Today we will explore one of the greatest feature of Joomla! that comes built-in with core Joomla. This in-built ACL feature gives you the ability to control to your application exactly what the user can see and what User can do.
Before dive into the main code section lets understand the Level of Permissions which apply to front-end and back-end.
- Global permissions
- Component permissions
- Category permissions
- Article permissions
These permissions flow down, so Global permissions have top permission, means if you deny or allow something in the Global Permissions then it will also affect to component permissions, article permissions and so on. Just keep in mind that deny always wins in Global Permissions so it will override when you set other permission in the child.
You can find more details about Global Permissions on the Joomla Documentation site, so lets switch to Component Permissions.
Component Permissions
I assume you have already created a component for your project and you have basic knowledge of creating Component. In this article I will use one component that I have built only for this tutorial.
You will find component permission settings when you press Options button in your Component (Back-End).
Now you may be excited to know where these permissions have defined in code and where that file is located, don't worry I am here to guide you through all the steps.
These permissions have defined in you access.xml file in admin folder of your component. let me give you a screen cast that I have already created. Remember your access.xml may be differ from mine because I have created this file only for this Tutorial.
<?xml version="1.0" encoding="utf-8"?>
<access component="com_hotel_booking">
<section name="component">
<action name="core.admin" title="JACTION_ADMIN" description="JACTION_ADMIN_COMPONENT_DESC" />
<action name="core.manage" title="JACTION_MANAGE" description="JACTION_MANAGE_COMPONENT_DESC" />
<action name="core.create" title="JACTION_CREATE" description="JACTION_CREATE_COMPONENT_DESC" />
<action name="core.delete" title="JACTION_DELETE" description="JACTION_DELETE_COMPONENT_DESC" />
<action name="core.edit" title="JACTION_EDIT" description="JACTION_EDIT_COMPONENT_DESC" />
<action name="core.edit.state" title="JACTION_EDITSTATE" description="JACTION_EDITSTATE_COMPONENT_DESC" />
<action name="core.edit.own" title="JACTION_EDITOWN" description="JACTION_EDITOWN_COMPONENT_DESC" />
</section>
<section name="booking">
<action name="core.create" title="JACTION_CREATE" description="JACTION_CREATE_COMPONENT_DESC" />
<action name="core.delete" title="JACTION_DELETE" description="JACTION_DELETE_COMPONENT_DESC" />
<action name="core.edit" title="JACTION_EDIT" description="JACTION_EDIT_COMPONENT_DESC" />
<action name="core.edit.state" title="JACTION_EDITSTATE" description="JACTION_EDITSTATE_COMPONENT_DESC" />
<action name="core.edit.own" title="JACTION_EDITOWN" description="JACTION_EDITOWN_COMPONENT_DESC" />
</section>
You can add more action to controll your application. for example if you want one action to set which user group can view hotel private information detail. for that we will set
<action name="core.view.p_details" title="View Private Details" description="JACTION_PRIVATE_COMPONENT_DESC" />
Now come to the frontend of this component. here we will access these settings..
open components/com_hotel_booking/views/bookings/tmpl/default.php
you can access your control by just one line of code, bellow are examples..
$canCreate = $user->authorise('core.create', 'com_hotel_booking');
$canEdit = $user->authorise('core.edit', 'com_hotel_booking');
$canCheckin = $user->authorise('core.manage', 'com_hotel_booking');
$canChange = $user->authorise('core.edit.state', 'com_hotel_booking');
$canDelete = $user->authorise('core.delete', 'com_hotel_booking');
$canViewPrivate = $user->authorise('core.view.p_details', 'com_hotel_booking');
[4/16/2015 5:54:25 PM] Mohd Irfan: if (!$canViewPrivate && $user->authorise('core.view.p_details', 'com_hotel_booking')){
echo "You don't have permission to view this content";
}
so now you are ready to go... you have assigned all your control to the variables..
you can do the required logic for example...
if (!$canViewPrivate && $user->authorise('core.view.p_details', 'com_hotel_booking')){
echo "You don't have permission to view this content";
}
0 Comment(s)