Programming with JFactory and User info

Moderators: mandville, PhilD, General Support Moderators

Locked
mkitcowt
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Tue Nov 06, 2012 11:04 am

Programming with JFactory and User info

Post by mkitcowt » Fri Jun 21, 2013 8:34 pm

I am developing a maintenance program using MySql and a Joomla 2.5 site and want to utilize Joomla User info to control access.

I created a new group called "Profile" (id=8) under Public with permissions "Site Login", "Create" and "Edit Own" set to "Allowed".
I want to assign a few users to this group and they will be allowed to update.
I also created a new Access Level, "Profile" and gave my new group viewing access. (although I don't know if that is necessary based on how I am using it)

I then code:
$user = JFactory::getUser();

What is the best way to verify that the user is "authorized" to update?
Is there a method I can reference?

Or do I have to code it:
$group_array = $user -> groups;
if (in_array(8, $group_array)) {echo "authorized";}else{echo "not authorized";}
And if so, how do I test "Create" and "Edit Own" permissions?

Lastly, if I want another group that can view only, do I need to create another group and/or VAL?

User avatar
rcarey
Joomla! Explorer
Joomla! Explorer
Posts: 469
Joined: Sat Apr 25, 2009 9:20 pm
Location: Minnesota (USA)
Contact:

Re: Programming with JFactory and User info

Post by rcarey » Sun Jun 23, 2013 2:01 pm

Here is some code from com_content (aka, Articles) illustrating how it checks with the ACL for permission setings:

Code: Select all

$canEdit	= $user->authorise('core.edit', 'com_content.article.'.$item->id);
$canEditOwn	= $user->authorise('core.edit.own', 'com_content.article.'.$item->id) && $item->created_by == $userId;
All checks follow the same pattern: $user->authorise( , ) with the first string representing the "action" and the second string representing the "asset" (compoennt, category, or item) to which the action applies. Above you see the checks for two actions ('core.edit' and 'core.edit.own') and both are checked against the a particular article under the component com_content.

I feel com_content is a good component for modelling how extensions should be coded. So for this example, go to this file to see how the ACL results are integrated within the layout file:
/administrator/components/com_content/views/articles/tmpl/default.php


Keep in mind that each extension is free to create its own set actions (e.g.: 'core.create', 'core.edit', 'core.whatever'), and each extension is responsible for enforcing the meaning of each of these actions (i.e., if a person is allowed or denied an action on that extension, what does that allow and what does that deny).


If you want to limit access (such as viewing access) to an extension or to category/items of an extension, then typically you would set this through an access level. You might need to create your own access level and assign it to just the one or few groups that should have this type of access.


The example you gave

Code: Select all

if (in_array(8, $group_array)) {echo "authorized";}else{echo "not authorized";} 
is helpful if you are overriding a layout file and need to impose some permission to see or do something - within an extension for which you do not have control to add actions and set permissions. But the developer of an extension ought to use the ACL code such as $user->authorize(,).
Randy Carey, the iCue Project http://iCueProject.com : developing an intelligent approach to improving the CMS user experience,
Careytech Studios http://careytech.com custom development for tailored or value-added web solutions


Locked

Return to “Access Control List (ACL) in Joomla! 2.5”