posts: 40
Joined: Mon Oct 13, 2008 7:05 am

Re: [15]Access Management in Joomla! 1.6

Post by spektr » Sun Nov 16, 2008 7:22 pm

Will it be possible to remove for instance group 'author' from special user group?

I have a menus for administrator, the problem is that this menu is also visible to group level author and above. Which is not good...for me.

User avatar
almamun
Joomla! Guru
Joomla! Guru
Posts: 798
Joined: Fri Jul 18, 2008 2:28 pm
Location: Dinajpur, Bangladesh
Contact:

Re: [15]Access Management in Joomla! 1.6

Post by almamun » Tue Nov 18, 2008 2:00 pm

I would expect something more- a core blog & a forum. Or at least a blog. You know everybody has something to share to his mind.
Bengali (Bangladesh) Forum Moderator

http://amviro.com - Web & App Development.

User avatar
Klementz
Joomla! Explorer
Joomla! Explorer
Posts: 400
Joined: Sun Aug 28, 2005 2:55 pm
Location: Barrie, Ontario CANADA
Contact:

Re: [15]Access Management in Joomla! 1.6

Post by Klementz » Fri Dec 05, 2008 5:15 pm

feldon27 wrote: Has anyone looked at:
http://www.jfoobar.org/blog/44-first-lo ... 6-acl.html
Thanks for the link, that is very encouraging.

I am in the camp that is going to require this for different customer groups, who will need to see content based on who they are.
http://www.jdanielclements.com (Personal photography site)
http://www.coinzoo.net (World coin collection with animals)

chas
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 178
Joined: Thu Feb 02, 2006 9:45 am

Re: [15]Access Management in Joomla! 1.6

Post by chas » Tue Dec 09, 2008 6:43 am

are we still debating on groups or roles? why not both because the concept is still the same no matter what the name is....

may i say just look at drupal !! or multi-groups in invision forums?

tiggerle
Joomla! Apprentice
Joomla! Apprentice
Posts: 17
Joined: Sun Dec 07, 2008 10:02 pm

Re: [15]Access Management in Joomla! 1.6

Post by tiggerle » Tue Dec 09, 2008 8:14 pm

GMaccess 5.8 is the best current solution and it just needed to be completely implemented in the code :)
just found it yesterday after long search ... had some troubles installing it (really runs only native ...) but now I am a great fan of it. You should really check out it's many features! Up to now it is not so easy to find in google, but I post the link here http://www.eduvs.ch/gmaccess

User avatar
newart
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 3177
Joined: Fri Sep 02, 2005 10:06 am
Location: Solar system - Earth - European Union

Re: [15]Access Management in Joomla! 1.6

Post by newart » Tue Dec 30, 2008 5:44 pm

just for understanding better where we are, well, at what point is the 1.6 project ? I see in the dev page a link to a 1.6 code but nothing else...

Somebody could explain us something? thanx a lot in advance!
former Q&T WorkGroup Joomla member - Italian Translation Team Member

persian6060
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Sat Jul 26, 2008 9:33 am

Re: [15]Access Management in Joomla! 1.6

Post by persian6060 » Sun Jan 04, 2009 9:55 am

tiggerle wrote:GMaccess 5.8 is the best current solution and it just needed to be completely implemented in the code :)
just found it yesterday after long search ... had some troubles installing it (really runs only native ...) but now I am a great fan of it. You should really check out it's many features! Up to now it is not so easy to find in google, but I post the link here http://www.eduvs.ch/gmaccess
;)
merci
tanku

User avatar
newart
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 3177
Joined: Fri Sep 02, 2005 10:06 am
Location: Solar system - Earth - European Union

Re: [15]Access Management in Joomla! 1.6

Post by newart » Sun Jan 04, 2009 3:13 pm

former Q&T WorkGroup Joomla member - Italian Translation Team Member

Fred Watrous
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Thu Dec 11, 2008 6:41 pm

Re: [15]Access Management in Joomla! 1.6

Post by Fred Watrous » Sat Jan 10, 2009 9:21 am

In response to the original question:
jmonarch wrote:Allow for Advanced User Privileges

1. Introduction

Many websites require a tiered user permission system, in which specific user groups are given different permissions and access to other parts of the site that a traditional user may not be (i.e. a paid site, which has "premium" content, but also free options). This paper looks at a method for which administrators could create usergroups, and set permissions including limiting access to modules.

2. Scope
  • Administrators can create groups, and limit access to specific modules on a group by group basis
3. Technical implementation
  • All in the backend, users see nothing except what they're allowed
  • Allow for automation. Example, if users pay for access, then they're automatically placed in a special group
  • Allow for an unlimited number of groups
Thank you.
I wish to propose a version 1.6 ACL security system based on version 1.5 Groups and Access Levels. It would minimize the impact on the Joomla! Framework, interface, and what is the Joomla! concept of security, while allowing a rich new feature, version 1.6 Groups, as an optional addition to version 1.6 security. Version 1.5 groups and access levels would be combined into the same concept of version 1.6 Roles, (Access Levels in 1.5 are basically an abridged, ie: shortened, version of 1.5 groups). One new component, Groups, would add 2 new steps to the access decision, and allow administrators to change the user’s level of control over specific objects, ie: Sections, Containers, Articles, Components, Modules, Plug-ins, etc...

1. Develop user ROLES based on the 1.5 version of groups. In version 1.6, keep all the current 1.5 groups. Add the Role “Public” to include that Access Level, and eventually “Custom” for extenders. Give guests (visitors) that have not logged in to your web site the automatic role of “Public” as well, ie: minimum changes for objects from 1.5 Access Levels to 1.6 user Roles.

2. OBJECTS, (Sections, Containers, Articles, Components, Modules, etc…), should replace the current Access Level, (Public, Registered, Special) for the same version 1.6 Role. Default user control for objects should be based on the 1.5 definition of what the 1.5 groups allowed. (Minimum retraining and reconfiguring when updating to 1.6)

3. GROUPS should be able to be added optionally by the site administrator in order to change the default CONTROL, (View, Edit, Change, Delete), and default ACCESS, (Grant, Deny), for a user’s role as specified in User Configuration. Groups are made up of a list of users and a list of specific objects which are to be acted on. For each object the group then specifies: if access should be granted or denied, and a role level if something other than the default. When granted access, the user will be given control of the object to the control level defined by the higher of the group’s or the user’s own role level. If the group denies access, and the user has a higher role level than that defined by the group for that object, then the denial does not apply. (The Group component should show specifically which users will not be denied access to the object regardless of the group setting for denial.) For access denial to apply, the role level specified must be greater than the minimum of the object’s default. The user role for denial of access should never be allow to be set to super administrator, and probably should not be allowed for grants either. Thus Super Administrator would have default access to all parts of the system since objects cannot have a higher minimum level of access than Super Administrator.

4. Complexity: behind the scenes of objects and how minimum roles are to be applied to access and control. In order to apply 1.5 group behaviours to 1.6 objects, each object must belong to a type that defines if a user is given access on the front-side or backside, and to what level of control a user has for Select, Insert, Update, and Delete, ie: you can think of these as Public/Registered, Author, Editor, and Publisher on the front-side if your not familiar with database terminology. Without explaining the whole thing, version 1.5 groups and 1.6 Roles state which one particular level a user has. In order for 1.6 Roles to work, each object has to have a grid of which user levels are required for each row (front-side, backside) and column (Select, Insert, Update, Delete). By default, 1.5 Access Levels set the required level for Select of an object on the front-side. Joomla!’s framework specifies an objects behaviour by which specific user groups in 1.5 are required for each of these grid positions based on the objects type. (I’m not into Joomla!’s framework, so I can’t say if this grid is hardcoded or based on a database table. Version 1.6 ACL in this proposal will require a database table.) When a user requests access and control of an object, the web site will determine which row is used, and the comparison of columns will determine which types of actions the user can perform on the object in that web site. Access is granted to the user’s request if he has the same or higher role as required by the object and the type of action to be performed. Changing the 1.6 role level, ie: the 1.5 Access Level, for the objects “front-side / select” user role requirement, should thus slide the entire tables default user role level requirements up or down for each row and column. If there is a real need for creating another component to change the behaviour levels per row and column, then add it later or leave it to the extenders to open this up. (Yes, groups could be extended to include it, but its complex enough as is and you want something that will change the default behaviour for the object). If the Access Level “Special” could be hidden or removed when updating to 1.6, it would be great. Anyways, it should not be allowed as a choice for 1.6 Users or Groups.


5. Use the same name for roles in 1.6 as the present groups in 1.5 in order to avoid confusion. Develop the basic rights based on the present 1.5 group restrictions and connect them to each respective role. Version 1.5 users will upgrade directly to 1.6 Roles, and thus groups are not a necessary when upgrading to 1.6. It would be helpful to be able to change roles on several objects, such as modules or menus, by checking all or a few of them in a list and giving them a common minimum role level from the menu line without having to edit each one individually.

6. Keep Joomla! security in the framework. Don’t require extensions to perform basic security checks for standard objects, ie: articles, but allow them to add system security checks to objects created via components, modules, etc… Joomla! determines if a user has access to JEvents. But JEvents can use the system ACL’s to determine which events a user can see, change, delete.

7. How access and control is determined:

a. The site configuration must determine if by default, grant access should be given priority over denial of access, or the other way around. This will change the order of point “b” and “c” below.

b. Has the user been included in any group which grants specific access to the object and what is the maximum role specified by any such group? If YES, then the user is granted access with the greater role level of the user’s own role or the maximum role level set for that object by any group the user belongs to. Otherwise continue to the next rule.

c. Has the user been included in any group which denies specific access to the object? If YES, then access is denied unless the user’s own role is greater than the maximum role level set for that object by any group the user belongs to. Otherwise continue to the next rule.

d. If none of the rules above apply, then the user’s role level must meet or exceed that of the object’s default minimum role for access. If YES, then access is granted with the user’s own level of control, else denied.

crony
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 113
Joined: Sun Oct 15, 2006 10:17 pm
Contact:

Re: [15]Access Management in Joomla! 1.6

Post by crony » Mon Jan 26, 2009 2:22 pm

Hello,

On my opinion too, GMA access is a very well advanced ACL management component...

http://www.eduvs.ch/gmaccess/

Enjoy ! :pop
Enjoy J!

BaidareW
Joomla! Apprentice
Joomla! Apprentice
Posts: 22
Joined: Tue Jan 13, 2009 7:13 pm

Re: [15]Access Management in Joomla! 1.6

Post by BaidareW » Tue Jan 27, 2009 5:35 pm

Is there English version of GMAccess ? I can't find one.. Had problems during installation and stuck with it as I couldn't find any English help..

crony
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 113
Joined: Sun Oct 15, 2006 10:17 pm
Contact:

Re: [15]Access Management in Joomla! 1.6

Post by crony » Fri Jan 30, 2009 12:42 pm

Indeed there's not...
Anyway, the Core Team has decided something else for 1.6:
http://community.joomla.org/blogs/commu ... la-16.html

That solution looks very promising for now and futur improvements ! Well done J!Xtend :)
Enjoy J!

User avatar
newart
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 3177
Joined: Fri Sep 02, 2005 10:06 am
Location: Solar system - Earth - European Union

Re: [15]Access Management in Joomla! 1.6

Post by newart » Fri Jan 30, 2009 1:06 pm

I'm very excited to hear all from that team! In particular way for the nested categories (IMHO most important than user rights)! I hope to know when all is ready, when 1.6 ?!? ;)
former Q&T WorkGroup Joomla member - Italian Translation Team Member

crony
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 113
Joined: Sun Oct 15, 2006 10:17 pm
Contact:

Re: [15]Access Management in Joomla! 1.6

Post by crony » Fri Jan 30, 2009 1:43 pm

Excited as well :)

<social analyst mode>
Funny how all this buzz round Joomla! , new dev methods, partnership, old and new cycle release, allows us to suppose a release date for 1.6
</ social analyst mode>

<wizard mode>
Now !
</ wizard mode>

<Joomla! core team mode>
Sooner, or later...
</ Joomla! core team mode>

<crony :pop mode>
March, and/or August...
</ crony :pop mode>
Enjoy J!

janeinpa
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 190
Joined: Thu Jan 10, 2008 1:43 pm

Re: [15]Access Management in Joomla! 1.6

Post by janeinpa » Wed Feb 04, 2009 3:51 pm

I am looking for this as well. Specifically, I want some of my users to be able to easily upload photos into a gallery in their articles. I haven't found a program that allows this from the front end, so as an alternative I want them to access the just back-end control panel for the gallery program where they could easily upload. I don't want them messing around with anything else in the back end.

Any chance of being able to do this?

User avatar
the_real_svempa
Joomla! Intern
Joomla! Intern
Posts: 55
Joined: Wed Oct 24, 2007 11:23 am
Location: Sweden

Re: [15]Access Management in Joomla! 1.6

Post by the_real_svempa » Wed Feb 04, 2009 4:41 pm

janeinpa,

I am not sure I fully understood your needs, but take a look at the extension Phoca Gallery. It has quite a good ACL built in, so it is possible to assign individual user rights to each gallery. It is also possible to upload, publish and delete in the frontend if you have the requiste rights. I am using it at http://www.bankel.se (site still in test phase after more than a year of development, on and off) and you are welcome to test yourself. Log on with testare/test1 and look under the menu item Personligt. Should be self explanatory.

The site also uses another extension, Joomla Flash Uploader, where each user can upload/delete in the frontend to a library with a name identical to the username, in combination with rhuk_slideshow so the user can control his/her own slideshow. The menu item is "Ladda upp bild" in the user menu.

If you use images/stories as the base directory this extension could also be used to upload images for use in articles, with one specific library for each user.

janeinpa
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 190
Joined: Thu Jan 10, 2008 1:43 pm

Re: [15]Access Management in Joomla! 1.6

Post by janeinpa » Wed Feb 04, 2009 7:22 pm

Oh, that sounds like just what I want. I'll try it out! Thank you.

janeinpa
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 190
Joined: Thu Jan 10, 2008 1:43 pm

Re: [15]Access Management in Joomla! 1.6

Post by janeinpa » Sun Feb 08, 2009 12:58 am

I found Phoca and installed it and it's perfect except for one thing -- it only works in Firefox. I can't get it to work in IE7. I'm trying everywhere to find an answer. Every time I enable the Phoca menu mod, you can't even access my site in IE7 -- you get an error -- can't access sige, action aborted.

I thought perhaps you may know how to fix this. www.ewgaphilly.com/new_15_site

ndrwld
Joomla! Fledgling
Joomla! Fledgling
Posts: 4
Joined: Wed Nov 19, 2008 1:43 am

Re: [15]Access Management in Joomla! 1.6

Post by ndrwld » Thu Feb 26, 2009 9:03 am

I've found something, all about article publishing in Joomla, but hasn't test yet: http://forum.joomla.org/viewtopic.php?f=431&t=359791

User avatar
revive1
Joomla! Intern
Joomla! Intern
Posts: 87
Joined: Sat Apr 12, 2008 1:41 am

Re: [15]Access Management in Joomla! 1.6

Post by revive1 » Tue Mar 03, 2009 9:17 am

Checking out GMAccess now, will post back after testing on j1.5.9

Also, for us English speakers, Googles Translate service helps a lot, here is a link to the English version via Google:

http://translate.google.com/translate?p ... auto&tl=en
My favorite web design/dev tools:
Rackspace Cloud Files + Cloud9 http://cloud9manager.com
24" iMac, MAMP Pro, Logitech MX Revolution, Coda, TextMate, Transmit, Snippley and Adobe CS4
For small ecommerce: http://nanao-cart.com

User avatar
revive1
Joomla! Intern
Joomla! Intern
Posts: 87
Joined: Sat Apr 12, 2008 1:41 am

Re: [15]Access Management in Joomla! 1.6

Post by revive1 » Tue Mar 03, 2009 9:30 am

@Nakebod (http://forum.joomla.org/viewtopic.php?p ... 9#p1209189),

couldn't agree more, and your image concept is spot on in my opinion. My team and I were just discussing granular ACO within Joomla the other day and your image is EXACTLY what I had described to them (great minds lol). I know some users mention that this is 'overkill' but it is always better to have MORE control and options, than not enough, as we are witnessing with the current ACL. Also, taking a look at ANY other software geared towards medium to large businesses, eCommerce, etc. - from CRMs like SugarCRM, to simple CMSs like WebsiteBaker - they all have granular access control to come extent and to a much greater extent than Joomla as this point in time. This is a shame and should be on the highest priority of the dev team, IMHO.

@ALL
Couldn't agree more, J1.5 + + NEEDS granular ACL, for users, groups and hopefully content based items. As I mentioned above, taking a look at other software that offer ACL correctly, shows this is a Major hold back for Joomla in the coming years.. if this can get ironed out, Joomla will no doubt excel, if it doesn't.. who knows.

Some articles of interest:
JXtended donating component to J1.6
http://community.joomla.org/blogs/commu ... la-16.html

ACL in 1.6:
http://www.jfoobar.org/blog/44-first-lo ... 6-acl.html

Let's hope the shape of things to come for Joomla! continue in this direction..

If not, who'd like to start a dev team to create 'The Best CMS of the Century' ? ;)
My favorite web design/dev tools:
Rackspace Cloud Files + Cloud9 http://cloud9manager.com
24" iMac, MAMP Pro, Logitech MX Revolution, Coda, TextMate, Transmit, Snippley and Adobe CS4
For small ecommerce: http://nanao-cart.com

User avatar
H13
Joomla! Ace
Joomla! Ace
Posts: 1434
Joined: Sun Dec 10, 2006 6:39 pm
Location: Czech Republic
Contact:

Re: [15]Access Management in Joomla! 1.6

Post by H13 » Tue Mar 17, 2009 9:03 pm

janeinpa wrote: Every time I enable the Phoca menu mod, you can't even access my site in IE7 -- you get an error -- can't access sige, action aborted.
Try to install new version of Phoca Gallery Menu Module, there is a hack for this IE bug now, so maybe it will work for you ...

Jan
- Phoca Gallery - powerful image gallery - http://www.phoca.cz/phocagallery/
- Phoca Restaurant Menu - http://www.phoca.cz/restaurantmenudemo/
- Phoca Cart - e-commerce platform for Joomla!
- Phoca Download - download manager for Joomla!

jdelivery
Joomla! Apprentice
Joomla! Apprentice
Posts: 9
Joined: Mon Feb 16, 2009 2:14 pm
Contact:

Re: [15]Access Management in Joomla! 1.6

Post by jdelivery » Wed Apr 08, 2009 3:05 pm

i agree. gmaccess looks good.

and i hope to be blogging in 1.6 too. :)
- Matamko.com : Joomla Extension modelled after yousendit.com for Joomla 1.5.X

User avatar
newart
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 3177
Joined: Fri Sep 02, 2005 10:06 am
Location: Solar system - Earth - European Union

Re: [15]Access Management in Joomla! 1.6

Post by newart » Wed Apr 08, 2009 6:26 pm

Please where can we have a look at the real status of 1.6 works ?
former Q&T WorkGroup Joomla member - Italian Translation Team Member

MatthewSchenker
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 233
Joined: Tue Nov 25, 2008 7:10 pm

Re: [15]Access Management in Joomla! 1.6

Post by MatthewSchenker » Tue Jun 02, 2009 11:10 am

Hello,
Just wanted to add my voice to those who really want this! Can't tell you how many times I have said, "I wish I could specify user access for my site."

Please keep up the progress on this functionality!

Thanks,
Matt


Locked

Return to “Accepted - Archived”