Thu 05 Feb 2009 |
Has it been worth the wait?
Written by Andrew Eddie
Revision 11602 in the Joomla source code repository is an historic moment. It is the commit when advanced access control finally became available for Joomla users. One small step for a developer - a huge step for the Joomla project. While still very rough, all the foundational elements are now in place to launch Joomla into a new era.
Let's have a quick look at the new system as it stands currently.
New Members Component
Joomla 1.6 will be replacing "user" management with "member" management. This encompasses not only advanced access control but also an extendible member profile system.
The new Members Component is currently found under the Components item in the Administrator Menubar (a temporary home). It allows you to manage members in a similar fashion to the old Users Components (still present for now while we are swapping over). It also allows you to add new member groups and new access levels.
Let's have a look at the member groups first. The following screenshot shows you the group list screen. It shows you the list of groups in a tree hierarchy and the number of members in the group. The last column shows a list of the "actions" that a member in that group is permitted to perform (this column may change or be refined as work progresses). You can see a new example group called "Politicians" in the tree.
The following screenshot shows a member group edit screen. It's quite simple at the moment. On the left there is a list to select the parent for the group in the tree and a place for a title. On the right is a list of "core" actions that members in the group will be permitted to perform. At present on "Site Login" and "Administrator Login" are hooked into the system. So you can see that our traditional "Manager" user has the ability to login to both the Administrator and frontend Site. Due to inheritance of actions, members in the "Administrator" and "Super Administrator" will automatically be able to login as well. As work progresses, more actions will come online.
The next screenshot should be familiar - the members list. You can see a new member has been assigned to the "Politicians" group (welcome Mr Rudd). Below the list is an update utility that will eventually allow you to move, add and remove members in and around groups.
The member edit screen shows a lot of new information. On the left we have the usual user/member details (names, emails, etc) and member preferences. Beneath this is something new. This is a pluggable member profile system. Joomla Plugins will be able to add extra fields to a member's profile. On the right you can see the member group tree. You will be able to assign members to multiple groups.
Finally we come to the new access levels. The following screenshot shows you the access level list. Each extension will be able to have its own subset of access levels (this is what the "Section" column means). The last column lists the member groups that have permission to view content in the respective access level. So you can see that a guest (in the "Public" group) will be able to see content in the "Public" access level. Members in the new "Politicians" group will be able to see content in the "Politicians" access level.
Our last screenshot shows the access level edit screen. Once again this is a very simple screen. You provide the name for the access level and then select all of the member groups that can "view" content in this access level. You don't have to name the member groups and access levels the same - it just happens to be convenient for this example.
With all this set up, we can create some articles and assign them to the "Politicians" access level. Then when Mr Rudd logs in he can read the latest memos.
There is still a way to go (hooking in all of the edit permissions, etc) but this should be enough to whet your appetite. A lot of work has gone into making both the developer API and User Interface simple and easily understandable.
Anyway, we hope you've enjoyed this short introduction of some of the really cool new features that are coming in Joomla 1.6. It's really awesome to see this one coming together. It has been a long wait ... but I think you'll agree it has been worth it.
You can follow my development musings on Twitter from time to time.
2009-02-05 13:27:30
I like Joomla! so much but more and more often the system was refused from various clients because of the old ACL-System.
Version 1.6 rocks!
hagen
2009-02-05 13:37:36
Please look at the "Edit member" screenshot:
1. probably no need for the word "Member" in all fields captions?!
2. what is "Member GID" here?
3. Is "User profile" tab expandable via framework somehow?
Where we can edit actions and level sections?
2009-02-05 13:58:23
Wow!!!
Wow!!!
Will there be a field for avatars?
2009-02-05 14:05:18
Ruth
2009-02-05 14:54:28
2009-02-05 14:57:58
What you are seeing here is a proof of concept UI design. We have a long way to go before it is polished enough in UI for a release. What is important is that the underlying model and systems for the ACL system is built and we are getting it hooked into things. It is a long time coming
@guysmiley & Dennis
The new members system utilizes the new Form library and events sytem to allow plugins to be installed that add as many and any fields that you want. They can also manipulate the existing form fields to for example set some things as required or not. The system is designed to be exceedingly flexible and really bring Joomla into the member-centric and social landscape.
We are really excited about the future
2009-02-05 15:02:00
2009-02-05 15:04:37
2009-02-05 15:04:37
Loks really great! Don't forget "ID" column in the tables
2009-02-05 15:35:36
2009-02-05 16:08:45
2009-02-05 16:41:43
2009-02-05 16:45:34
I'm interested to read more about how the improved ACL will play with 3rd party extensions and how easy it will be for extension developers to interface with permissions definitions...
Thanks for the update Andrew!
2009-02-05 17:17:59
1) I see you have taken into account the ability have custom access levels per component, but what about custom "actions" themselves? Complex components would benefit from having multiple custom actions that could be added to the available list of actions, something that could be defined via the component definition sounds like a logical answer (I'm thinking in a manner similar to how module positions are provided by the templates)
2) How would you explicitly deny a particular user a particular action? Or add one specific action to a user? The mapping between user having groups, and groups having actions, makes it easy to manage, but hard to have fine-grain control over a user's actions. Is there going to be an override capability?
3) How about an option to show you a user's merged permitted actions in the user edit screen? This would take all the actions allowed by the group memberships, and provide a unique list of allowable actions. It would make it much easier to track down problems rather than having to go through each group the user is a member of to see why he/she is or is not able to complete a particular action.
2009-02-05 17:37:33
2009-02-05 17:37:38
2009-02-05 17:46:56
I am looking forward for Joomla! 1.6
2009-02-05 17:54:14
1) Short answer is yes -- longer answer should probably be on a dev mailing list and not in a comments thread
2) Short answer, the system can handle any of that its just a matter of what UI you expose. We are choosing to expose as simple an interface as possible to not overwhelm the average user, but as you well know good ideas are welcome. Longer answer again would be better on a dev mailing list.
3) That is a great question. We are envisioning the potential for a massive number of actions/assets so a screen like that could get unwieldy quickly. We are looking to do something like that for what we are calling Action Rules (type 1 rules) which won't blow up as quickly. Personally I am thinking that 1.6 probably won't ship with an uber-comprehensive top-down tool to manage things in the sense of a com_permissions if for no other reason than available time and resources, but we hope to be working on it with whomever wants to play alongside the CMS releases and when its mature enough I suspect we would welcome it in with open arms
2009-02-05 18:56:10
2009-02-05 19:07:10
No more core hacks and dependancy on 3rd party developers for ACL stuff.
One more reason to use Joomla for an intranet (and finally do the upgrade from 1.0.15 to 1.x
Many thanks to all developers involved. Keep on the good work!
2009-02-05 19:20:28
2009-02-05 19:41:21
About the member's group I'm thinking about :
1 - modules, those only available to a specific group;
2 - delete the contact component, now it can be supplied by a simple specific members group viewable in a list page in your site;
3 - more control over author / member that is I mean a list of content by that author /member;
4 - making this new component easy and light avoiding too much enthusiasms...
Once again thank you JXtended team !!!
2009-02-05 22:41:04
2009-02-05 22:52:47
Yes, actually, the system will be able to support multiple "flavours" of registered users. I hadn't thought of it that way but the trunk but you can actually set this up if you wanted to right now. Nice one
@newart
Modules will be hooked into the new access levels, so yes, you can lock modules down to specific groups of people.
Contact component is being replaced with something more robust. It's still needed because not all contacts are necessarily users.
Regarding authors, I'd like to explore this more but we also need to be conscious of actually delivering 1.6. It will probably be available but it's not something we'll hold the software up for if it's taking too long.
And finally we've deliberating kept this first implementation "simple" so people can "get it" without too much trouble. The API for the developer is also so, so simple. For example, for viewing rights, mostly a developer will have to change a line like this:
'WHERE a.access aid
to
'WHERE a.access IN ('.impldode(',', $user->authorisedLevels()).')'
Who cool is that
2009-02-05 23:12:15
I can't wait for 1.6 w00t!
2009-02-05 23:59:16
In other words, can I set a group's actions (Edit Group- Actions Permitted) to allow/disallow access to a specific menu item?
I may want my Authors to login to the backend but not even see that there is a Configuration or Components menu.
2009-02-06 01:25:29
2009-02-06 02:13:01
2009-02-06 05:02:25
2009-02-06 06:01:17
2009-02-06 06:29:19
2009-02-06 10:13:49
2009-02-06 12:58:51
Keep up the great work!
2009-02-06 13:54:32
Is there already some guidelines on how to develop new extensions in order to correctly exploit new ACL features?
I'm developing an extension (which is quite complex and has many views needing access control) for J1.5 and it would be annoying to arrange it again once J1.6 is released...
Thanks again for your incredible work!
2009-02-06 16:46:10
thanx 4 yr clear reply (as usual
What I mean is that a member group might be a contact one or a user one too. So there is only one component. (another idea of my own should be to delete the poll comp too... - there are 3d parties for that - but it's another argument.)
Have a good time!
2009-02-06 18:39:22
Especially the Joomla Plugins support for add extra fields to a member's profile. Then you can have more control of users preferences - so you know who your users are
@Jason Boyette very good point.
2009-02-06 20:16:21
2009-02-06 23:53:15
2009-02-07 05:36:50
2009-02-07 08:40:56
Regarding the poll component, please read what Wilco Jansen wrote in this blog
Wishes come true
2009-02-07 10:22:56
Or do we have the same problems as for 1.0.15 to 1.5
2009-02-07 15:09:07
2009-02-07 19:11:06
2009-02-08 05:03:37
"Drop the Polls component because the quality of that extension is pretty bad..."
We want polls, just not the old one!!!! Hey, I have an idea; let's take a poll!
2009-02-08 06:52:23
The JFusion team eagerly awaits the Joomla 1.6 new capabilities, as this will allow us to synchronise usergroups between softwares integrated with JFusion and Joomla itself.
The new ACL system will open up a lot of exciting new possibilities. Great job!
Thanks, Marius
2009-02-08 09:43:53
2009-02-09 07:24:06
Keep up the good work!
2009-02-09 17:35:13
2009-02-10 19:44:27
2009-02-11 10:16:13
I'm certainly aiming for the backend to be lock-downable.
@Cristiano re API guidelines
They will come out with the Alpha
@Harrison re updating/upgrading
There will be a database "upgrade" option (not a migration like last time). But components will need to be upgraded to use 1.6. Sadly many of the so-called 1.5 "native" extensions actually cheat and still do not use the full 1.5 API. If an extension uses the 1.5 API properly, the authors will not have much work to do to make a version for 1.6.
2009-02-13 11:34:30
I'm a newmbie to Joomla 1.5.9 - been building a site for the last few weeks.
Its been a steep learning curve but all working fine. Then i tried implementing login for reg users & authors etc.. and cam accross the problems of adding weblinks etc..
The new system looks awesome and EXACTLY in the right direction for what i need.
Will it be a simple case of updating 1.5.9 to 1.6, like i did with 1.5.8 to 1.5.9.
Regards
Joomla and open source ROCK !!!
2009-02-17 13:54:36
what a great evolution. Cant wait to work with it.
Please keep it as customizable as possible for 3rd party developers.
Big thanks to all the Joomla Staff!!
2009-02-19 01:47:51
One question, if a front-end user is denied permission to access a category or section, will that category/section appear on the menu for that user. Would be preferable that it does not, rather than getting an "access denied" messg.
2009-02-24 05:33:03
2009-02-27 07:17:15
Also rumored, XML-RPC is being removed. The plugin is indeed not present in SVN.
Can someone in the know please explain?
2009-03-01 10:54:22
Gruop Moderators
Maybe I havent cathed it up but another important feture would be that I can assign one ore more Moderators (admins) to a gorup, able to maintain that group. Say you have a couple of people would like to found the "London Arts Club". They should be able to ask for that group and get admin right to maintain that group. This goup can be maintained by one or more moderators (admins). The moderators should be able to define their own forums as well to write newsletters to their group members in that manner that those members will find that newsleters, announcements etc. in their inbox.
I'm running my site since 6 years. And I have a couple of features I would like to see for the members: e.g event calender coupled with group related dates. "Let's say the London Arts Club" would like to make a verisage at 2nd April. They should be albe to mark it in their event calender. By doing this an announcement (newsletter bein in the inbox of an member) should be albe to be sent out to their members. The members should be able to select to atendt to the vernisage by using a button "Yes" or "No" (like a survey). The result of the group attendance (survey) to that event should be visible in the event calender of the group. In this manner a goup member is able to see how many people are going to attent to this event and if it is in interesting enough for him to attend also by beeing able to see the list of attendies (Yes) and the list of rejecters (No).
2009-03-02 10:14:55
Can these feature make each particular group see assigned menu differently at Frontpage?
I have a clinet asking this.
2009-03-23 17:09:58
I was so excited to read about this! I can't wait for this kind of user control, which my members really need.
I'll watch the news for 1.6!
Thanks,
Matthew
2009-03-24 12:40:30
2009-03-26 11:22:14
2009-03-31 16:10:01
What I hope to achieve:
1) my users to be able to edit/publish their own content.
2) my users to work on an article as long as they need/want and publish only when they are ready.
3) When they are working on an article -and have not published it- this article must be considered PRIVATE and not visible for any of the other users
In the old days we could hack this by changing some "all's" in some "own's" with the publisher in gacl.class.php
Keep up the great work!
2009-04-03 16:38:49
Keep up the good work!
Regards.
2009-04-21 22:39:02
XML-RPC support changes in 1.6:
http://docs.joomla.org/Version_1.6_Developer_Notes#Files.2FFeatures_Dropped
http://groups.google.com/group/joomla-dev-cms/browse_thread/thread/14e277a21e1b21a7
2009-05-28 11:43:11
- Allow functional granularity in new access levels (so that, I may create a new level called "semi-special", where a you can submit an article but not see menu items currently listed under "special". Currently if I allow a user to submit article, I'll have to take them above "Registered" status, and instantly all my admin menu items become open to them.
2009-06-09 10:16:30
2009-07-23 23:41:08
2009-08-31 08:45:46
2009-09-18 04:10:11
For ourselves and for clients we are finding ACL not being core to Joomla takes it off our evaluation list.
2010-01-06 21:17:57
Thanks and awesome work!