Sei sulla pagina 1di 23

Official Documentation

Level:
Newbie
Experienced users
Professionals

1.0.9
User Manual
for

Copyright © 2006 ByOS Technologies


www.byostech.com
JACLPlus Component for Joomla!
SYNOPSIS

Chapter 1 Introduction 4
1.1 WARNING 4
1.2 INSTALLATION 4
1.3 REQUIREMENT 4

Chapter 2 The Principles 5


2.1 Types of Users and Access Permissions in Default Joomla! 5
2.1.1 Types of Users (Groups) 5
2.1.1.1 Registered 5
2.1.1.2 Author 5
2.1.1.3 Editor 5
2.1.1.4 Publisher 5
2.1.1.5 Manager 5
2.1.1.6 Administrator 5
2.1.1.7 Super Administrator 6
2.1.2 Access Permissions 6
2.1.2.1 Basic Access Control 6
2.1.2.2 Advanced Access Control 6
2.2 Types of Users and Access Permissions with JACLPlus 7
2.2.1 Basic Access Control with JACLPlus 7
2.2.2 Advanced Access Control with JACLPlus 7
2.3 Terms used in JACLPlus and Joomla! ACL 8
2.3.1 ACO (Access Control Objects) 8
2.3.2 ARO (Access Request Objects) 8
2.3.3 AXO (Access eXtension Objects) 8

Chapter 3 The JACLPlus Component 9


3.1 User Group Management 9
3.1.1 Create a User Group 9
3.1.2 Edit a User Group 10
3.1.3 Delete a User Group 11
3.2 Access Level Management 11
3.2.1 Create an Access Level 12
3.2.2 Edit an Access Level 12
3.2.3 Delete an Access Level 12
3.3 JACLPlus Configuration 12
3.3.1 General Setting 12
3.3.2 Frontend Setting 13
3.3.2.1 Automatically Disable Cache Function 14
3.3.2.2 Allow to Edit Accessible Item Only 14
3.3.2.3 Allow Publish Item into Frontpage 14
3.3.2.4 Limit Edit ACR to Edit Item Only 14
3.3.2.5 Limit Edit-Own ACR to Edit Item Only 14
3.3.2.6 Edited Item Require RePublish 14
3.3.2.7 Allow Publish to Access Levels 14
3.3.2.8 Specified Publish to Access Levels 15
3.3.2.9 Link For UnAuthorized Item 15
3.3.2.10 Text For UnAuthorized Item 15
3.3.3 Backend Setting 15
3.3.3.1 Show User Group Statistics 15
3.3.3.2 Show Access Level Statistics 15

Chapter 4 Access Control List (ACL) and Its Access Control Rules (ACRs) 16
4.1 Access Control Rule (ACR) Management 16
4.1.1 Create an Access Control Rule (ACR) 16
4.1.2 Edit an Access Control Rule (ACR) 16
4.1.3 Remove an Access Control Rule (ACR) 16
4.1.4 Disable/Enable an Access Control Rule (ACR) 16

JACLPlus Documentation rev 1.0 Page 2 of 23 © 2006 ByOS Technologies


4.2 Type of ACR and Its Meaning 18
4.2.1 Default or Essential ACRs 18
4.2.1.1 Frontend Content Items Related ACRs 18
4.2.1.2 Backend Related ACRs 18
4.2.2 Unused/Obsolete ACRs 20
4.2.3 Custom/Advanced ACRs 20
4.3 ACRs for Your Installed Components 21

Chapter 5 Get Support 22


5.1 Free Support 22
5.2 Paid Support 22

Appendix A JACLPlus Compatible List 23

Copyright © 2006 ByOS Technologies


www.byostech.com

JACLPlus Documentation rev 1.0 Page 3 of 23 © 2006 ByOS Technologies


Chapter 1 – Introduction
Thank you for choosing JACLPlus! A component that make your Joomla! access control powerful.

With this professional component, combined with the simplicity of Joomla! catch in hand by the
end-users, Joomla! is able to equip with the extremely sophisticated web sites.

This documentation is intended for all levels of users from newbie to the experienced users or to the
professionals who wish to implement sophisticated access control in their Joomla!.

1.1 WARNING
This component is a hack since we need to modify some of Joomla! core files in order to extend its ACL
capabilities. It is extremely powerful and thus can be extremely dangerous. If you are unable to replace
the necessary files correctly, it will cause error to your Joomla!. It also can generate incompatibilities with
existing components and make the updates much more delicate.

Therefore we recommend you to use it only if:


- You already know very well about Joomla!
- You have played around it with your own test system
- You really need a more powerful access control in your Joomla!

While choosing a hack solution to enter the field of the professional site, that means it will certainly be
necessary to put your hands in dirty oil (the source code of Joomla! core files). If the words hack or patch
does mean something to you, we advise you not to continue the reading of this document and don’t
install JACLPlus. If you do wish to use Joomla! and JACLPlus with components that are not listed in our
web site (Please refer to Appendix A), please consult in our forum. If you are not able to
include/understand the broad outline of its impact to the operation of Joomla!, it is necessary to
absolutely persist the principle that nothing is compatible except the components have been checked
and possibly patched by JACLPlus Team. We know this is not funny, but unfortunately it is the price to
pay for the profit of power.

1.2 INSTALLATION
IMPORTANT: Before do upgrading, please backup your Joomla! and its data first!
Go to our website to download the proper package. If you need to upgrade your JACLPlus from any
previous version, please download the upgrade package - com_patch_joomla!_n_jaclplus_to_1.0.9.zip.
For new or fresh installation, please download the full installation package - com_jaclplus_1.0.9.zip. The
upgrade package will also upgrade your Joomla! to the latest version 1.0.9 Stable. You should install the
full installation package in Joomla! 1.0.9 Stable ONLY.

Procedures:
1. Login to your Joomla! Backend.
2. Set your Joomla! to ‘Offline’.
3. Go to Installers->Components.
4. Browse to your downloaded file and click “Upload File & Install” button.
5. If you use upgrade package, please uninstall the ‘Patch Component’ when done.

To manually patch the necessary files in order to upgrade your previous version of JACLPlus and
Joomla! to this 1.0.9 version, please download the manually patch package -
Joomla_1.0.x_to_1.0.9-Stable-Patch_Package_JACLPlus.zip. Before you patch or replace your files,
you need to remember your previous JACLPlus Configuration setting because your JACLPlus
configuration file will be replaced if any.

1.3 REQUIREMENT
TEST IT ON A FRESH INSTALLATION OF JOOMLA!
DUPLICATE THE INTEGRALITY OF YOUR WEB SITE AND UNDERSTAND IT BEFORE USING IT IN
YOUR PRODUCTION WEB SITE.

JACLPlus Documentation rev 1.0 Page 4 of 23 © 2006 ByOS Technologies


Chapter 2 – The Principles
2.1 Types of Users and Access Permissions in Default Joomla!
This section is quoted from Joomla! User Manual with slight modification.

2.1.1 Types of Users (Groups)


Users of Joomla! web sites can be broken down into two broad categories;
• Guests
• Registered Users
Guests are simply users of your Joomla! web site who managed to navigate their way through your site
without log in.
Registered users are those whom have signed up through your Joomla! web site to obtain a username
and password or whom have been provided a username and password by your administrators. This
username and password allows registered users to log into your site, receiving special privileges and
viewing special contents that not available to guests.

Registered users are broken down into main groups;


• Frontend Users.
• Backend Users.
Note: The Joomla! admin panel refers to these two groups of users as Public Frontend and Public
Backend. The word public makes sense for Frontend users but can be a bit confusing when applied to
Backend users (administrators).

Frontend users are granted certain additional rights over guests, which may include the ability to create
and publish content on the web site. We can generally refer to these users as content providers since
their primary goal is to provide content on the web site, not to administer the site or alter its design.

Within this broad classification of content providers are four specific roles, which can be assigned by the
site administrator.

Those roles are;


2.1.1.1 Registered
A registered user has no ability to create edit or publish content in a Joomla! web site. They may submit
new links for publication and they may have access to restricted content that is not available to guests.

2.1.1.2 Author
Authors can create content, signify certain aspects of how the content is to be displayed and specify the
date for when the material should be published.

2.1.1.3 Editor
An editor has all the abilities of an author plus the ability to edit content of their own articles as well as
that of any other author.

2.1.1.4 Publisher
Publishers can perform all the duties of authors and editors plus have the ability to actually publish an
article. An article is not viewable by other users until it is published.

Backend Users are typically thought of as the site administrators. Just as with the Frontend users,
Backed users may have different privileges or roles;

2.1.1.5 Manager
A manager can be thought of as a publisher with access to the backend administrator’s panel. Managers
have access to all the content associated controls in the administrator panel but are not able to change
templates, alter page layouts, or add or delete extensions (components, modules and mambots) to
Joomla!. Managers also have no authority to add users or alter existing user profiles.

2.1.1.6 Administrator
Administrators have a broader range of access than managers. In addition to all the content related
activities that a manager can perform, administrators can add and delete extensions to the web site,

JACLPlus Documentation rev 1.0 Page 5 of 23 © 2006 ByOS Technologies


change templates or alter page layouts and can even alter user profiles equal to their own permission
levels or below. What they cannot do is edit the profiles of Super Administrator’s or change certain global
characteristics of the web site, indeed, Super Administrators do not even show up in the user manager
when users are logged in as an administrator.

2.1.1.7 Super Administrator


The Super Administrator has the same kind of power as root in a traditional Linux system and has
unrestricted abilities to perform all administrative functions inside of Joomla!. Only Super Administrators
have the ability to create new users with Super Administrator permissions or to assign Super
Administrator permissions to existing users.

Based on the classification of those different privileges or roles, Joomla! has all these default user
groups:

Public Frontend (Guests)


| ---- Registered
| -------- Author
| ------------- Editor
| ------------------- Publisher

Public Backend
| ------- Manager
| ------------- Administrator
| ------------------- Super Administrator

The default user group for a new signed up user is ‘Registered’. For Frontend users to receive any other
role requires the system administrator to change their user group through the backend administrator’s
panel.

2.1.2 Access Permissions


It is very important to know that Joomla! has separated its items’ access control or management into two
main categories - advanced access control and basic access control by their severity factor and use
different approaches to accomplish them. An item can be any of Joomla! article (content item), menu,
web link, component, module, mambot or etc.

2.1.2.1 Basic Access Control


Basic access or essential access such as to view or use an item is controlled by using access level
method. You may notice these access levels especially when you are in Joomla! content list, module list
or mambot list.

Default Access Levels


Public
Item with ‘Public’ access level parameter will be accessible by all users include guests.

Registered
Item with ‘Registered’ access level parameter will be accessible only by all registered users.

Special
Any user created as Author, Editor, Publisher, Manager, Administrator or Super Administrator is
considered a Special User. Item with ‘Special’ access level parameter will be accessible only by
these Special users.
2.1.2.2 Advanced Access Control
Advanced access such as to add, edit, publish or manage an item is controlled by using a predefine
Access Control List (ACL). Joomla! ACL is a list of Access Control Rule (ACR) to govern which user
groups can manage specific components or to perform specific actions in Joomla! or its components.
Nevertheless, it does not include the ‘CAN NOT’ list. That mean if you disable an Access Control Rule
(ACR) in ACL, it does not override the permission of any previous rules in ACL. If one of the previous
rules already enabling the permission, you will not be able to disable or override it by other ACR. Please

JACLPlus Documentation rev 1.0 Page 6 of 23 © 2006 ByOS Technologies


also remember that this default Joomla! ACL does not include view or use access control as the view or
use accesses have been controlled by using the access level method. However, some of the 3rd party
components (non-default Joomla! components) do use this ACL method to control the use of their
components. In default Joomla!, to use and to manage a component is different. Joomla! does not use
any ACR in its ACL to control the use of component, but do use it to allow advanced accesses for a
component (to manage the component) such as to perform certain advanced actions in the component.
A typical example is the default Content Component (com_content). Joomla! ACL does not include any
ACR to limit user’s use or view access for this component but the content item’s access level does. All
users including guests can use this component to view content items (the view access is controlled by
the content items’ access level). Nevertheless, Joomla! ACL does include ACRs such as to add, edit or
publish content items for this component. That is to manage this component (to perform specific actions
in this component). Of course, we can use Joomla! ACL to control view or use access, just Joomla! 1.0.x
does not use this approach yet. We will try to cover more details about this when we show you how to
configure advanced accesses for a component.

2.2 Types of Users and Access Permissions with JACLPlus


JACLPlus does not change the classification of different roles in Joomla!. But it has extended Joomla!
user system capability to allow you to classify more different roles or privileges. It also has extended
Joomla! ACL capability to allow you to add your own ACRs into Joomla! ACL with more easily.

To extended Joomla! user system capability in order to allow you to classify more roles, JACLPlus has
enabled you to create new user groups in Joomla!. And to allow you to control your Joomla! items’ view
or use accesses with more options besides the default 3 access levels (Public, Registered and Special),
JACLPlus has enabled you to create your own access levels. Therefore, with JACLPlus, you will not only
have those default user groups and the 3 access levels, you can have many own user groups and many
own access levels. Hence, the meanings of access levels in Joomla! with JACLPlus have to be
redefined.

2.2.1 Basic Access Control with JACLPlus


To simplify the meanings of newly defined access levels with JACLPlus (simplicity is the main success
factor of Joomla! CMS), an access level has been defined as an ‘access key’. That mean if a user group
has this access level assigned to it, its users will be able to access all items that assigned with this
access level.

Therefore, if you assign ‘Special’ access level to ‘Registered’ user group (please refer to “Create a User
Group”), users from ‘Registered’ group will be able to access items that assigned with this ‘Special’
access level. In other words, items with ‘Special’ access level are now no more limit access to Joomla!
Special users only but can be any users from user groups that have this access level.

2.2.2 Advanced Access Control with JACLPlus


Joomla! has predefined the roles of each user group (Please see “Types of Users and Access
Permissions in Default Joomla!”) and use its ACL to manage and accomplish all those roles. JACLPlus
has enabled you to add new roles/groups. Therefore, you will be able to redefine roles for each group.
That’s the power of JACLPlus. However, please be reminded that, JACLPlus does not change the way
of Joomla! to check access permissions. Which mean it does not include the ‘can not’ list or ‘permission
overriding’ list in Joomla! ACL either. For freedom to configure, JACLPlus also does not include
automatically inherit permissions from parent group feature for user groups which is same to default
Joomla!. However, you are able to choose to inherit its parent group permissions upon creation of new
user groups. There are pros and cons for this missing automatically inherit permissions from parent
group feature.

JACLPlus Documentation rev 1.0 Page 7 of 23 © 2006 ByOS Technologies


2.3 Terms used in JACLPlus and Joomla! ACL

Joomla!, just like Mambo, use a modified version of the third library phpGACL to control its advanced
accesses. Most of the terms used in Joomla! ACL are from phpGACL. If you need to fully understand the
meaning of those terms, please refer to phpGACL manual. Below are the terms that used in JACLPlus
and Joomla! and their basic definitions.

2.3.1 ACO (Access Control Objects)


These are objects which control what access is available to "requesters".

2.3.2 ARO (Access Request Objects)


These are objects which request access from an "Access Control Object"

2.3.3 AXO (Access eXtension Objects)


These are objects which extend permissions to a 3rd layer, optionally allowing you to set fine grained
permissions on each individual item in your application, or even row in your database.

In Joomla!, ARO is the users. Therefore, ARO value is user group’s name. ACO and AXO can be
components, modules, mambots, permission actions or etc. These ACO and AXO values are depended
on how we define an ACR. In Joomla!, you don’t need to fully understand the meanings of these terms in
order to create your own ACRs. All you have to know is that what kind of combination of these values
control what kind of access in Joomla!. We will cover these in more details in “Type of ACR and Its
Meaning”.

JACLPlus Documentation rev 1.0 Page 8 of 23 © 2006 ByOS Technologies


Chapter 3 - The JACLPlus Component
3.1 User Group Management
Login to the backend of Joomla! as a Super Administrator user. By default, JACLPlus only allow users
from ‘Super Administrator’ group to manage its features. You can allow other groups to manage
JACLPlus component by adding new ACRs into Joomla! ACL.

3.1.1 Create a User Group


To create a new user group, on backend menu, choose Components > JACLPlus > User Group
Manager (Figure 1).

Figure 1

After you clicked on the User Group Manager menu, you will see a list of user groups (Figure 2). User
groups with an asterisk are default Joomla! user groups. You can not delete or rename their name as
that is to keep the integrality of Joomla! default settings for Joomla! upgrading purpose.

Figure 2

JACLPlus Documentation rev 1.0 Page 9 of 23 © 2006 ByOS Technologies


To add a new user group, click on the “New” button on the top of the right hand side corner in the Group
Manager page.

Figure 3

In new user group form (Figure 3), you should key in a Group Name for your new user group. This group
name should be unique.
Then choose its Parent Group from the dropdown list. We strongly recommend you to choose
‘Registered’ as parent group for your new created user group if it does not have any parent group. This
is more logical and it will have maximum compatibility with other components.
You can select or deselect multiple access levels to be assigned to this user group by pressing your
keyboard “Ctrl” button and mouse click.
You also can make the user group to inherit ACL from an existing user group by selecting an appropriate
user group from the dropdown list.
In the “inherit ACL from” dropdown list, you are able to choose to let this group to inherit ACL from its
parent group, ‘My Group’ or any other existing user groups. ‘My Group’ stands for the user group that
you are login with. If you are login as a super administrator, then ‘My Group’ will be “Super Administrator”
group.
Once you have completed choosing all the options, press “Save” or “Apply” button to create this new
user group.
Note: You are unable to add ACR for a group until you have saved it into database.

3.1.2 Edit a User Group


To edit a user group, click on the user group’s name that you want to edit from the user group list in the
Group Manager page or select the checkbox beside the user group’s name and then click on “Edit”
button on the top of the right hand side corner.

JACLPlus Documentation rev 1.0 Page 10 of 23 © 2006 ByOS Technologies


Figure 4

In the edit user group form (Figure 4), you will be able to change the group name and its parent group for
that user group. If you try to edit a Joomla! default user group, you will not be able to change its parent
group and its name. However, you are still able to change the assigned access levels and to add,
enable/disable or remove ACR for a Joomla! default user group.
To add an ACR for the user group, please select appropriate values from the dropdown lists or key in all
the appropriate values into the necessary fields and then press the [+] sign link.
To remove an ACR, press the [-] sign link beside the ACR that you want to remove.
To disable or enable an ACR, press the ‘Yes’ or ’No’ link beside the ACR that you want to disable or
enable.

3.1.3 Delete a User Group


To delete a user group, go to the User Group Manager page. Select the checkbox beside the user
group’s name that you want to delete from the user group list. Click on the “Delete” button on the top of
the right hand side corner. A popup message will be showed to ask you to confirm the delete. Select ‘OK’
to proceed with the delete or select ‘Cancel’ to cancel the delete.

3.2 Access Level Management


Choose Components > JACLPlus > Access Level Manager from the backend menu to enter access
level list page (Figure 5).

Figure 5

JACLPlus Documentation rev 1.0 Page 11 of 23 © 2006 ByOS Technologies


Access levels with an asterisk beside its name are Joomla! default access levels. You can not delete or
rename those access levels. This is to keep the integrality of Joomla! default settings for Joomla!
upgrading purpose.

3.2.1 Create an Access Level


To add a new access level, click on the “New” button on the top of the right hand side corner in the
Access Level Manager page.

Figure 6

In new access level form (Figure 6), you should key in an unique name for your new access levels to
make it easily be distinguished although you are allow to use duplicate name for unlimited of times. After
you have key in the access level’s name, press “Save” or “Apply” button to create this new access level.
Note: When you create a new access level, it will be automatically assigned to ‘Super Administrator’
group.

3.2.2 Edit an Access Level


To edit an access level, click on the access level’s name that you want to edit in the access level list on
the Access Level Manager page or select the checkbox beside the access level’s name and then click
on the “Edit” button on the top of the right hand side corner. After you have key in the new access level’s
name and then press “Save” or “Apply” to save the change (Figure 7).

Figure 7

3.2.3 Delete an Access Level


To delete an access level, go to the Access Level Manager page. Select the checkbox beside the
access level’s name that you want to delete from the access level list. Click on the “Delete” button on the
top of the right hand side corner. A popup message will be showed to ask you to confirm the delete. Click
on ‘OK’ to proceed with the delete or click on ‘Cancel’ to cancel the delete.

3.3 JACLPlus Configuration

3.3.1 General Setting


In JACLPlus Configuration page, on General tab, there is one property setting called “Enhance Frontend
Access Control For com_content” (Figure 8).

JACLPlus Documentation rev 1.0 Page 12 of 23 © 2006 ByOS Technologies


Figure 8

What does this property setting used for? If you have read thru this manual from the beginning until here,
you should know that Joomla! has separated its access control into two main categories – basic access
control and advanced access control. For basic access control, JACLPlus have integrated its access
levels into Joomla! without any extra database queries. Which mean it will not affect your Joomla!
queries time a lot. However, for advanced access control, you need to create own ACRs into Joomla!
ACL. And upon user access, access checking will require some additional database queries and/or
script process to find out the answer. This will affect the page loading time. For users that don’t need to
use advanced access control in their Joomla! web site, with this property setting, he/she can disable the
advanced access control in their com_content frontend by changing the selection to ‘No’. Therefore, it
will avoid unnecessary database queries and/or access checking. If you are not sure which selection
you should select, just leave it to ‘Yes’.

3.3.2 Frontend Setting


On Frontend tab of JACLPlus Configuration page, you can configure advance settings for com_content
(Figure 9).

Figure 9

JACLPlus Documentation rev 1.0 Page 13 of 23 © 2006 ByOS Technologies


3.3.2.1 Automatically Disable Cache Function
When you enable cache function in your Joomla! web site, it will cache every loaded pages based on
user groups. If you allow a user group to view and/or edit certain of content items in a page, the page will
include the proper content items and/or some edit icons with links to allow users to edit the content
items. However, if you change the access settings for the user group or the content items in that page,
the page will not immediately reflect the new access settings until its cache is expired. This would be
annoying if your users need to see the changes immediately. This property setting allow you to control
whether JACLPlus should automatically disable the cache function upon necessary when you have
enabled the cache function in your Joomla! web site.

3.3.2.2 Allow to Edit Accessible Item Only


You may have some non-accessible content items for a user group in your Joomla! web site. If you allow
that user group to edit your content items, you may want to allow that user group to edit their
non-accessible content items as well. This property setting is useful especially when you want to have
content section administrators or content category administrators.

3.3.2.3 Allow Publish Item into Frontpage


If you are familiar with Joomla! content item publishing, you should know that you are able to publish
dynamic content items into Joomla! Frontpage. What if you don’t want your content providers to publish
their content items into your Joomla! Frontpage? With this property setting, you will be able to control
whether to allow or disallow your content providers to publish their content items into your Joomla!
Frontpage.

3.3.2.4 Limit Edit ACR to Edit Item Only


By default, when you configure a new ACR to allow a user group to edit content items. That ACR will
also allow the user group to create new content items due to Joomla! default behavior. With this property
setting, you will be able to limit that type of ACR allow to edit content items only but not to create new
content items.

3.3.2.5 Limit Edit-Own ACR to Edit Item Only


By default, when you configure a new ACR to allow a user group to edit their own content items. That
ACR will also allow users from that group to create new content items due to Joomla! default behavior.
With this property setting, you will be able to limit that type of ACR to edit their own content items only but
not to create new content items.

3.3.2.6 Edited Item Require RePublish


When a user edit a content item, if he/she do not have publish permission, then the publish status of the
edited content item will not be changed after he/she saved the changes. This is good but in some
occasion, you might want to review the modified content first before allow it to be republished on your
website again. This property setting allows you to request all modified content items to be automatically
unpublished. Therefore, your publishers can review the contents and then republished them on your
Joomla! web site again.

3.3.2.7 Allow Publish to Access Levels


As you known, access level is used to control which user groups can access (view) the content item.
Some of you might don’t want to allow your content providers to publish their content items into the
access levels that their group don’t have or you might want to allow them to publish their content items
into certain access levels only therefore only viewable by certain of user groups. This property setting
allows you to do so and it has five options for you to choose.
• All – Allow content providers to create their contents with any access levels.
• Own – Only allow content providers to create their contents with access levels that he/she is allowed
to access.
• All Exclude Default – Allow content providers to create their contents with any access levels except
the default ‘Public’, ‘Registered’ and ‘Special’ access levels.
• Own Exclude Default – Only allow content providers to create their contents with access levels that
he/she is allowed to access but exclude the default ‘Public’, ‘Registered’ and ‘Special’ access levels.
• Specified - Only allow content providers to create their contents with specified access levels. If you
choose this option, you must specify the allowable access levels in ‘Specified Publish to Access
Levels’ field.

JACLPlus Documentation rev 1.0 Page 14 of 23 © 2006 ByOS Technologies


3.3.2.8 Specified Publish to Access Levels
When you set the “Allow Publish to Access Levels” property setting to ‘Specified’, you will need to
specify the allowable access levels here.

3.3.2.9 Link For UnAuthorized Item


When you set the ‘Show UnAuthorized Links’ in Joomla! Global Configuration to ‘Yes’, inaccessible
content items’ links and introduction text will be showed with extra link text ‘Register to read more…’.
The links instead of point you to view the contents; it will point you to registration page. This would be
whirl if user already logged in. With this property setting, you will be able to modify the link showed when
user has logged in.
3.3.2.10 Text For UnAuthorized Item
When you set the ‘Show UnAuthorized Links’ in Joomla! Global Configuration to ‘Yes’, inaccessible
content items’ links and introduction text will be showed with extra link text ‘Register to read more…’.
This would be whirl if user already logged in. With this property setting, you will be able to modify the
‘Register to read more…’ text to other when user has logged in.

3.3.3 Backend Setting


On the Backend tab of JACLPlus Configuration page, you will be able to set ‘Show User Group
Statistics’ and ‘Show Access Level Statistics’ properties.

Figure 10

3.3.3.1 Show User Group Statistics


If you set this property setting to ‘Yes’, you will be able to see number of users for each group in the
Group Manager page.

3.3.3.2 Show Access Level Statistics


If you set this property setting to ‘Yes’, you will be able to see number of sections, categories, contents,
menus, contacts, mambots, modules and polls that assigned with specified access levels in the Access
Level Manager page (Figure 5).

JACLPlus Documentation rev 1.0 Page 15 of 23 © 2006 ByOS Technologies


Chapter 4 - Access Control List (ACL) and Its Access Control Rules (ACRs)
Access Control List (ACL) is a list that consists of numbers of Access Control Rules (ACRs). Access
Control Rule (ACR), as the name implied, is a rule to specify whether the requester (ARO) is allowed or
disallowed to access specific action (to perform the action) or object. For examples, user A can not
publish content item in section B, user C can not edit content item A or user B can publish content item
in section A, etc. All these are rules to control access. If you put them together, they will become a list –
an Access Control List (ACL).

In Joomla!, all ACRs are predefined (fixed) in the includes/gacl.php file. JACLPlus has moved them into
database and allow you to create your own ACRs and/or modify the existing ACRs more easily
(dynamic).

4.1 Access Control Rule (ACR) Management


In this section, we will show you how to create/configure ACRs and their meanings.

If you go to edit one of the default user groups, you may notice that there might already have a few ACRs
in those groups (Figure 11).

Please note that, for security reasons, you are only allowed to add ACR that your group have. Which
mean if your group doesn’t have that kind of ACR, then you will not be able to add that kind of ACR to
other user groups. If you are super administrator, you can create or define new ACR into “Super
Administrator” group in order to allow it to be created in other user groups. Anyway, there is one
exception. You don’t need to predefine section, category or content related ACR into super administrator
group in order to create it in other groups. But to add that kind of ACR, you must have permission to
manage the content items.

4.1.1 Create an Access Control Rule (ACR)


Please refer to “Edit a User Group”.

4.1.2 Modify an Access Control Rule (ACR)


Please refer to “Edit a User Group”.

4.1.3 Remove an Access Control Rule (ACR)


Please refer to “Edit a User Group”.

4.1.4 Disable/Enable an Access Control Rule (ACR)


Please refer to “Edit a User Group”.

JACLPlus Documentation rev 1.0 Page 16 of 23 © 2006 ByOS Technologies


Figure 11

JACLPlus Documentation rev 1.0 Page 17 of 23 © 2006 ByOS Technologies


4.2 Type of ACR and Its Meaning
As the JACLPlus allows you freely to create your own ACRs, you must make sure the ACRs that created
by you are useful. How to determine whether your ACR is useful? In this section, we will show you all the
default predefined ACRs in Joomla! ACL and their meanings. Thereafter, if you are able to understand
the basic principle of ACR, you will be able to create or include your own ACRs into Joomla! ACL to take
control of your whole Joomla! web site include its components, modules, mambots and etc.
When you edit the “Super Administrator” group, you may notice that there are numbers of ACRs for this
user group (Figure 11). Those ACRs are the basic, default and necessary ACRs in Joomla! ACL. You
can enable or disable any ACR by changing its enable property to ‘Yes’ or ‘No’ (Please refer to “Edit a
User Group”).

Note: Combination of ACO, ARO and AXO values to form an ACR are written as ACO Section > ACO
Value > ARO Section > ARO Value > AXO Section > AXO Value > Enable which is based on the fields in
edit user form to create an ACR (Figure 4).

4.2.1 Default or Essential ACRs

4.2.1.1 Frontend Content Items Related ACRs


1. action > add > users > super administrator > content > all > Yes
This ACR allow super administrator to CREATE new contents into all sections and categories.
Therefore, action > add > users > User Group > content > all > Yes will allow User Group to CREATE
new contents into all sections and categories.

2. action > edit > users > super administrator > content > all > Yes
This ACR allow super administrator to EDIT all contents in all sections and categories. Therefore, action
> edit > users > User Group > content > all > Yes will allow User Group to EDIT all contents in all
sections and categories. By default, when you enable a user group to EDIT contents, it will be able to
ADD new contents as well. You can use “Limit Edit ACR to Edit Item Only” property setting in JACLPlus
Configuration to prevent this.

3. action > edit > users > super administrator > content > own > Yes
This ACR allow super administrator to EDIT their OWN contents in all sections and categories.
Therefore, action > edit > users > User Group > content > own > Yes will allow User Group to EDIT their
OWN contents in all sections and categories. Some of you may notice that we have set the enable
property for this ACR to ‘No’ in super administrator group. This is because super administrator has been
allowed to edit all contents in all sections and categories by another ACR. Therefore we don’t need this
ACR. Then, why we need to have this ACR in super administrator group? We need this ACR is to allow
super administrator to add this type of ACR to other groups which is useful. Remember that, for security
reasons, you are only allowed to add ACR type that your group have to other groups. Again by default,
when you enable a user group to edit its own contents, it will be able to ADD new contents as well. To
prevent this, you can use “Limit Edit-Own ACR to Edit Item Only” property setting in JACLPlus
Configuration.

4. action > publish > users > super administrator > content > all > Yes
This ACR allow super administrator to Publish contents into all sections and categories. Therefore,
action > publish > users > User Group > content > all > Yes will allow User Group to Publish contents
into all sections and categories.

4.2.1.2 Backend Related ACRs


5. administration > config > users > super administrator > null > null > Yes
This ACR allow super administrator to configure Joomla! settings. Therefore, administration > config >
users > User Group > null > null > Yes will allow User Group to configure Joomla! settings.

6. administration > edit > users > super administrator > components > all > Yes
This ACR allow super administrator to edit all components at Backend. Therefore, administration > edit
> users > User Group > components > all > Yes will allow User Group to edit all components at Backend.

7. administration > edit > users > super administrator > modules > all > Yes
This ACR allow super administrator to edit all modules at Backend. Therefore, administration > edit >
users > User Group > modules > all > Yes will allow User Group to edit all modules at Backend.

JACLPlus Documentation rev 1.0 Page 18 of 23 © 2006 ByOS Technologies


8. administration > edit > users > super administrator > mambots > all > Yes
This ACR allow super administrator to edit all mambots at Backend. Therefore, administration > edit >
users > User Group > mambots > all > Yes will allow User Group to edit all mambots at Backend.

9. administration > edit > users > super administrator > user properties > block_user > Yes
This ACR allow super administrator to block user. Therefore, administration > edit > users > User Group
> user properties > block_user > Yes will allow User Group to block user.

10. administration > install > users > super administrator > components > all > Yes
This ACR allow super administrator to install components. Therefore, administration > install > users >
User Group > components > all > Yes will allow User Group to install components.

11. administration > install > users > super administrator > languages > all > Yes
This ACR allow super administrator to install languages. Therefore, administration > install > users >
User Group > languages > all > Yes will allow User Group to install languages.

12. administration > install > users > super administrator > mambots > all > Yes
This ACR allow super administrator to install mambots. Therefore, administration > install > users >
User Group > mambots > all > Yes will allow User Group to install mambots.

13. administration > install > users > super administrator > modules > all > Yes
This ACR allow super administrator to install modules. Therefore, administration > install > users > User
Group > modules > all > Yes will allow User Group to install modules.

14. administration > install > users > super administrator > templates > all > Yes
This ACR allow super administrator to install templates. Therefore, administration > install > users >
User Group > templates > all > Yes will allow User Group to install templates.

15. administration > login > users > super administrator > null > null > Yes
This ACR allow super administrator to login at Backend. Therefore, administration > login > users > User
Group > null > null > Yes will allow User Group to login at Backend.
IMPORTANT: Please don’t disable or remove this ACR for super administrator or else you will not be
able to login at Backend as a super administrator.

16. administration > manage > users > super administrator > components > com_jaclplus > Yes
This ACR allow super administrator to manage JACLPlus Component. Therefore, administration >
manage > users > super administrator > components > com_jaclplus > Yes will allow User Group to
manage JACLPlus Component.

17. administration > manage > users > super administrator > components > com_languages > Yes
This ACR allow super administrator to manage Languages Component. Therefore, administration >
manage > users > super administrator > components > com_languages > Yes will allow User Group to
manage Languages Component.

18. administration > manage > users > super administrator > components > com_massmail > Yes
This ACR allow super administrator to manage Massmail Component. Therefore, administration >
manage > users > super administrator > components > com_massmail > Yes will allow User Group to
manage Massmail Component.

19. administration > manage > users > super administrator > components > com_menumanager > Yes
This ACR allow super administrator to manage Menu Manager Component. Therefore, administration >
manage > users > super administrator > components > com_menumanager > Yes will allow User Group
to manage Menu Manager Component.

20. administration > manage > users > super administrator > components > com_templates > Yes
This ACR allow super administrator to manage Templates Component. Therefore, administration >
manage > users > super administrator > components > com_templates > Yes will allow User Group to
manage Templates Component.

JACLPlus Documentation rev 1.0 Page 19 of 23 © 2006 ByOS Technologies


21. administration > manage > users > super administrator > components > com_trash > Yes
This ACR allow super administrator to manage Trash Component. Therefore, administration > manage
> users > super administrator > components > com_trash > Yes will allow User Group to manage Trash
Component.

22. administration > manage > users > super administrator > components > com_users > Yes
This ACR allow super administrator to manage Users Component. Therefore, administration > manage
> users > super administrator > components > com_users > Yes will allow User Group to manage Users
Component.

23. workflow > email_events > users > super administrator > null > null > Yes
This ACR allow super administrator to configure Joomla! settings. Therefore, administration > config >
users > User Group > null > null > Yes will allow User Group to configure Joomla! settings.

4.2.2 Unused/Obsolete ACRs


1. administration > manage > users > super administrator > components > com_dbadmin > No
This ACR does not have effect in Joomla! as there is no DBAdmin Component in Joomla!. Anyway, this
ACR should be remained to prevent future need by Joomla!.

2. administration > edit > users > super administrator > components > com_jaclplus > Yes
This ACR was previously used as to allow super administrator to manage JACLPlus Component. Since
all default components are using the word “manage”, therefore we have changed to use “manage” as
well. You can remove this ACR if you want.

4.2.3 Custom/Advanced ACRs


1. action > add > users > super administrator > section > section_id > Yes
This ACR allow super administrator to CREATE new contents into the section with section id equal to
section_id. Therefore, action > add > users > User Group > section > section_id > Yes will allow User
Group to CREATE new contents into the section with section id equal to section_id.

2. action > add > users > super administrator > category > category_id > Yes
This ACR allow super administrator to CREATE new contents into the category with category id equal to
category_id. Therefore, action > add > users > User Group > category > category_id > Yes will allow
User Group to CREATE new contents into the category with category id equal to category_id.

3. action > edit > users > super administrator > section > section_id > Yes
This ACR allow super administrator to EDIT all contents in the section with section id equal to section_id.
Therefore, action > edit > users > User Group > section > section_id > Yes will allow User Group to EDIT
all contents in the section with section id equal to section_id.
Note: By default, if you enable a user group to EDIT content items, it will be able to ADD new contents
as well. To prevent this, you can use “Limit Edit ACR to Edit Item Only” property setting in JACLPlus
Configuration.

4. action > edit > users > super administrator > category > category_id > Yes
This ACR allow super administrator to EDIT contents in the category with category id equal to
category_id. Therefore, action > edit > users > User Group > category > category_id > Yes will allow
User Group to EDIT contents in the category with category id equal to category_id.
Note: By default, if you enable a user group to EDIT content items, it will be able to ADD new contents
as well. To prevent this, you can use “Limit Edit ACR to Edit Item Only” property setting in JACLPlus
Configuration.

5. action > edit > users > super administrator > content > content_id > Yes
This ACR allow super administrator to EDIT the content with content id equal to content_id. Therefore,
action > edit > users > User Group > content > content_id > Yes will allow User Group to EDIT the
content with content id equal to content_id.
Note: By default, if you enable a user group to EDIT content items, it will be able to ADD new contents
as well. To prevent this, you can use “Limit Edit ACR to Edit Item Only” property setting in JACLPlus
Configuration.

JACLPlus Documentation rev 1.0 Page 20 of 23 © 2006 ByOS Technologies


6. action > publish > users > super administrator > section > section_id > Yes
This ACR allow super administrator to change the publish setting for contents in the section with section
id equal to section_id. Therefore, action > publish > users > User Group > section > section_id > Yes will
allow User Group to change the publish setting for contents in the section with section id equal to
section_id.

7. action > publish > users > super administrator > category > category_id > Yes
This ACR allow super administrator to change the publish setting for contents in the category with
category id equal to category_id. Therefore, action > publish > users > User Group > category >
category_id > Yes will allow User Group to change the publish setting for contents in the category with
category id equal to category_id.

8. action > publish > users > super administrator > content > content_id > Yes
This ACR allow super administrator to change the publish setting for the content with content id equal to
content_id. Therefore, action > publish > users > User Group > content > content_id > Yes will allow
User Group to change the publish setting for the content with content id equal to content_id.

4.3 ACRs for Your Installed Components


If you installed our patches for VirtueMart 1.0.5 or Letterman 1.2.2 to work with JACLPlus, you may
notice that there are a few different types of ARCs in Joomla! ACL.

com_letterman > can_delete > users > super administrator > null > null > Yes
com_letterman > is_editor > users > super administrator > null > null > Yes
com_letterman > is_sender > users > super administrator > null > null > Yes
virtuemart > prices > users > super administrator > null > null > Yes

These ACRs are required by the components to allow certain privileged accesses.
Then, how to determine which component requires which ACR or ACRs? The best way to determine is
to search thru the component source code and look for the $acl->acl_check function. As in our
JACLPlus admin.jaclplus.php file, you may find the code as the below.

// ensure user has access to this function


if (!($acl->acl_check( 'administration', 'edit', 'users', $my->usertype, 'components', 'all' )
| $acl->acl_check( 'administration', 'manage', 'users', $my->usertype, 'components',
'com_jaclplus' ))) {
mosRedirect( 'index2.php', _NOT_AUTH );
}

From the code, you will know that in order to access JACLPlus component, the user must have
administration > edit > users > user group > components > all > Yes or administration > manage > users
> user group > components > com_jaclplus > Yes ACR in his user group. By adding one of these ACRs
into his user group’s ACL, that user will be able to access JACLPlus component.

Another example, if you open admin.newsfeeds.php file, you may find the code as the below.

// ensure user has access to this function


if (!($acl->acl_check( 'administration', 'edit', 'users', $my->usertype, 'components', 'all' )
| $acl->acl_check( 'administration', 'edit', 'users', $my->usertype, 'components',
'com_newsfeeds' ))) {
mosRedirect( 'index2.php', _NOT_AUTH );
}

Again, from the code, you will know that in order to access Newsfeeds component, the user must have
administration > edit > users > user group > components > all > Yes or administration > edit > users >
user group > components > com_newsfeeds > Yes ACR in his user group. By adding one of these ACRs
into his user group’s ACL, that user will be able to access Newsfeeds component.

JACLPlus Documentation rev 1.0 Page 21 of 23 © 2006 ByOS Technologies


Chapter 5 - Get Support
5.1 Free Support
If you have faced any problem related to our JACLPlus or have question, please go to our forum
http://www.byostech.com/forum to find the solution or answer. If you can’t find the solution or answer,
then post your problem or question into the forum. We will try to answer all the questions in our forum as
soon as possible.

5.2 Paid Support


Besides free support, we also have provided paid support – ByOSTech Chartered Membership.
Subscribe to our ByOSTech Chartered Membership is fully optional. You still can get our components
and supports without subscribe to this service. For more details about our ByOSTech Chartered
Membership and its benefits, please visit to our web site http://www.byostech.com.

Thank You and Best Regards,


JACLPlus Team
ByOS Technologies
http://www.byostech.com

JACLPlus Documentation rev 1.0 Page 22 of 23 © 2006 ByOS Technologies


Appendix A - JACLPlus Compatible List

In order to prevent misleading to JACLPlus users, we are not going to provide the compatible list here.
This is because actually almost all Joomla! extensions (components, modules, mambots or hacks) can
be used together with our JACLPlus. Just some of them might need to be patched for security reasons.
Due to there are almost thousand of Joomla! extensions out there. It is nearly impossible for JACLPlus
Team to check and test all of them for their compatibilities and create patches if necessary. For this
reason, you should always refer to our website for the latest update information. Normally, JACLPlus
Team will check the compatibility for most famous extensions such Community Builder, Joomlaboard,
VirtueMart, SMF Bridge, and etc.

JACLPlus Documentation rev 1.0 Page 23 of 23 © 2006 ByOS Technologies

Potrebbero piacerti anche