Need to restrict access levels in drop-down list

Moderators: mandville, PhilD, General Support Moderators

Joomla! Apprentice
Joomla! Apprentice
Posts: 10
Joined: Thu Jan 16, 2014 5:53 pm

Need to restrict access levels in drop-down list

Post by placelogohere » Thu Jan 16, 2014 6:09 pm

We are currently performing user testing of a Joomla 2.5 installation as our Intranet.

The goal is for each department's authors to be able to write content visible to either all users or only those in their own department. We have established user groups and categories for each department, and set the category permissions so that only authors in that department's user group can create or edit content for that category. Additionally, we have created access levels so that content created with that designated access level is only viewable to users in the related user group (therefore, only their own department).

For example: Dept A has a same-named category, user group and access level, and the permissions on the category are set so that only users in the Dept A user group can create or edit content in it. When a Dept A user creates an article, they will put it in the Dept A category and then assign it either an access level of "public" (if the article is to be viewable to all) or "Dept A" (if access is to be restricted to only Dept A users).

Everything is fine so far, except all access levels appear in the drop-down selector when creating or editing an article via the front-end interface. The problem is that a user can select an access level for which their user group is not assigned, thereby creating an article they cannot view.

Is there any way to restrict this so that only access levels to which the user group is assigned are in the drop down? Thanks in advance for any recommendations or assistance.

User avatar
Joomla! Explorer
Joomla! Explorer
Posts: 469
Joined: Sat Apr 25, 2009 9:20 pm
Location: Minnesota (USA)

Re: Need to restrict access levels in drop-down list

Post by rcarey » Thu Jan 16, 2014 10:37 pm

What you are asking is quite reasonable. I don't think there is a way to attain this through configuration, but there is by code.

Ideally, we'd like to filter through the list of access levels before the <input> code is generated, but unfortunately that code is generated within the core library (something we can't override safely). So a reasonable approach is to parse the HTML code after it has been generated and extract options that we don't want. In your case, and probably in most everyone's case, that is to prevent someone from assigning an article to an access level for which they do not belong.

You should override the layout file for front-end editing of an article (used for both editing and creating). That file is
and of course, you place the copied file here

Open copied/overriding file. Then find the line that inserts the input for 'access', which should be line 180. I would comment out that line, but eventually you might want to just remove it.
In place of this code that you commented out or removed, place this code

Code: Select all

  <?php /* -- remove unauthorized options from access list dropdown, then add this edited <input> to the form */
        $input = $this->form->getInput('access');
        $authAL = JFactory::getUser()->getAuthorisedViewLevels();
        $start_position = strpos($input,'<option');
            $value_position = strpos($input,'value="',$start_position)+7;
            $value = intVal(substr($input,$value_position));
            $end_of_option = strpos($input,'</option>',$start_position)+10;
            if($value && $end_of_option && !in_array($value,$authAL)){
                // this user is not included within this access level... extract this option
                $front_part = substr($input,0,$start_position);
                $back_part = substr($input,$end_of_option);
                $input = $front_part.$back_part;
               //since we extracted the option, our next check for an option will start from our last $start_position
                $start_position = strpos($input,'<option',$start_position);
                // The user is included within this access level.  Keep this option and advance to the next one
                $start_position = strpos($input,'<option',$end_of_option);
        echo $input;
I tried to write it so a PHP person can follow the logic. I did test it and it worked for me.

You did bring up a good point. There should be a straight forward way for us to filter out unwanted values should they break the access rules we want to apply. I'll give it some thought and perhaps come up with a more elegant solution.
Randy Carey, the iCue Project : developing an intelligent approach to improving the CMS user experience,
Careytech Studios custom development for tailored or value-added web solutions

Joomla! Apprentice
Joomla! Apprentice
Posts: 10
Joined: Thu Jan 16, 2014 5:53 pm

Re: Need to restrict access levels in drop-down list

Post by placelogohere » Fri Jan 17, 2014 7:52 pm

It worked!

Thank you for writing this code for me. I have coded in PHP for several years but, as I am not very familiar with Joomla, I did not know whether to begin looking for the correct file to edit, let alone what changes needed to be made to its copy in the template folder.

Hopefully, this exercise will at least start me going in the right direction if I encounter any similar problems in the future, and maybe even come up with code on my own. If/when that happens, I will remember to share that info with others on this forum.


Return to “Access Control List (ACL) in Joomla! 2.5”