Simple ACL per Joomla 1.5
Simple ACL
SimpleACL for Joomla! è un componente (che lavora insieme a un plugin) per limitare ad alcuni utenti registrati l’accesso in lettura, scrittura o modifica agli articoli appartenenti a “sezioni” selezionate.
Il componente agisce solo sugli articoli (com_content) e non influenza gli altri componenti (forum, newsletter ecc.).
SimpleACL entra in azione dopo aver esaminato le regole predefinite di Joomla basate sul livello dell’utente (author, editor, publisher) e quindi non entra in conflitto con queste.
Il componente permette di impostare una regola d’accesso predefinita, per esempio si può consentire la lettura di tutte le sezioni come regola predefinita, salvo poi restringere solo ad alcuni particolari utenti l’accesso in scrittura a una o più sezioni.
Si può anche impedire a tutti gli utenti l’accesso in lettura come regola predefinita, concedendo poi l’accesso esplicitamente solo ad alcuni utenti.
A cosa serve?
Un tipico caso d’uso è il seguente:
- Una ditta o un’ente è composto da diversi reparti e ciascuno di essi ha una apposita sezione sul sito web.
- Ogni reparto ha utente designato all’inserimento di contenuti nel sito web della ditta.
- Ciascun utente deve poter inserire articoli solo nella sezione dedicata al proprio reparto.
- C’è un utente speciale che essendo addetto alle pubbliche relazioni deve poter inserire articoli anche nelle sezioni relative agli altri reparti.
- Ci sono alcune sezioni contenenti articoli che devono poter essere letti solo da particolari utenti.
SimpleACL permette di impostare permessi d’accesso per determinate combinazioni utente/sezione (oppure gruppo/sezione) rendendo quindi possibile questo tipo di configurazione.
Come funziona?
SimpleACL usa una tabella per configurare le regole d’accesso per determinate coppie utente/sezione, le regole sono controllate tramite un plugin di sistema quando l’utente accede ai contenuti.
Per saperne di più sul funzionamento di Simple ACL, fate riferimento allo schema Decision Flowchart.
Da tenere presente
- Il componente agisce solo a valle dei ruoli predefiniti di Joomla, se quindi una sezione è disponibile solo per gli utenti con ruolo “publisher” e l’utente ha ruolo “author” anche se impostate una ACL per consentire l’accesso a questo utente, l’utente non avrà comunque accesso.
- Le ACL si applicano (ovviamente) solo agli utenti conosciuti quindi autenticati tramite login e password.
- Le ACL funzionano solo nel front-end.
- Gli utenti con ruolo “Administrator” o “Super Administrator” non sono soggetti alle ACL.
- Al momento sono supportati solo i gruppi standard di Joomla, il componente non è quindi adatto a gestire un gran numero di utenti e sopratutto non supporta gruppi definiti dall’utente.
Licenza e costi
Il software è distribuito sotto licenza AGPL (Affero GPL) v. 3.
Per poter scaricare il componente si richiede un pagamento di 45€ (IVA inclusa, regolarmente fatturati) come contributo una tantum per 12 mesi di assistenza remota.
Traduzioni
I messaggi sono relativamente pochi e sono tutti contenuti in una cartella “language” con il file corrispondente alla lingua.
Al momento solo il file relativo alla lingua inglese è presente nella distribuzione.
What’s new in version G.x series
This new version brings many enhancements:
- limited group support
- check/uncheck all actions when editing ACLs
- Admin users will not be shown in the user list when creating ACLs
- limited menu integration
- DB backward compatible (will not overwrite your existing ACLs, but make a backup first)
Let’s give a closer look to some of the coolest new features…
Limited group support
You can now add ACLs to the following standard Joomla user groups:
- registered
- author
- editor
- publisher
- manager
In case of ACL conflicts between group-ACLs and user-ACLs, the second will always prevail.
Limited menu integration
Many of you have asked for an ACL-aware menu.
You can now enable menu integration as an experimental option in Simple ACL configuration.
If you enable this option, Simple ACL will try to hide menu items that point to articles, sections or categories that are not accessible by the logged in user.
In some cases, it can happen that all menu items are hiddden, in this case the user will see an empty menu list, but Simple ACL will not be able to hide the title of the menu itself because it operates at a different level in the joomla processing flow.
Screenshots
-
- Simple ACL Decision Flowchart
FAQ
Is this thing “stable” ?
Yes, sure. It’s now used on several production websites.
Can I limit access to a category instead of a section?
Not in the current version.
I will eventually implement it in a future version (but please don’t ask me when 
)
Will Simple ACL alter in any way menu items or search results depending on user ACLs ?
Yes, Simple ACL comes with some companion plugins to hide unaccessible items from search results amd the latest version has also an experimental feature to hide unaccessible menu items from menus.
How will I receive the software after the donation?
After a successful payment, you will receive a download link via email.
The email is automatically sent immediately after a successful payment, please check your spam folder if you don’t receive it in a few minutes.
Why should I pay for a free software component?
I think an explanation is needed: in my career I developed a couple of free (“free” as in “free speech”) software projects (KMLMapserver, MapStorer, Joomla FAP, SWFslideshow to cite a few), all of them are also “free” as in “free lunch” but in more than ten years I did not receive one cent as a donation, most of the time those projects were funded by one or more of my customers.
After keeping Simple ACL unpublished for a while, I simply felt I couldn’t spend time to publish, promote and give assistance on another free software project for nothing, I was simply dedicating too much time in open-source free projects without receiving back any money.
That’s why instead of keeping Simple ACL hidden in my desktop I decided to distribute it for a small fee, please note that this fee goes to cover the plain costs of assistance (answering to emails, writing documentation etc.) and development of Simple ACL, I will certainly not get rich with this fees.
This is not in contrast with free-software philosophy: GNU Free Software Foundation philosophy not only says that you can distribute free software for money, but encourage you to do so:
http://www.fsf.org/licensing/licenses/gpl-faq.html#DoesTheGPLAllowMoney
http://www.gnu.org/philosophy/selling.html
Can I distribute or sell Simple ACL?
Yes, you can. But doing so, you will probably provoke a stop in the development of Simple ACL, since I will not raise enough funds to cover the costs of its development.
It’s up to you.
Is this fee an yearly fee?
No, you donate once, you get the software and one year email assistance to set it up. That’s all.
I will send you all the future versions of the component (if any) for free.
“Delete” ACL rule doesn’t work
True, but this is not my fault, Joomla does not allow article deletion from the font-end, hence this rule is useless at the moment (but I have implemented it in case future Joomla versions support deletion from the front-end).
Why “Simple” ?
Well, because the objectives of this project were limited:
- do not touch the core of Joomla
- be unobstrusive: you can install and remove the component without consequences
- do not interfere with standard Joomla user and permissions: Simple ACL respect standard Joomla permissions levels, and only acts after Joomla has done its checks and controls
- solve a simple problem: let selected users to access and/or edit selected sections
I have 1000 users and 1000 sections, does Simple ACL suit my needs?
Probably not: Simple ACL does not support user defined (custom) groups, this mean that you should set up 1000 ACL’s to bind your 1000 users to their 1000 sections. This is just unpractical.
The latest version has limited group support. You can now add ACLs to the following standard Joomla user groups:
- registered
- author
- editor
- publisher
- manager
In case of ACL conflicts between group-ACLs and user-ACLs, the second will always prevail (see the Decision Flowchart scheme for details).
What kind of default access policy should I choose?
Simple ACL allows you to configure a default access policy on the individual actions (Create, Update, Retrieve and Delete (the lattest not being implemented in Joomla front-end at the moment).
Please remember that Simple ACL rules apply only to registered users, by keeping this in mind you could have two main scenarios (other scenarios or combinations are of course possible):
1 – Your website is completely public (everybody can see everything) but you have (for example) three authors (A, B, C) and two sections (A, B). You want user A to edit only section A, user B to edit only section B and user C to edit both. In this case, you would
- create users A, B and C as authors (or editor or publisher)
- set Joomla standard access to “public” for sections A, B and C (this is the default)
- set Simple ACL default access policy to Retrieve=Allow, Create=Deny, Update=Deny, Delete=Deny
- create one ACL for user A/section A to allow all actions (Create, Retrieve, Update, Delete)
- create one ACL for user B/section B to allow all actions (Create, Retrieve, Update, Delete)
- create one ACL for user C/section A to allow all actions (Create, Retrieve, Update, Delete)
- create one ACL for user C/section B to allow all actions (Create, Retrieve, Update, Delete)
2 – Your website is mainly public, but you have some private sections that you want to be accessible only from selected users. You have (for example) three authors (A, B, C) and two private sections (A, B) and you want user A able to read (and not edit) section A, user B able to read (and not edit) section B, user C able to read (and not edit) all three sections. In this case, you would
- create users A, B and C as registered (remember, they don’t need to edit anything, just read)
- create sections A, B and C and set standard Joomla access level to “registered” otherwise all user (included A and B) would be able to read section A and B while not authenticated (logged in)
- set Simple ACL default access policy to Retrieve=Deny, Create=Deny, Update=Deny, Delete=Deny
- create one ACL for user A/section A to allow Retrieve and deny all other actions
- create one ACL for user B/section B to allow Retrieve and deny all other actions
- create one ACL for user C/section A to allow Retrieve and deny all other actions
- create one ACL for user C/section B to allow Retrieve and deny all other actions
Why two different plugins?
System plugin must always be installed and activated otherwise Simple ACL will not work.
Content plugin is only useful when both of the following conditions apply:
- in your default access policy (as set in component parameters window) Retrieve=deny
- and you have a mixture of articles coming from allowed and denied sections in the front page
If given the conditions above you don’t activate the content plugin, a single denied article in the front page will deny the whole page.
What happens when a logged in user try to access/edit a denied page?
A “denied page” means a page containing an article that belongs to a section non accessible by that user because of Simple ACL restrictions.
The user will be redirected to a page generated by Simple ACL component (or to an URL of your choice, you can configure the URL through the component parameters configuration in the control panel). The generated deny page shows the deny message that you can change through the Simple ACL parameters settings in the control panel. The page shows also the default Simple ACL policy and the existing ACLs for that user so the user can see exactly which sections he can access.
24 September 2008 at 12.54
[...] ItOpen – Open Web Solutions, WebGis Development » Blog Archive » Simple ACL ready for Jo… Says: 2008-09-24 at 12.36 pm [...]
20 November 2008 at 19.26
Can you copy ACLs or must you create them from scratch each time? What is the approximate fee in US $?
20 November 2008 at 22.54
@Daniel
No, there is no copy function, but it would’nt help much if it were there, since you should edit the ACL in any case at least to change the user/section combination.
21 November 2008 at 16.23
Hi, is it possible to have this limit category access instead of sections?
21 November 2008 at 16.42
@Ollie,
not at the moment, I will eventually implement it in a future version.
27 November 2008 at 10.24
Gentilmente vorrei sapere se una volta acquistato il componente può essere installato in più siti da me gestiti.
Grazie
27 November 2008 at 10.27
@Silvano
certamente!
05 December 2008 at 15.57
I just paid & got it in few minutes. I’ll make a comment after job… On the start all is OK!
11 December 2008 at 3.36
Hello,
Is it possible with “simple ACL” make articles that are only visible to one user.
I would like to generate for each of my customers page with info considering only them.
11 December 2008 at 9.50
@Prea
this can be done with Simple ACL: you can set default access policy to Retrieve=deny so that registered users (remember: Simple ACL has no effect on “guests”) will not have access to any section while logged in.
Then you can set up an ACL rule for each customer to give him Retrieve=allow access to their personal section.
Using a combination of Joomla standard access level (public, registered, special) and Simple ACL rules you can achieve many complex access control setups.
13 December 2008 at 17.44
your example:
create one ACL for user A/section A to allow all actions (Create, Retrieve, Update, Delete)
So this user would then be able
1. to submit a new story from the front end (once logged in) but would he be able to publish it – that is, would it appear in the publice part of the web site as soon as he saved it?
Thanks,
Richard
13 December 2008 at 19.34
@Richard
Yes and no: the user A would be able to submit a new article in the section A, but if the article will be published or not will depend on Joomla standard role of user A (author, publisher or editor).
Simple ACL plays *before* Joomla core system and respect standard Joomla roles.
13 December 2008 at 20.21
Thanks for your reply. You wrote:
Yes and no: the user A would be able to submit a new article in the section A, but if the article will be published or not will depend on Joomla standard role of user A (author, publisher or editor).
Simple ACL plays *before* Joomla core system and respect standard Joomla roles.
My quetion: so if user A was registered as a publisher in the Joomla core system, he would be able to submit, publish and edit, but only in section A? He would not be able to do any of these things in any other section?
And the section we are talking about here is the standard Joomla section of section and category?
Thanks,
Richard
13 December 2008 at 22.55
@Richard
Yes to both your questions.
Keep in mind that you can set default Simple ACL rule that will be examined if there is no explicit ACL match for a specific user/section combination. In your case, I would set default Simple ACL rule to Create=deny and Update=deny, so that only users for which an ACL exists will be able to submit or update articles in a given section.
15 December 2008 at 16.46
@Martin,
no, Simple ACL works on sections and not on articles.
15 December 2008 at 17.42
You wrote (above): Keep in mind that you can set default Simple ACL rule that will be examined if there is no explicit ACL match for a specific user/section combination. In your case, I would set default Simple ACL rule to Create=deny and Update=deny, so that only users for which an ACL exists will be able to submit or update articles in a given section.
Well, it works after a fashion but its operation is too confusing, I believe, to let loose on users.
What I wanted was the ability to restrict a user to creating and publishing in his own section. I assumed that he/she, once logged in, would only find edit buttons on his/her own section articles, but this is not the case. Edits are visible on all articles/sections just not saveable right at the end of the process.
Having set it up by allocating a different section to each user, and setting the permissions as you suggested, in order to publishe their own articles the user needs to be set as a Joomla pubisher. When this user logs in he is certainly able to edit his own section and publish to it, but all the other articles on the web site also appear with the ‘edit’ icon and this user can go through the motions of editing other articles. When he tries to save he will be denied but it seems to me this is too late and too confusing.
Even if I set the default ACL rules to deny for all categories, when this user, classed as publisher and allowed by ACL to use all functions – articles in other sections are invisible but not the ‘edit’ symbol and clicking on the edit symbol brings up the editing window allowing all functions except save when one gets to the end.
I guess this is the way it works, but it seems simpler, in the end, just to ask the user to stick to his own section and leave others alone – certainly less confusing to the user.
Richard
15 December 2008 at 18.05
@Richard,
You are absolutely right: it’s confusing etc..
The problem is that to achieve the ideal behaviour you must change the core of Joomla, a plugin or component will not be sufficient.
Other ACL components choose to alter Joomla core (it means to overwrite some of the core files and/or alter default database tables) this quickly becomes a mantainance nightmare and cause a lot of problems at installation time and/or if you wish to remove the ACL component.
Similar behaviour can be obtained at the template level, but this also make impossible to distribute the code since virtually everybody use a different or a customized template.
Simple ACL comes from a compromise: what can be achieved with standard components or plugins without altering the core? What you miss is the possibility to act “before” the user click “submit” (that would mean changing the core) or to hide the edit icons (that would mean alter the template).
On the other hand, a system plugin (as Simple ACL system plugin) is far more safe that a template based solution.
To tell you the truth, all Joomla ACL components I’ve seen so far are only hacks and Simple ACL is not an exception: a real ACL system *MUST* sit in the core, we all hope Joomla 1.6 will bring us a stable and functional ACL system.
16 January 2009 at 13.56
Simple ACL is working very satisfactory on my Web page.
Of course it should be better to have the some possibilities on categories. Now the only way is to create new sections instead categories and bigger site makes you more troubles with internal structure.
Please think about it – the way how to do it isn’t very complcated, is it?
16 January 2009 at 16.05
@Pawel,
it’s more complicated than you can imagine…
… if you want a bullet-proof solution that can work with both sections and categories in all kind of scenarios the people is using Simple ACL at the time being.
Of course, IF (you just need categories AND you are satisfied with a quick hack AND you can do some PHP coding) THEN you could do it in a couple of hours (testing included)
18 January 2009 at 23.18
@Pierre
Try this: in Components -> Simple ACL -> Global configuration
set “Show configuration” to “yes” and change “Deny message” text to something more descriptive, like “Sorry, you are not able to submit articles in this setcion, please see below the default settings and the ACLs set up for your account”
For your second question, you could set Global configuration “Retrieve” to “yes”, this way all users will be able to read all sections (if there is not an ACL that explicitely blocks access for a given user/section combination).
06 March 2009 at 12.59
Thanks for the reply Alessandro, but it is feasible that there will many thousands of users/editors, manual intervention for each one is something that i would like to avoid.
Thanks anyway.
08 March 2009 at 0.51
That would be a better solution for what i am looking for, if i could just set a permission for everyone who registers, they are automaticly set as “editors”, i only want to stop them editing certain pages, ie the home page and one or two others.
Can this be done?
08 March 2009 at 17.43
@Paul,
not with the current version, but I’ve developed a beta version that supports ACLs for Joomla standard group:
* registered
* author
* editor
* publisher
* manager
administrators will always have full access granted.
In case of conflicts, ACL for users will always prevail over group ACLs.
I think I will release this new beta for testing in a few days.
I will send the beta to all the people who have donated in the past and to all new donors.
08 March 2009 at 20.03
Ok Alessandro, can you email when you have released this and i will make a donation!
Many thanks
Paul.
19 March 2009 at 14.12
Hi Alessandro,
I have received the files this morning – thanks you!
Lee.
17 April 2009 at 4.08
Have a trial version for Joomla 1.5.10 and working over the PHP4?
I’ve try many kinds of CAL but seems not working well.
20 April 2009 at 11.32
@wanted
no, sorry there is not a trial version.
PHP4 is supported (but not recommended!) in the stable version only.
New beta version was not (yet) tested on PHP4 but I would expect it will work without problems.
15 May 2009 at 15.46
Salve,
sono un newbie assoluto e ho l’ingrato compito di dover fare il sito web per il mio dipartimento universitario, dove sono tutti anche peggio di me e quindi…
ho bisogno di una soluzione – la piu’ semplice possibile – per:
- permettere a ognuno dei 20-30 membri dello staff di modificare la propria pagina / sezione, e solo quella!
- permettere ad alcuni (5-6), di postare anche sulla front-page e in altre pagine “comuni”.
- tutto possibilmente da fare tramite il front-office.
si puo’ fare? senza grossi problemi posso far coincidere sectios and categories
grazie!
15 May 2009 at 15.59
@Giorgio,
con Joomla + Simple ACL faresti tutto quello che chiedi, solo per la home dovrai usare al posto del componente frontpage il componente content con la vista blog/sezioni scegliendo una sezione che sarà quella da mostrare in home page.
La configurazione di Simple ACL avviene dal back-end, tutto il resto lo puoi fare da front-end.
25 May 2009 at 22.35
Alessandro, thanks a lot, simple ACL works well and it is super-simple to implement!
12 June 2009 at 18.29
Hello,
I’m responsible for the Website of our public school “Technische Schule Aalen” (www.tsaalen.de).
I’m interested in your SimpleACL extension, but in our adminstration there is no official way do donate via PayPal.
Can you provide any other way to send you the money?
Thanks
Robert
13 June 2009 at 4.00
I am working on a medical tourism website where I will have public access to view some basic pages/articles and registered users who will be able to view only more detailed pages/articles. Then I need a third level of users who can access and modify perhaps only information regarding their trip. No one else can view their information unless authorized by the client–say a relative or friend they want to be aware of their trip information. This means the search function must not bring up their profiles and pages/articles.
It looks like I can set up a section for each user and restrict access to just that user, much like access to bank account information. Right?
Can Simple ACL work to provide this? I am not a programer so I need a plugin that is easily modified and set up.
Thanks.
Kathy
13 June 2009 at 11.18
@Kathy,
Yes, Simple ACL will do what you want: you will deny access to all as default ACL policy, create one section for each user, set up an ACL to grant access to that user, and only that user will be able to read/search and optionally edit or create content in that section.
And yes, Simple ACL is really “simple” to install and configure, this is its unique selling point, after all: do one thing and do it well and easily.
That said, be warned that Simple ACL was not built with military grade security in mind, this means that if you put a reserved document (say a PDF) in one of the reserved pages, if an unauthorized user knows the exact document URL, nothing will prevent her/him to download the document if she/he enters the URL directly in the browser address bar.
28 June 2009 at 18.03
Hello, I believe your product is what I need for my site. But I do have a problem. Your payment option is only paypal.com And paypal does not have my country in their country list. Is there another way I can pay for this product? because I do have a master card.
Reply Asap.
28 June 2009 at 18.17
@Chucks,
I believe that paypal also accept mastercard.
The only other option is wire tranfer (bank to bank) but you would pay the transfer costs and they could be quite high (it is also very slow).
In case you choose the wire, write me an email (the address is in Contacts page).
04 July 2009 at 11.50
hi,
just received and installed Simple Acl. Installation and setup went well, but I am unable to create any acl. Can this be due to my site running under php 4.4.2 and/or Mysql 3.23 ?
I always get a message : Error creating item. If this is the problem, is there any workaround ?
Thanks for a quick reply.
15 July 2009 at 6.39
Hi–
I’ve read through the comments thread here on what Simple ACL can and cannot do, but I’d like to ask about my specific scenarios before purchase/donation. I’ve now tried six other ACL systems and none would do everything I need in any reasonable way, so I’m hoping yours is the component I’ve been looking for!
Here’s my needs list:
1. control access by Joomla default groups (Guest, Registered, Author, Editor, etc…), but
2. control what menu items a user can see based on Joomla default groups.
3. control what content sections a user interact with based on Joomla default groups.
4. only need to have ACL rules based on Joomla default groups; do not need to add an ACL per user.
Will SimpleACL do this for me?
Thanks!
-wb
15 July 2009 at 14.14
@wayneb,
Yes and no: Simple ACL will hide menu items only when they link to “denied” sections, or categories (categories belonging to denied sections) or articles (articles belonging to denied sections). Simple ACL will not interfere with any other menu types.
So, if your menu items will only point to content items (sections, categories or articles), Simple ACL will work for you just fine.
Of course if you’re fine with standard Joomla “hyerarchical” access control (publisher > editor > author) you will not need Simple ACL nor any other additional component.
15 July 2009 at 16.09
@Frank
I’m sorry I didn’t see your comment… the next time please file your requests in http://busg.itopen.it under “Simple ACL”.
Coming to your problem, there is an issue with very old versions of MySQL, the only way to install is to run a SQL query by hand to create the necessary table:
————-
CREATE TABLE IF NOT EXISTS `jos_simpleacl` (
`id` int(11) NOT NULL auto_increment,
`userid` int(11) NOT NULL,
`action` set(‘c’,'r’,'u’,'d’) NOT NULL,
`sectionid` int(11) NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `sacl_unique` (`userid`,`sectionid`)
) TYPE=MyISAM ;
———————-
To run the query you should have access to a shell or you can use phpmyadmin which is available from most ISP control panels.
Let me know if this solves your problem.
Best regards.
16 July 2009 at 1.08
Alessandro–
Thanks for the fast reply!
I still believe I need Simple ACL or the like, as, unless I’m missing something, the standard Joomla 1.5x restrictions are Public, Registered and Special, lumping everyone above Registered into Special, which is my problem. I need to be able to differentiate access to all the standard access groups. Or, am I missing something in Joomla core? Everything I’ve tried is Public, Registered and Special; no way to tie a restriction to Editor specifically, for example….
Again, thanks for the info and, unless you have a solution without Simple ACL, I’ll most likely be purchasing it shortly.
Thanks!
-wb
16 July 2009 at 9.11
@wayneb
Yes, you’re right, I forgot that Joomla core squash all above registered into special…
Simple ACL will work for you, but remember: it works in the front-end only and for sections only.
16 July 2009 at 18.12
Can this be installed with Joomla 1.0?
16 July 2009 at 18.29
@Lawrence:
no.
17 July 2009 at 21.58
Alessandro–
Understood. Just one last question. Regarding the ‘experimental’ menu suppression/control, will it work on top-level menu ‘seperator’ items (those who have Main Menu as their direct parent but have child menu items)? If so, then this is exactly what I need, as controlling front-end access to allow some Main Menu items to only be visible to Editors or Publishers, as opposed to Authors and Registered.
Thanks!
-wb
P.S. in case it matters, I’m using J1.5.x and a RocketTheme template that uses MooMenu.
17 July 2009 at 22.43
@wayneb,
frankly speaking, your mileage may vary… Menu integration was not tested much, the logic behind it checks if the menu item is pointing to a com_content item (section, category or an article), if yes, it checks ACLs for the section and hide it accordingly.
01 August 2009 at 1.24
I surely know this question has been asked and answered but not in the way my brain is working, so…
Can I set/restrict my Authors to only be able to ‘see’ certain sections/categories and thus be only able to write to those restricted sections/categories.
eg – on my Site I have
Sections: A, B, C, D, E, F, G
I want to allow Authors the ability to ONLY write for Sections: A, B, G
(I still wish to retain Admin control over final publishing for public viewing)
Thanks
David
01 August 2009 at 8.55
@David,
yes, of course it’s possible. It’s just a matter of setting the right ACLs.
Set default configuration to Create=Deny, Retrieve=Allow, Update=Deny
Create 3 ACLs to Create=Allow and Update=Allow for group Author and sections A,B,G
19 October 2009 at 21.56
Hello! I just saw this “The latest version has limited group support. You can now add ACLs to the following standard Joomla user groups:
registered
author
editor
publisher
manager”.
it might be silly of me to ask, but just to be sure… Does that mean that Simple ACL doesn’t support the creation of other user groups??
Thanks,
Alexis
20 October 2009 at 8.44
@Alexis
Simple ACL does not support custom user-defined groups.
You can create ACLs for
* single user / single section
* standard Joomla groups (author, editor etc.) / single section
* default
This ACLs offers a broad range of use cases but Simple ACL is not the solution for *all* ACL problems, is’t “Simple” after all.
20 October 2009 at 15.56
Got it! Thank you very much for your reply, as i was saying it was just to be sure. Good luck!
23 October 2009 at 14.29
Hello,
Is your tool useful for my site?
The situation is:
About 10 people (group registered, status publisher) should be allowed to edit and insert news only in one defined category with the frontend editor. The articles in this news category are viewable by public and the first five articles are shown also on the frontpage.
They should not to be allowed to change (edit,delete) public articles in other categories (rest of the site) when they logged in the frontend.
23 October 2009 at 15.04
Yes, Simple ACL will do it but only if you change category into a section: Simple ACL works with sections, not with categories (of course you can create a section with a single category for this purpose).
You will
* set default Simple ACL parameters to allow retrieve and deny all other actions
* create an ACL for standard group “publishers” to grant edit and insert for your defined section
05 November 2009 at 11.48
I want a user to decide to register for my site from our home page… Go to paypal… become registered… then once paid and registered have access to members only menus items AND most important have their own unique portal page or section. Is this possible?
Thank You
10 November 2009 at 17.25
Your flowchart is excellent. Does a K2 (http://k2.joomlaworks.gr/) piece of content get treated the same way as a standard Joomla section/category/article?
So if I have all content in K2 instead, will Simple ACL still work?
Thanks
10 November 2009 at 17.36
@Sarah,
Sorry I really have no idea, we have never worked with K2.
23 November 2009 at 21.21
Im using Simple ACL, and it works great. But I have given som editors the right to publish to one section and category on the page, but I have to approve the articles before they are published.
How do I make them published automaticly?
Thanks.
23 November 2009 at 21.38
@Anders,
Your question has not much to do with Simple ACL (which does not override standard Joomla permissions): in the Joomla CMS only “publishers” can publish.
24 November 2009 at 0.42
1. Does Simple ACL work with CB registration?
2. Is there a way to test this with a short trial period and then registration key. I am tired of getting burned by the paid stuff. Oddly enough the free stuff ends up being more stable? Just paid for Juga…a waste of time and money.
24 November 2009 at 9.51
@Blain:
1 – I haven’t tested, so I assume No.
2 – No sorry, I guarantee Simple ACL works as advertised, but feel free to ask more informations about Simple ACL, describe your use case and I honestly will tell you if Simple ACL will do the job.
Simple ACL is fine for a broad range of use cases, but of course it’s not a solution for *all* ACL problems.
17 December 2009 at 18.08
Hi Alessandro,
Can you install other extensions alongside SimpleACL to allow front end deletion,
Thanks..
17 December 2009 at 18.17
@WWW
In theory, yes: the “delete” action is checked by Simple ACL (post-mortem as all other actions).
Since the “delete” function is not available in front-end this feature is untested.
What extension are you thinking to install?
06 January 2010 at 14.31
Dear Alessandro,
I am about to buy the extension but as I new to webhosting service and to Joomla, I have realized that some extensions need Apache installed and running in the server in order to work, is this the case of Simple ACL???
Antonio
06 January 2010 at 19.13
#Antonio
All you need is a working installation of Joomla 1.5.
08 January 2010 at 22.19
Forgive me if this question has been asked already but I didn’t have time to look through all of the comments for this extension.
Our clients are a professional association, and we need to setup a front end access control system specifically just for viewing certain sections.
The idea behind this is that they have certain sections that they only want members to see. In addition to this members can also be part of smaller committees like board members or young professionals, these groups would have their own sections as well which should only be viewable by members who are part of these groups.
The final piece to this puzzle, and don’t ask because i don’t get it either, is that not everyone has to be a member. They actually have board members who aren’t members of the association. So these people would need access only to their special committee section.
Is something like this capable with Simple ACL?
08 January 2010 at 22.43
@Mickey:
in theory: yes.
Given a proper amount of ACL rules you can achieve virtually any configuration.
The question is: is this practical?
It depends on how many groups (comitees) and members you have and, last but not least, on how frequently they change.
I suspect that without custom defined groups (which Simple ACL doesn’t have) you will need to create a lot of ACL rules in order to get what you want.
08 January 2010 at 23.13
Yeah I would prefer the ability to create user groups, are there any ACL solutions you can recommend? We looked into the Opensource Excellence ones but they seem to only support a one to one relationship for the groups.
Thanks for your response
08 January 2010 at 23.16
@Mickey,
no, sorry. I decided to write my own solution because there were no other simple and unobstrusive components.
You’ll have to wait for Joomla 1.6.
09 January 2010 at 0.59
I’ve just used SimpleACL on a site with approx 30 registered users. The users require read access only to different sections, on account of the fact that they are members of different committees, sub committees. I had about 8 sections in total.
I had to create approx 100 ACL but given that each one took seconds to create, it really wasn’t too onerous a task. It took me about 45 minutes to create the ACL’s from the first to the last.
Thanks for this extension, I’m really pleased with how it does exactly what I want.
15 January 2010 at 13.12
Hi Alessandro
I need guest and registered levels of access for my site but need a third for “special members” to access the forum.
Looking at a tip on a board, I thought about using Editor (ie Special level)and then restricting their ability to edit. I only want the admins to edit.
Will your software allow me to restrict editing on all pages by editors (and remove the edit icon from the page).
My thanks
15 January 2010 at 13.25
@Paul
You’d better use “Author” instead of “Editor” and yes, Simple ACL will do fine in preventing authors to create new contents (or editing existing one) but Simple ACL will not be able to remove the edit icon because this icon is generated in the template (it’s something you can fix easily editing the template code or with a template override).
When an unauthorized user clicks on the edit icon he will be redirected to the “deny” page (where you can put your own text).
15 January 2010 at 13.48
Wow – incredible response. My thanks for your assistance. Will go looking at the template :- )
22 January 2010 at 7.41
Ciao, volevo sapere se SimpleACL permette questo: Rossi si iscrive come Author, inserisce un suo nuovo articolo (in una qualunque delle sezioni del sito). Io come Superadmin controllo l’articolo e lo pubblico. Attualmente Rossi può modificare il suo articolo. Io vorrei sapere se posso con SimpleACL “bloccare” le variazioni dell’Autore sui suoi articoli.
Il livello Autore permette di scrivere nuovi articoli e dopo la pubblicazione modificarli. Vorrei eliminare questa possibilità. Ciao
22 January 2010 at 11.35
@Renato:
Si, funziona impostando l’ACL di default per permettere l’inserimento ma non la modifica di un articolo inserito (questo indipendentemente dal fatto che sia stato o pubblicato oppure no).
02 February 2010 at 8.42
Hi Allessandro
We have SimpleACL up and working fine. Great job.
Is it possible to use a redirect instead of the SimpleACL error page ? We would like to send the user back to the home page.
02 February 2010 at 9.50
@Howard
Yes, this is now possible, you can specify in the Simple ACL configuration parameters an URL where users are redirected when they try to do a denied action.
You can change the redirect as you wish.
For the homepage, just leave “index.php”.
11 February 2010 at 1.48
Hi I am wondering how you integrate this with DOCMan? Any guidance would be appreciate. Thanks!
12 February 2010 at 0.32
@BTS
There is no interaction with DocMan, or with any other component.
DocMan has its own permission system.
25 February 2010 at 20.19
Before I adquire Simple ACL, I need to know if I can do the following:
-I want to have an area in my site where clients can see information related to them. For example, I want to have a common tab “client access”. If client “A” clicks that tab, he will see his information, with other tabs related to his account. If client “B” clicks the tab, he will see only his information. Information of Client A will be very different to the information of client B.
I understand that I would have to register and give access to every client manually, it’s not a problem.
is this possible?
25 February 2010 at 20.34
@Noster:
Simple ACL does one simple thing (and does it well): control user access to sections (and categories or articles below the section), what you put in your sections or categories articles it doesn’t matter.
There is limited menu item support: if you create a menu item that points to an article, a section or a category which is denied by an ACL, then Simple ACL will try to hide the menu (some templates might override this behaviour so it’s only 99% safe) .
I hope I answered your question.
25 February 2010 at 22.07
Hi There,
I have a quick question about this… Does this addon allow custom user groups to be created? Then access given to the pages for the different user groups.
We are creating a website that has 3 different age groups, and would like only age group 1 to see some pages, age group 2 to see some more and age group 3 to see them all.
Is this possible with this?
26 February 2010 at 9.49
@Jamz:
It’s in the FAQ: Simple ACL does not support user defined (custom) groups.
But keep in mind that you need to do one operation to put a user in a group and you need to do one operation to create a user ACL, so if the relationship is such as each user belongs to exactly one group then Simple ACL is the perfect tool.
01 March 2010 at 11.43
Hi, could you tell me if this is possible please before i purchase.. basically i want to add an item on the user menu that only a few say 3 registerd users can see ie 3 employees of a company
thank you
01 March 2010 at 12.04
@stuart
I would say yes, but it depends on several conditions:
* the menu item must point to a section (or a category or an article belonging to a section) which is not public
* your template does not override menu component/module in strange ways (very unlikely, but must be remarked)
* the user has ACL “access read” granted for that section
* there is an ACL rule that denies access to that section for other users (otherwise everybody will see the menu)
The last is the tricky point: you can choose to deny access to all sections by default and grant individual access rights or you can play with joomla roles (i.e. create and ACL for “Authors” or for “Editors”). Or you can do the other way round: grant all to everybody and deny to selected users/sections.
Simple ACL is simple to use and very flexyble, but ACLs configurations are often a very complicated beast, virtually everybody needs a different configuration.
Also keep in mind that Simple ACL will not be able to hide the menu module (the menu item container) but it will only hide the individual menu items (this is seldom a problem, just use a module with hidden title).
03 March 2010 at 3.29
Are search engines able to “see” what is in ACL restricted sections?
What about users know the exact URL of the restricted Section? For example, someone who was once allowed but is now unwelcome.
My more general question is how secure is ACL? Can I feel confident putting sensitive material behind it or should I always assume everything on the internet is really public?
Cordially,
John Harper
03 March 2010 at 9.52
@John,
good questions!
First, I would say that Simple ACL was not buld with military grade security in mind, nor was Joomla itself.
Restricted sections cannot be “public” (in Joomla level sense), so search engines will not see them.
Knowing the URL will not be sufficient to access a denied sections but knowing the URL of an image or a file attachment will permit access to that image or attachment (this is obvious, since an image or attachment can be attached to many articles or sections or categories).
03 March 2010 at 23.58
Thank you for your work, knowledge and willingness to share. I am just gathering information right now and am not ready to buy Simple ACL.
However, I do want to make a small donation just because I don’t believe in something for nothing – it always turns into nothing for something right there at the end. You guys have a cold beer on me!
Cordially,
John Harper
04 March 2010 at 0.15
I can’t seem to find a link for donations. ???
Cordially,
John Harper
04 March 2010 at 10.15
@John
thank you for your wise words.
I’m surprised: I’m working with and on open source project since 10 years now, and you are the first willing to donate something. But I fully agree with you and I myself make yearly donations of part of my money to other open source projects I use (QGSIs, Docman, JCE… to cite a few).
If you are really willing to offer me a beer you can click on the [Buy now] button at the top of this page, copy the email address of my paypal account and just make a new paypal donation to that address, you choose the amount.
Thanks.
06 March 2010 at 18.31
It isn’t easy to buy you a beer. First of all, I don’t have a PayPal account. I would have to use a credit card. Then the form is in Italian and I don’t even see the USA listed as a country. I thought it might be like Spanish but apparently not. Spanish is commonly spoken here in Texas but Italian isn’t.
At any rate, I am lost when it comes to making a donation. I’ll just buy one for a stranger and give a hearty “Cheers” to Alessandro Pasotti. Thank you for your work.
Cordially,
John Harper
13 March 2010 at 10.48
[...] page is a collection of small recipes and hints about Simple ACL [...]
25 March 2010 at 18.48
Obrigado pelo módulo Simple ACL. Apesar de não ter conhecimento de programação, tive suporte imediato, que me atendeu de forma profissional e rápida. É muito bom encontrar profissionais assim, dispostos a oferecer um trabalho sério e de qualidade.
Estou muito satisfeita.
Valeu!
08 April 2010 at 22.22
Hi, Your product sounds like what I require, but obviously as there is I fee I just want to check it will meet my requirements and my ability to implement. I have a Joomla site that I wish to restrict one section to be visible only to certain registered users (or all registered users would be ok) but I need to have control over who these users are naturally not just anyone that decides to register without validation.
Anyway my client would like public users to see the sub menu headings of the restricted sectio “to see what they are missing” but not see the content / ariticles when they click on a sub menu heading. Is this possible and also can the message they recieve when click on section be editied and include a login box module to request they login for access ?
Thank you
09 April 2010 at 20.14
@Lisa:
The answer to the first question is no: Simple ACL does not have any effect on unregistered users.
The answer to the second question is yes: you can customize the HTML of the message that appears if a (registered) user try to access to a section to which he has not access to.
10 April 2010 at 9.19
Hello Alessandro,
I´ve read you explanation and some comments but I´m still in doubt if your ACL is for me.
I just need to have different section to be shown it´s articles like a blog to different clients of my studio. So it would be like this: the client log in and after log a menu item shows for him linking to his “section blog layout” where I´ll put articles with informations about his projects.
I dont want him to edit anything just restric some content to each custommer I have presenting them with a menu item leading to his correponding articles.
Is it possible with your simple ACL?
Many thanks in advance.
11 April 2010 at 12.44
@Raphael:
yes, see recipe3
http://www.itopen.it/2010/03/13/joomla-simple-acl-recipes/
your setup will be slightly simpler than recipe 3.
15 April 2010 at 13.47
Hi Alessandro, thanks for reply, just to clarify then, All content will be visible to public users when using Simple ACL. Simple ACL only restricts sections to different groups of registered users ? Is this the case ?
Thank you,
Lisa.
15 April 2010 at 15.06
@Lisa
Simple ACL can restrict access to particular sections for:
* individual users (of course they must be logged in)
* Joomla group of users (registered, author, editor or publisher)
See the examples at
http://www.itopen.it/2010/03/13/joomla-simple-acl-recipes/
15 April 2010 at 16.16
Thanks again for prompt reply and link, looks like your example Recipe 3 should meet my requirements.
However can you explain whether I need it or any advantages to it over just restricting the section I wish to restrict to Registered users ?
i.e. is there more security restricting it with this plugin or are the advantages purely that you can refine groups and invidividuals much more than with standard Joomla restrictions ?
Thanks, Lisa.
16 April 2010 at 21.41
The ACL isn’t live yet, but I was wondering something. We have users log in to an admin section to update section specific content. When the user tries to edit a section he/she cannot edit the ACL Deny message appears. This is perfect!
However, all functionality of the site is removed. By this I mean, the menu system. My leftside module banners still appear, but my left MAIN MENU module and my floating news module do not appear. This is highly user-unfriendly.
Is there a way to associate the Simple ACL Denied Access page with the main menu or other relative modules so that my navigation remains intact?
Thanks, Clay
17 April 2010 at 11.39
@Clay:
I think that this happens because your “left MAIN MENU” and your “floating news” modules are not published in all pages (menu items), right ? (check Menu Assignment in the corresponding module config form)
There is not a simple cure to this, since the deny page comes from a redirect to a component view.
Would you mind to move this discussion to the bug tracker ?
Please file a ticket on bugs.itopen.it (copy and paste these 2 messages).
22 April 2010 at 19.32
I’ve used Simple ACL in a different way. My site is private, only registered members can access it. It’s an Hospital site in wich each department has an section, so each member can only access its own section. I have about 100 members, each with its own rules in SimpleACL and it has worked wonderfully!
Thank you!
02 May 2010 at 4.59
Hi Alessandro
I have read most of the comments here and am still a bit confused bit like pulling petals of a flower It will work, it wont work, it will work etc. my situation is currently we have 12 clients (but this is increasing each week) they cannot self register on the front-page. I give each client when they come on board a unique ID and Password. What I need is when a client logs in they will be directed to an article that only they can see. Is this possible with your product?
02 May 2010 at 18.08
@Les Courcha:
Simple ACL does not support ACLs on single articles but only on entire sections.
Also, Simple ACL does not interfere with the login process, so redirect will not be handled.
11 May 2010 at 16.08
Works a dream for our site. We have lots of sections, but once logged in, users can now see a members area. We only wanted them to be able to update this section – this has worked fine.
16 July 2010 at 17.50
Hey Alessandro, i had a question about this ACL extension, what i am looking to do is to upload invoices to my website for restricted access but i want the customers to be able to ONLY see their own invoices i have tried many different things but these would make the invoices visible to all the users that are registered, would it be possible to accomplish this with simple ACL?
Thanks so much i look forward to your response.
16 July 2010 at 18.58
Yes, see recipe n° 3. You will need to create a section, a menu item and an ACL rule for each of your customers to selectively open access to their “private section”, you can place invoices in the section body itself or create articles inside.
Please note that we will be closed for holidays until 26 july, assistance is not guaranteed during this period.
Download is automatic so it will work even if our offices are closed.
24 July 2010 at 0.47
Hey alessandro, i am having some serious issues, what is the best way to go about installing simple ACL?
25 July 2010 at 1.54
I just bought “Simple ACL ready for Joomla 1.5″, and I have a couple of questions. I just built a site which has a public section and an owner section.
Once a user has logged in and registered, we need to determine if he is an owner and, if so, give him access to the owner section. What access level should I use?
Several of the articles in the owner section have designated authors. How do I give them access to edit and publish only those articles?
Thanks. Bill
26 July 2010 at 11.33
@Bill:
> Once a user has logged in and registered, we need to determine if he is an owner and, if so, give him access to the owner section. What access level should I use?
>
If I understand right, you have a section named “owner” and you want to grant access to that section to selected users.
First thing to keep in mind is that Simple ACL (SACL) respect standard Joomla access rules, tis means that you must not use access level “public” for restricted sections, choose an access level which is compatible for the user you want to grant access to that section (for example: “registered” or “special”).
> Several of the articles in the owner section have designated authors. How do I give them access to edit and publish only those articles?
>
You can follow recipe 3:
http://www.itopen.it/2010/03/13/joomla-simple-acl-recipes/
Basically, you configure SACL to be closed by default and open selected sections to selected users.
You can use different combinations of
* user-specific ACL
* group-specific ACL (group=Joomla group like “author”, “editor”, “regitered” etc.)
* default ACL
The first that match, will win and grant or deny the required action (edit, add, read or delete).
The following flowchart will help you to understand what’s going on inside SACL. If in doubt, you can activate debug in SACL parameters and you will see printed at the top of the front-end page the reason for a grant or deny action.
http://www.itopen.it/wp-content/uploads/2008/09/Simple-ACL-Decision-Flowchart.png
Hope this helps.
26 July 2010 at 11.35
@Pedram
if you need assistance and you have purchased simple acl in the last 12 months, you can obtain qualified assistance by filing a detailed ticket on our bug tracking system:
bugs.itopen.it
17 August 2010 at 23.48
I’ve read your site and this list of comments, but i’m always nervous of buying an extension before I feel totally comfortable.
I’m currently developing a website for a photographer and am looking into options for client areas, where by a client could log in and see their images only.
With Simple ACL it seems to me this would be straightforward. I’m guessing you would create a section for each client, and then give them access to that section only, as a registered user? And it would be possible to only let them view content (not edit etc..)? Would there be any issues with this that I am missing?
Thanks for your help.
18 August 2010 at 8.23
@Luoise,
Yes, to the first two questions.
I can’t answer to the second, the main potential (but very unlikely) issue with a “mostly private” setup concerns how to present to the users their own content. You will probably need to create a menu item for each private section and then enable menu integration in Simple ACL options. This menu integration is advertised as “experimental”, this means that it will work on 99,99% of Joomal installations but there are a few cases in wich the standard Joomla mod_mainmenu is overridden by the template causing menu intgration to fail.
I can only guarantee that menu integration works perfectly with all Joomla standard templates (the templates that are distributed with Joomla itself).
It’s a long time now we are thinking of writing a simple “ACL-aware” mod_sections, this will probably be the definitive solution to this problem.
18 August 2010 at 15.29
@Alessandro
Thanks so much for your detailed answer, its really helpful.
I will keep a look out for ACL-aware in the future!!
Louise
19 August 2010 at 16.22
@Louise,
We have developed the ACL-aware Sections module, it’s currently under testing and will be released within the main package in a few days.
Of course all previous customers will receive it immediately after our quality controls are passing.
22 August 2010 at 9.14
so when will SimpleACL support limit access to a category ?
22 August 2010 at 9.54
I have 1000 users in registered group, and I want to grant 20 of them the right to edit certain section’s contents. Can SimpleACL does this?
22 August 2010 at 23.46
@sky
Simple ACL will not support ACL on categories in the near future.
To answer your second question: no, because Simple ACL do not override standard Joomla role access control and Joomla does not allow a “registered” user to edit anything, “author” level is the minimum role to edit something in Joomla.
25 August 2010 at 15.19
Buongiorno. Sto costruendo un sito dove ho la necessità di definire parecchi utenti. Ognuno di loro deve vedere un solo menu principale ma 1 o 2 posizioni di questo menu devono essere diverse per ciascun utente. Esempio:
Utente A vede : Link1 / Link2 / Link3 / LinkA
Utente B vede : Link1 / Link2 / Link3 / LinkB
Utente C vede : Link1 / Link2 / Link3 / LinkC ecc.
Inoltre gli utenti devono continuare a far parte del gruppo Joomla Registrered per assicurare la compatibilità con altri moduli.
E’ possibile questa configurazione con SimpleACL?
Grazie.
25 August 2010 at 15.35
@Walter
Si, ma solo se le voci di menu puntano ad oggetti com_content (sezioni, o categorie o articoli).
Simple ACL lavora solo sulle “sezioni” e quindi la logica è quella di mostrare la voce di menu solo se la sezione (o la sezione a cui la categoria o l’articolo appartengono) a cui il menu punta è accessibile dall’utente secondo le regole di Joomla e di Simple ACL.
Però questo sistema in alcuni casi (molto rari) non funziona: quando un template o un altro componente scavalcano il funzionamento standard del modulo menu di Joomla, finora questo è successo in un singolo caso su diverse centinaia di installazioni.
26 August 2010 at 0.59
Forgive me if this has been previously asked/answered. I have a section that I would like all “Registered” users (1200+) to be able to create and edit articles in. Editing needs to be restricted to the article author. Will SimpleACL support this?
Thanks!
26 August 2010 at 9.15
@Chris
No, please read the answer, two comments above yours:
http://www.itopen.it/2008/09/24/simple-acl-ready-for-joomla-15/#comment-40406
They need to be at least authors in order to add articles, it is a Joomla rule and Simple ACL respects Joomla rules.
26 August 2010 at 9.25
Grazie Alessandro.
Dunque le voci di menu vengono nascoste se la sezione/categoria/articolo non sono accessibili dall’utente (avendo definito questo vincolo a livello di sezione), corretto?
Inoltre, gli utenti restano nel gruppo Registered di Joomla (altri componenti creano gruppi specifici per gli utenti ma nel mio caso questo non va bene)?
Grazie.
26 August 2010 at 10.18
@Walter
Si alla prima domanda.
Simple ACL non crea e non gestisce gruppi utente che non siano quelli predefiniti da Joomla (registered, author, editor e publisher).