What is all this about?
The topic of this post is the asset management in the ACL of Joomla 1.6.
Assets are the content objects in Joomla, for example categories,
articles and weblinks. At this moment, you can only control assets in
1.6 in terms of viewing permissions, which are controlled by
Level3-rules. Other actions, for example editing an article, should be
controlled by Level2-rules. Andrew proposed one way to handle these in
1.6 by saving a JSON array in an extra field for each content object
with its permissions for the different groups. In my opinion this has
some flaws, the first being the requirement for a storage object
equivalent to a MySQL text column to handle permissions for an object.
If we are talking about files or other data objects that we want to
control which are not necessarily stored in the database, this makes it
more complicated, since we need a seperate datastorage for the access
informations. Also, for the developer its another system to learn,
besides the "normal" ACL system. Thats why I tried to implement the
asset management inside the original datastructure.
How does it work?
Not all of the now described features are already implemented in the
proof of concept. Nevertheless, here goes nothing:
If you need to control the access to your articles (everything except
viewing that is) as a developer, you create an XML file with some
informations about this. Then, in your edit screen for that content
item, you include a new object, which reads the XML and renders a proper
form to set the access rights for that content item. Upon saving in a
JTable object, additional code is executed that either stores the new
rules or attaches the asset to the rules of a parent. The work involved
for a third party developer is pretty minimal and changes to a parent
asset automatically traverse through the whole tree.
For the user, its pretty basic to use. If you edit an object, you have
an additional radio button, which enables if you want to inherit the
rules from the objects parents or if you want to create seperate rules
for this asset. If you inherit, thats all you have to do. If you don't,
you get a list of groups, which, upon clicking on one group, shows a
list of actions with checkboxes besides them. You select what you want
and thats it. Click save when you are done with editing that object and
all your rules are saved.
Now whats still missing?
At the moment, this code just shows that the concept is possible.
Otherwise, its pretty messed up... The XML file to control the action
list is not implemented yet, it is only implemented in the com_content
categories at this moment and the code is horrible. This needs a lot
more clean up before it can go into trunk permanently. Also, the output
currently looks bad and a check if the user is even allowed to edit the
access rights needs to be implemented, too.
I wanna have a real world example!
Think about content categories and articles. Articles are children of
content categories and content categories are children of their parent
content categories. So we set up a content category and give it some
access rights. For example the usergroup "forum moderators" can only
write new articles, but not edit old ones and not publish them in this
category. Then we create two more categories in that first category.
They both inherit the rules from their parent category. We write about a
hundred articles in those categories, which all automatically inherit
from the first category.
Now we notice that we also wanted to give the usergroup
"facilitymanagers" edit access to those articles. So we edit the first
category, set the access rights the way we want and save. Automatically
all the other objects get the same access rights. But now the
facilitymanagers have access to all three categories. We only wanted
them to have access to the parent category and one of the two child
categories and their articles. So we edit the one category that they are
not allowed to edit and set the radio button from "inherit" to "don't
inherit" and set new access rights. Again, saving and all content
objects have their rights as expected.
And where can I find this magical code?
Here:
http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=17890
Attached to this Trackeritem is a patch against the current 1.6 trunk.
if you test this, please make sure that you re-installed after applying
the patch, since it adds a new field to the jos_access_assets table.
I'd like to hear your questions and opinions, also in comparison to
Andrews proposal, so that we can make a community driven decision here
which idea to use. This is most likely the main reason why we haven't
got the Beta yet. I'd like us to make a decision about this until
wednesday, september 9th, (thats next week) so that we can properly
implement this for the Beta and have enough time. Of course, if the
discussion requires it, we will push the time limit. This is an
important decision that has a lot of impact on Joomla, so I hope we can
have a heated debate about this in the coming 5 days. Since both Andrew
and I are a bit biased about which implementation to choose, I also hope
that a lot of you will state their preference on which solution to choose.
Hannes
On Sat, Sep 5, 2009 at 1:58 AM, Hannes
Papenberg<hack...@googlemail.com> wrote:
>
> Hello folks,
> first I have to apologize. As I said in the status update for 1.6, I
> promised to deliver this quite some time ago. But now here is my first
> proof of concept on this one.
>
> What is all this about?
> The topic of this post is the asset management in the ACL of Joomla 1.6.
> Assets are the content objects in Joomla, for example categories,
> articles and weblinks. At this moment, you can only control assets in
> 1.6 in terms of viewing permissions, which are controlled by
> Level3-rules. Other actions, for example editing an article, should be
> controlled by Level2-rules. Andrew proposed one way to handle these in
> 1.6 by saving a JSON array in an extra field for each content object
> with its permissions for the different groups. In my opinion this has
> some flaws, the first being the requirement for a storage object
> equivalent to a MySQL text column to handle permissions for an object.
> If we are talking about files or other data objects that we want to
> control which are not necessarily stored in the database, this makes it
> more complicated, since we need a seperate datastorage for the access
> informations.
If I look at existing systems that handle non-database objects (e.g.
files) they all have tables with additional metadata information
anyway or even for efficiency (e.g. building an FS tree via SQL would
be much easier than PHP opendir'ing for example). I commented to this
effect on an earlier thread, I am yet to see a strong example where
your database would be dearth of rows to link to files and in your
case you need to create an asset entry anyway so you're actually doing
the same thing in different techniques (instead of adding a row to
your own table you add it to a core table).
> For the user, its pretty basic to use. If you edit an object, you have
> an additional radio button, which enables if you want to inherit the
> rules from the objects parents or if you want to create seperate rules
> for this asset. If you inherit, thats all you have to do. If you don't,
> you get a list of groups, which, upon clicking on one group, shows a
> list of actions with checkboxes besides them. You select what you want
> and thats it. Click save when you are done with editing that object and
> all your rules are saved.
What if I want to both inherit permissions but override some
permissions locally? This is a very common operation in file systems
and I don't see it changing for Joomla!. A good example might be a
category that contains peoples biographies or contact details so we
might wish to delegate updates to that to either the owner or perhaps
their secretary however we might wish to inherit the rest of the
permissions from the category so that the majority of the permissions
can be controlled in a general sense whilst still giving the
flexibility of specificity. Copying the permissions from the parent at
the point of creation isn't efficient or wanted in this case, you
actually want mutable permissions.
On Sat, Sep 5, 2009 at 7:56 AM, Andrew Eddie<mamb...@gmail.com> wrote:
> Firstly, the JSON storage is in a wide VARCHAR, not a TEXT field. As
> of MySQL 5.0.3 a VARCHAR is allowed to have up to 64k of data. Where
> using UTF-8 that give you an effective maximum of around 20k, or
> VARCHAR(20480). Note that a row also has a practical maximum of 64k
> as well. The advantage of this is that a VARCHAR, when retrieve, is
> stored with the rest of the data. A TEXT or BLOB is actually stored
> in a separate lookup and so is slightly more inefficient when
> retrieving. The one downside to wide VARCHAR's is than while they are
> stored very efficiently on disk, when memory is allocated, the maximum
> width is used so you do need to be careful using them.
Curious question, what if someone has a lot of permissions, is there a
risk of data corruption due to truncation? Should we perhaps put
checks in to ensure that we don't run into a situation where data is
lost in the system, potentially corrupting the field and causing
deserialisation to fail? Practically I don't think that it will happen
for a majority of cases however as you suggest we can't control all
uses. As an aside, most of these tables already have TEXT fields
anyway, what is the performance hit for loading multiple text fields
for a row? What impact is there on potential caching as well, do
text's get cached better than varchars (especially if a varchar is
using the full size in memory where as a text only uses the portion
required with some structure overhead i'm sure).
Sam Moffatt
http://pasamio.id.au
The thing is that in Windows security model derived operating systems
the permissions are almost always inherited. In Windows, the child
object doesn't say "hey, I'll take your perms" but the parent object
is what determines the inheritance. A container object has one of
either options for controlling inheritance (one of which is no
inheritance) for a given permission that is set. This way when you set
a new permission on the container object it gets replicated onto the
child object even if the child object has permissions of its own. The
issue I have is that permissions are rarely one time, they change.
Requirements change and the parent (or grandparent) object's
permissions might change. In this situation that doesn't grant them
permission to edit the items as you would expect because the
permissions aren't inherited so that the secretary can edit it. The
risk of oversimplifying inheritance in the model proposed is that it
doesn't make sense to people because someone will set a permission on
a category and then will get a complaint that someone can't edit
something because we don't have a full DACL model and that particular
item isn't inherited. All I'm after is the realisation that
inheritance or nothing creates problems down the line, especially
since it will behave differently to the ACL model that almost everyone
has sitting on their desk*.
Sam Moffatt
http://pasamio.id.au
* The Windows model is also used in NFSv4 ACL's, Mac OS X and ZFS.
POSIX ACL's are similar but have a few quirks of their own (Mac OS X
implements a variant again of POSIX). Novell's model is similar again
but I don't think many people are still using Novell anyway.
someone will set a permission on a category and then will get a complaint that someone can't edit something because we don't have a full DACL model and that particular item isn't inherited.
The legacy data elements: Group and Level, should not be used in current form. Instead, their function will be merged into the new ACL “User – Action – Asset” structure.
1. Legacy Group
a. Public and Registered become new “foundation” Groups
b. Author, Editor, Publisher will be used as Actions
c. Manager, Administrator, Super Admin will be default Groups with Registered as a Parent
2. Legacy Level
a. Public and Registered are now “foundation” Groups (see above).
b. Special is replaced by Action (Login) and Asset (Administrator).
c. Confidential is not needed. Just give access to self and no one else.
d. Along with it, remove the “Default Access Level “in the Site-Site Settings-Global Configuration Utility
3. Move out of Global Configuration
a. Into User Manager Options:
i. Global Configuration – Site – Site Settings
1. Default Editor
2. New User Account Activation
3. Front-end User Parameters
b. Remove from Application completely
i. Global Configuration – Site – Site Settings
1. Default Access Level (Do not replace - access levels go away)
c. Move Into User Manager: Groups
i. Global Configuration – System –User Settings
1. Allow User Registration (Default Action for Public Group)
2. New User Registration Type (Default Action for Registered Group)
Everything should follow this simple pattern: User – Action – Asset. There is no reason to complicate with Rule Type 1, 2, and 3. Keep it simple - everything can be nicely defined with those three elements:
· User – describes who, could be a single User and it could be a Group of Users
· Action –describes what can be done, keep it a clean, normalized list of actions
o Login
o View
o Create
o Activate
o Update
o Publish (Includes archive, delete) (for users, includes activate, enable)
o Install
o Manage (Configure)
o Uninstall (Isn’t Install enough?)
o Third-party developers
§ Can add Actions – must be uniquely named
§ Cannot remove core actions – API should not allow
§ Can use core actions – and they should follow the pattern!
· Asset – Defines “what” can be acted on by whom (Note: List of appropriate Actions are shown with Assets, below, to demonstrate a normalized list can be used to achieve specifity needed.)
o Frontend
§ Action: Login
o Administrator
§ Action: Login
§ Note: This is why the “Special” level is no longer needed.
o Each Content Components
§ User Interface: display as Tree top is “All Content”, then each Content Components and the set of Categories for that Component, if appropriate
§ Assets: Administrator User, Administrator Contact, Banners, Content, Frontend Contact, Frontend User, Groups, Mass Mail, Media, Menus, Newsfeeds, Redirect, Front Users, Web links (Note: No reason to separate out Categories. Category access goes with the associated Content Components.)
§ Actions: View, Create, Activate (User only), Update, Publish action
§ Note: Any level, including “All Content”, and each of the Content Components, can be selected as the Asset. Of course, so can the Content Categories and Items.
o Each System Item
§ Assets: Administrator Languages, Administrator Modules, Administrator Templates, Cache, Check-in, Global Configuration, Site Languages, Site Modules, Site Templates, Plugins, System Information
§ Actions: Install, Manage (Configure), Uninstall
As mentioned above, the following three options should be moved into User Manager Options from the Global Configuration – Site – Site Settings.
· Default Editor
· New User Account Activation
· Front-end User Parameters
Goal: Defaults upon install should begin with ACL settings that *exactly* match what 1.5 does. The User should not have to do anything if they want the same ACL as they always had. (Of course, technically, the way it’s done will be different and the language used to describe data elements will change, but, the Use Case remains the same.)
Legacy Groups Public, Registered, Manager, Administrator, Super Administrator will be defined Groups. The old Legacy Groups: Author, Editor, and Publisher are now Actions.
Levels go away completely. Remove Menu Item and Level Option in User Manager. Public and Registered are Groups. Special is determined when a User has Action Login for Asset Administrator. Confidential is not needed. If access is not defined for content , then it will be confidential.
Here are default groups:
1. Public
a. Replaces Legacy Group Public *and* Level Public. This is a special system group that represents a visitor who is not logged on. No Groups should be added as subordinates to Public. Public cannot be removed.
b. Upon install, these are the defaults for Public:
· Public – View – All Content
· Public – Create – Frontend User (Replaces Global Configuration New User Account Activation)
· Public – Create –Frontend Contact (Form Submission)
c. Public and Registered are mutually exclusive - visitor may not be both at the same time.
2. Registered
a. Replaces Level Registered. Special system group that all members belong to. Groups must be added as subordinates to the Registered Group. Registered cannot be removed.
b. Defaults at install:
§ Registered – Activate – User
§ Registered – Login – Frontend
§ Registered - Publisher – All Content (replaces Global Configuration User Registration Type)
3. Manager
a. Replaces Legacy Group Registered.
b. Should not be deleted; can disable ???
c. Defaults at install (user in Manager Group automatically gets Registered):
§ Manager – Login – Frontend
§ Manager – Login – Backend
§ Manager – Publish – Administrator Contact
§ Manager – Publish – Banners
§ Manager – Publish – Content
§ Manager – Publish – Newsfeed
§ Manager – Publish – Media
§ Manager – Publish – Web links
§ Manager – Publish – Newsfeeds
4. Administrator
a. Replaces Legacy Group Administrator.
b. Should not be deleted; can disable ???
c. Defaults at install (user in Manager Group automatically gets Registered):
§ Administrator – Login – Frontend
§ Administrator – Login – Backend
§ Administrator – Publish – All
§ Administrator – Manage –Administrator Languages
§ Administrator – Manage –Administrator Modules
§ Administrator – Manage –Site Languages
§ Administrator – Manage –Site Modules
§ Administrator – Manage –Site Plugins
§ Administrator – Manage –System Information
5. Super Administrator
a. Replaces Legacy Group Super Administrator.
b. Cannot delete or disable.
c. Defaults at install:
§ Administrator – Login – Frontend
§ Administrator – Login – Backend
§ Administrator – Publish – All
§ Administrator – Manage –All
Groups can be defined for the purpose of assigning User-Action- Asset ACL Rules and then adding Users to the Groups.
Note: Given the Default Registered Setting, All Registered Users have View – All Content. That would have to be turned OFF before User Groups could restrict access. It would be good if the creation of a Group checked to see if Registered had the default on – and then prompted the user to disable it, if necessary.
Question: Should User Defined Groups inherit the authority of Children Groups? I suggest not to do that. Too many node based structures gets confusing.
Very simple process:
· User – Group (users are member assigned to the group)
· Action – from list, above
· Asset – from list, above
The User Manager must enable the selection of one, or many, groups for each User.
/*==============================================================*/
/* Table : actions */
/*==============================================================*/
create table if not exists actions
(
id int(11) not null AUTO_INCREMENT,
"action" varchar(255) not null,
can_delete int
)
ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=31;
/*==============================================================*/
/* Table : assets */
/*==============================================================*/
create table if not exists assets
(
id int(11) not null AUTO_INCREMENT,
asset varchar(255) not null,
can_delete int,
category_id int(11),
content_id int(11)
)
ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=31;
/*==============================================================*/
/* Table : groups */
/*==============================================================*/
create table if not exists groups
(
id int(11) not null AUTO_INCREMENT,
parent_id int(11) not null default 0,
name varchar(255) not null,
can_delete int
)
ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=31;
/*==============================================================*/
/* Table : rules */
/*==============================================================*/
create table if not exists rules
(
group_id int(11) not null default 0,
action_id int(11) not null default 0,
asset_id int(11) not null default 0,
category_id int(11),
content_id int(11)
)
ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=31;
/*==============================================================*/
/* Table : group_members */
/*==============================================================*/
create table if not exists group_members
(
group_id int(11) not null AUTO_INCREMENT,
user_id int(11) not null default 0
)
ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=31;
USER – ACTION – ASSET
Formerly, this was Rule Type 1. But, it’s implemented the same - USER – ACTION - ASSET
SELECT c.user_id
FROM jos_users a,
rules b,
group_members c
WHERE the user is enabled, not blocked, etc.
AND b.group_id = c.group_id
AND c.user_id = THE USERID LOGGED
AND b.action_id = INSTALL ACTION
AND a.id = b.content_id
Formerly, this was Rule Type 2. But, it’s implemented the same - USER – ACTION - ASSET
SELECT a.content, a.fields
FROM jos_content a,
rules b,
group_members c
WHERE the content is published and not checked out, etc.
AND b.group_id = c.group_id
AND c.user_id = THE USERID LOGGED
AND b.action_id =CONTENT
AND a.id = b.content_id
SELECT c.user_id
FROM jos_users a,
rules b,
group_members c
WHERE the user is enabled, not blocked, etc.
AND b.group_id = c.group_id
AND c.user_id = THE USERID LOGGED
AND b.action_id =FRONTEND LOGIN
AND a.id = b.content_id
Note: The Public user id of 0 must be defined in the users table – and in the group_members.for public group. It will work just like a regular user.
On Sat, Sep 5, 2009 at 7:39 PM, Amy Stephen<amyst...@gmail.com> wrote:
> Example - Category/Content Structure
>
> University
> \-- College of Arts and Sciences
> \--English Department
> \-- Staff Bios
> \-- Article 1 - Bio Dean of Department
> \-- Article 2 - Bio Lecturer
Slightly modified your diagram.
So in this model the bio's are maintained by the respective biography
owners. Easy enough to model with an owner edit ability applied
somewhere nice and high. The Dean of the Department is important
though that they should be able to edit their own but sometimes
they're busy and like the secretary to update it. They like editing
their own to put in superfluous stuff and our kindly secretary helps
resolve that as well. Since we only want the secretary in this case to
edit article 1 not article 2 we can't set it at a higher level and
have it inherit, we need to set it specifically for article 1 which
means we then can't inherit permissions.
Later on the College of Arts and Sciences appoints a web master to
maintain their sprawling web page collective. They give this person
the privilege to edit any article at the College level as one of their
new roles will be to periodically check pages and fix typos/grammar
issues. They one day go to edit the Dean's bio because they notice a
typo in it but can't because before their appointment the secretary
was granted access, the item stopped inheriting and therefore their
later permission grant is inaccessible for the given item.
One might suggest that the problem raised above is easily worked
around by providing an "apply to children" operation that takes this
new permission for the web master and applies it to all child items
that aren't set to inherit but the problem then arises of how you
revoke this permission? You can't necessarily do that because before
that they might have been granted access to an item that you unset
that should still remain because that permissions is still valid.
However you can't easily leave it there because the person then has
more privileges on disparate items than they should.
My belief is that in the majority of cases you actually want
permissions to inherit all of the time if you're going to have
inheritance. We should follow in the footsteps of a system that has
proven itself reasonably well (Windows) and offer at least a similar
behaviour instead of defining a unique behaviour. This doesn't mean we
implement every little feature it has (I have four pages of summarised
text on it if anyone is actually interested) however I'd certainly
replicate the concepts. Your average system administrator understands
it, most power users have a grasp of it and there is a reasonable
amount of documentation we can borrow as well.
Sam Moffatt
http://pasamio.id.au
Parse error: parse error in E:\Web\joomla1.6\libraries\joomla\form\fields\accessrules.php on line 81Is your patch more for visual inspection right now? Rather than use to see how the Category ACL rule assignment works?
A quick aside to something that occurred to me is that we're doing the
inheritance model backwards. You don't choose your parents, you are a
descendent of them and typically inherit their attributes. You might
override these but at the base you inherit by default.
On Sat, Sep 5, 2009 at 11:48 PM, Amy Stephen<amyst...@gmail.com> wrote:
>
> Great, thank you, Sam.
>
> Day 1:
>
> University
> \-- College of Arts and Sciences
> \--English Department
> \-- Staff Bios - Owner Edit
> \-- Article 1 - Bio Dean of Department
> Permissions are Secretary - Publisher, Owner Edit
> \-- Article 2 - Bio Lecturer
The inherited permission is still there for the dean (the owner) to be
able to edit as well as the secretary.
>
>
> Day 2:
> Dude gets job. Is assigned responsibility for oversight of all content
> in the College of Arts and Sciences.
>
> Group "CollegeWeb" created.
> -- Joomla! adds a row to the Group table.
>
> User "CollegeWebMaster" added to Group.
> -- Joomla! adds a row to the Group Members table.
>
> ACL Rule Created: Group "CollegeWeb" assigned "Publisher" Action to
> Asset "Content-College of Arts and Sciences." and the User clicks the
> checkbox "Apply to Childern"
> -- Joomla! adds five rows in the rules table:
> 1. Group: CollegeWeb; Action: Publisher, Asset: Article, College of
> Arts and Sciences Category
> 2. Group: CollegeWeb; Action: Publisher, Asset: Article, English
> Department Category
> 3. Group: CollegeWeb; Action: Publisher, Asset: Article, Staff Bios
> Category
> 4. Group: CollegeWeb; Action: Publisher, Asset: Article, Staff Bios
> Category, Bio Dean of Department Content Item
> 5. Group: CollegeWeb; Action: Publisher, Asset: Article, Staff Bios
> Category, Bio Lecturer
>
> Sam - at this point, the concept of inheritance is *done* for this
> transaction - it's a one-time batch operation.
That isn't inheritance though, it is just copying permissions to
children. You have no way of easily distinguishing the inherited
permission from one that might be set manually and unless you link the
permission back to the originating permission so that you can easily
revert the effects of that permission. However if you are going to
have a row for each inherited permission that is going to cause a
large explosion in rows. One permission at the root of the tree is
potentially going to add rows all over the place because you have to
add entries to those things that aren't set to implicit inherit (not
to mention finding them) in both categories and their child articles.
Again I don't feel this is how you would expect it to work and isn't
how it works for what most people use daily. You set a permission at
the top of the tree and it gets merged in at the bottom somehow. You
remove said permission and it disappears.
> Agree with your point that enhanced ACL will complicate life. Going
> out the door in 1.6, the simpler, the better, in my thinking. For me,
> that means "Apply to children" is a one time deal and Joomla! adds a
> Rule for each item. If there are exceptions, then those rules can be
> located, and then deleted.
>
> "Apply to Children" is simply a time-saver, in my thinking. It's used
> when there are no exceptions, or fewer exceptions then there are
> correct assignments.
>
> In the example above, absent "Apply to Children", 5 rules would have
> to be manually created. Folks ain't going to like that. ;-)
But you fail to address the issue of 'unapplying' the permission. To
revert a particular permission people aren't going to like going to n
many items to manually unapply in a way that doesn't nuke the
non-related permissions unless you record somewhere that a given
permission that you're effectively copying is from somewhere else.
What you actually are doing is copying the permission, not inheriting
it, for those items that aren't inheriting just because they want to
set one permission (in this case, granting one person extra the
ability to edit an item).
Sam Moffatt
http://pasamio.id.au
$db = &JFactory::getDBO();Perhaps more clearly, what would this code look like if I wanted to retrieve all articles for Featured in Categories 1 and 2?
$user = &JFactory::getUser();
$groups = implode(',', $user->authorisedLevels());
$query = 'SELECT *' .
' FROM `#__content`' .
' WHERE `access` IN ('.$groups.')';
$db->setQuery($query);
If we don't do that then we'll end up in the
mess we had in 1.5 with different people thinking the router should
behave in different ways. Let's agree first on what we are doing with
ACL before working out how to implement it.
What are you having trouble with? Defining the parent doesn’t work on new items, but if you go back in you can edit the parent and it will stick. Sometimes I need to hit rebuild to straighten things up.
I’m not playing with the acl, so that might be introducing other things.
Andy
You don’t need to go into the database for this one. It actually works on when you save an existing item, just not a brandnew item. New, Apply, change parent, Save even works.
I located the problem with the new category parents and submitted a patch to the Joomla 1.6 bug list.
Quick Notes:
Remove groups columns - agree. Also add a popup "profile" view to
quickly see al the user stats of the user without going into the edit
form. What you propose in the "Members" view can be done in the
current "Group" view in my opinion without reinventing too much of the
wheel.
Regarding widgets in general, we need to have Ajax working
unobtrusively. In other words, test the "refresh" version first, then
add bells and whistles. Ajax doubles the time to debug. The concept
is good (I think) but leave the ajax for a future version.
Default group - agree.
I think you need to add the legacy groups because it would be
confusing to upgraded sites.
For new sites, meh, maybe those could be
different.
We at least need to test that those legacy groups work as
advertised so you might as well include them.
The notion that they
are legacy though is not correct in my opinion. They are "just
groups".
Group-action-asset: colours are backwards :)
"View" is special and is linked to the Access Levels and it falls
under the Type 3 rule category. Group-action-asset is a Type 2 rule.
Group-action is a Type 1 rule. Suffice to say you break the whole
system if view is included here.
I think the tree is fine but I agree let's not worry about
inheritance. I think the tree structure will help people organise
large organisations (actually I know it does with implementations of
Control).
I think the action widgets need to be in the context of the asset.
You get into scaling problems when you add other extensions and types
of data - so let the "type" of data manage rules it knows about.
Still use widgets but do it in context. You will have the case where
a person will have access to categories, but not to the user manager.
Also would like to experiment if allow|deny is possible (allow to all,
deny to some).
The view access stuff you propose will require an entire
re-architecting of anything we've done to date. It's in the too-hard
or back-square-one basket.
It's a compromise between power and ease
of use. I actually do not know how to achieve what you propose
programmatically, nor does Mike Benoit who created phpGACL.
Other than that good overview. Something to add to the introduction
is that in 1.5 all this stuff is actually there, but just hidden and
hard-coded in the API. So we are bringing out actions that Joomla
already uses, you just didn't know about them. However, one weakness
is that you've only concentrated on articles and not really thought
about how other extensions come into the picture (what happens when 50
extensions, including core, are installed all having their own bite at
the ACL pie).
That said, I still think we need to establish a matrix of all the type
1, 2 and 3 rules that the Joomla stack will support before we spend
too much time on the UI. If we dig too much into the UI first, we
risk running into scaling problems. I don't really care what the
process is that get's us there, but it needs to be done.
Regarding the view permission, you can disagree with me but you are
travelling down a road I have already walked. Good luck.
2009/9/11 on Sponge <goo...@onsponge.com>:
>
> Also, in groups. The ability to tag / categorise groups would be
> useful. Examples could include security, mass mailing,
> administration, design, etc. From an administrative point of view,
> this will greatly help with the management of groups. It is typical
> of companies / administrators to create many many many groups only to
> confuse themselves. By allowing tags would ease the categorisation /
> management. Personally, I try to separate groups for mailing lists vs
> groups for access control purposes.
There is nothing stopping you from creating benign container groups, eg:
Public
- Registered
- - Mailing List
- - - PHP
- - - MySQL
Where mailing lists has no users (but could be used to send an alert
to all mailing list groups).
> One thing that was not clear to me, watching the video, was whether or
> not the defined Groups (creator, publisher, etc.) was manageable or if
> they had a predefined / fixed set of permissions. It appears as those
> they are fixed. Which means that if you can archive you can also
> delete as an example. Is my understanding correct? If so, then a few
> more comments ......
It's fixed in 1.5. 1.6 is about unfixing it (pun intended).
> The issue describe was that some administrators wanted to assign edit
> privileges to users who could only create?? Correct me if I am wrong
> on this. Now we have the option to use a system wide parameter to say
> creators can create or creators can create and edit. What happens
> when we want some creators to create only and others to create and
> edit? To do this we must, I assume, set the system wide parameter
> such that creators cannot edit. Then add, those specific creators to
> a publishing group. But what if I don't want them to delete and
> archive? Ie edit only. Would it make more sense to have authors,
> editors, publishers? Or keep the various permissions independent ie
> no access, view, deposit, append, update, edit, install, un-install,
> publish, unpublish archive, delete and then assign these permissions
> to the various groups. A real example is one of my business partners
> can deposit articles but cannot read them. I have an journalist who
> can read and edit the article but not delete nor publish. I have an
> editor who can read, edit, archive and delete. Of course I may even
> want to restrict who can publish / unpublish or who can allow articles
> to be replicated to another website in the case of multiple websites
> in which case I may want to create my own permission called
> synchronise.
There is no real need to change the default groups because they serve
a useful purpose (and good examples). The advantage in 1.6 is that
you'll be able to tweak what "author" means if you need to. Or you
can delete the sub-tree from authors down and roll your own.
> How do we explicitly deny access, to a particular article, say ART,
> from a specific person, say ABC? I assume that person would be
> assigned to the registered group along with another 10,000 or so
> people. Then, I would have to create a specific group called deny_art
> to article ART and include ABC in that group. Then grant deny_art to
> everything else that is going on??
I'd like to assume that "allow" and "deny" can be supported at least
for now. So you can blacklist (allow all, deny some) or white list
(deny all, allow some).
The problem with granularity is that it comes at a price. You have to
accept that in order to get granularity, you have to administer at the
same granularity (in other words, the time you spend managing
increases where you want permissions to be more granular). It's not
possible to say I want 5th order granularity but be as easy as 1st
order (assuming 1st order is a very basic rule set related to all
users). With coarse granularity you can probably get away with
consider all content to be equal. Go finer and you have to start
taking individual content types into account.
$db = &JFactory::getDBO();
$user = &JFactory::getUser();
$groups = implode(',', $user->authorisedLevels());
$query = 'SELECT *' .
' FROM `#__content`' .
' WHERE `access` IN ('.$groups.')';
$db->setQuery($query);