This page is a collection of small recipes and hints about Simple ACL Joomla component.
Note: this article is still a work in progress, please leave a message if you find errors, typos or if you have any suggestion or proposal.
Abbreviations in the recipes:
- UX = “User X” where X is a number (for example U1 = User 1, U2 = User 2 etc.)
- SX = “Section X” where X is a number (for example S1 = Section 1, S2 = Section 2 etc.)
- ACL = a single Access Control List rule
Recipe 1 : prevent authors to edit their own articles after being approved (workflow)
Scenario
- You have many authors submitting content that you or some other admins approve before being published
- Joomla 1.5 does not prevent an author to edit again his/her content once published
- you want to avoid editing after approval, only admins will be able to do that
Procedure
The strategy here is to block content update to all users, admins and back-end users will retain the standard Joomla behaviour.- Set the default ACL to prevent all the users to update or delete content: in Components->Simple ACL->Parameters set
- Create = Allow
- Update = Deny
- Retrieve = Allow
- Delete = Deny (not implemented from Joomla front-end, but Just in case)
Recipe 2 : public website with some section editors
Scenario
- Your website is public, everybody can see everything
- you have one section for each department in your company (S1 and S2 in this example)
- each section has one or more users that can add or edit content (U1 can edit S1, U2 can edit S2 and U3 can edit both)
Procedure
The strategy here is to allow content retrieval by default and only block content creation or editing, individual ACLs allow editing to some selected sections/users.- First thing to do is set the default ACL to prevent all the users to create or update content: in Components->Simple ACL->Parameters set
- Create = Deny
- Update = Deny
- Retrieve = Allow
- Delete = Deny
- Save the new parameters (hit “Save”)
- Now open S1 to U1 and U3, create the following ACLs:
- Section S1, User U1: check all permissions
- Section S1, User U3: check all permissions
- Now open S2 to U2 and U3, create the following ACLs:
- Section S2, User U2: check all permissions
- Section S2, User U3: check all permissions
Recipe 3 : public website with some private sections
Scenario
- Your website is mostly public but you have
- some private sections (S1, S2 and S3) available for browsing and/or editing to selected employees
- some private sections (S4, S5) for your customers
- all your employees (U1, U2, U3) are registered users with level “author”
- all your customers are registered users with level “registered”
- since S1, S2 and S3 are not public, their Joomla access level must be set to “Registered” (in this case it would be also possible to set it as “Special” since our employees level is “Author”)
- since S4 and S5 are not public, their Joomla access level must be set to “Registered“
- we want to set thing up such that
- U1 can view and edit S1
- U2 can view and edit S2
- every employee can view S3 (but nobody below admins can edit it from the front-end)
- every employee can view and edit content in S4
- every customer can view content in S4 and S5
Procedure
Here we are choosing a different strategy: keep all sections closed by default and selectively open sections to users. Because in this example we have Customers and Employees belonging to different Joomla levels (Registered and Author) we can create some group ACLs instead of individual ones.- First thing to do is set the default ACL to prevent all the users to retrieve, create, update content: in Components->Simple ACL->Parameters set
- Create = Deny
- Update = Deny
- Retrieve = Deny
- Delete = Deny
- Save the new parameters (hit “Save”)
- Grant all users with level “Author” permission to retrieve content from S3: create an ACL on group “Author” and section S3 with Retrieve permission only
- Open S1 to U1: create the following ACLs:
- Section S1, User U1: check all permissions
- Open S2 to U2: create the following ACLs:
- Section S2, User U2: check all permissions
- Grant all users with level “Author” permission to create, retrieve and update content from S4: create an ACL on group “Author” and section S4, check all permissions
- Grant all users with level “Registered” permission to retrieve content from S4: create an ACL on group “Registered” and section S4 with Retrieve permission only
- Grant all users with level “Registered” permission to retrieve content from S5: create an ACL on group “Registered” and section S5 with Retrieve permission only
Lolke
Hi,
Certainly looks cool! I was wondering whether it would solve my issue:
A menu item action needs to be dependent on user (logged in or NOT logged in). The action is a FORM (Breezingforms component). So, if I could make 2 menu items (same label) and one points to form A and the other to form B and your tool woud allow assigning access rules to those forms, it would do the job. Right?
Further: what about 1.6? Would it make your tool obsolete?
Thanks for your time.
Lolke
Alessandro Pasotti
Simple ACL only works when menu items point to com_content items, so it will not work if the menu item points to a form.
And yes, 1.6 will maybe make Simple ACL obsolete, but if you have tried 1.6 you know that ACL are far from being simple and easy to use, a simpler solution like Simple ACL will probably be still useful for 1.6.
Armand Davila
Maybe I’m not doing something right but I can’t create user groups and thusly cannot assign ACL’s to them.
They said this was simple, but I’ve followed the instructions the best way I can and this isn’t working for me at all. Please help because I have a deadline – yikes!
Alessandro Pasotti
@Armand
This is not the place for support requests, please file a ticket on bugs.itopen.it.
That said, Simple ACL does not support custom user-defined groups, it’s clearly written in the main page (one of the first paragraphs):
“Custom groups creation is not supported (but you won’t miss it!)”
See:
http://www.itopen.it/2008/09/24/simple-acl-ready-for-joomla-15/
chitra
I followed the step for individual users it is not working.Kindly explain where i am wrong.