Simple ACL per Joomla 1.5
Simple ACL
SimpleACL for Joomla! è un componente (che lavora insieme a un plugin) per limitare ad alcuni utenti registrati l’accesso in lettura, scrittura o modifica agli articoli appartenenti a “sezioni” selezionate.
Il componente agisce solo sugli articoli (com_content) e non influenza gli altri componenti (forum, newsletter ecc.).
SimpleACL entra in azione dopo aver esaminato le regole predefinite di Joomla basate sul livello dell’utente (author, editor, publisher) e quindi non entra in conflitto con queste.
Il componente permette di impostare una regola d’accesso predefinita, per esempio si può consentire la lettura di tutte le sezioni come regola predefinita, salvo poi restringere solo ad alcuni particolari utenti l’accesso in scrittura a una o più sezioni.
Si può anche impedire a tutti gli utenti l’accesso in lettura come regola predefinita, concedendo poi l’accesso esplicitamente solo ad alcuni utenti.
A cosa serve?
Un tipico caso d’uso è il seguente:
- Una ditta o un’ente è composto da diversi reparti e ciascuno di essi ha una apposita sezione sul sito web.
- Ogni reparto ha utente designato all’inserimento di contenuti nel sito web della ditta.
- Ciascun utente deve poter inserire articoli solo nella sezione dedicata al proprio reparto.
- C’è un utente speciale che essendo addetto alle pubbliche relazioni deve poter inserire articoli anche nelle sezioni relative agli altri reparti.
- Ci sono alcune sezioni contenenti articoli che devono poter essere letti solo da particolari utenti.
SimpleACL permette di impostare permessi d’accesso per determinate combinazioni utente/sezione (oppure gruppo/sezione) rendendo quindi possibile questo tipo di configurazione.
Come funziona?
SimpleACL usa una tabella per configurare le regole d’accesso per determinate coppie utente/sezione, le regole sono controllate tramite un mambot di sistema quando l’utente accede ai contenuti.
Per saperne di più sul funzionamento di Simple ACL, fate riferimento allo schema Decision Flowchart.
Da tenere presente
- Il componente agisce solo a valle dei ruoli predefiniti di Joomla, se quindi una sezione è disponibile solo per gli utenti con ruolo “publisher” e l’utente ha ruolo “author” anche se impostate una ACL per consentire l’accesso a questo utente, l’utente non avrà comunque accesso.
- Le ACL si applicano (ovviamente) solo agli utenti conosciuti quindi autenticati tramite login e password.
- Le ACL funzionano solo nel front-end.
- Gli utenti con ruolo “Administrator” o “Super Administrator” non sono soggetti alle ACL.
- Al momento sono supportati solo i gruppi standard di Joomla, il componente non è quindi adatto a gestire un gran numero di utenti e sopratutto non supporta gruppi definiti dall’utente.
Licenza e costi
Il software è distribuito sotto licenza AGPL (Affero GPL) v. 3.
Per poter scaricare il componente si richiede un pagamento di 45€ (IVA inclusa, regolarmente fatturati) come contributo una tantum per 12 mesi di assistenza remota.
Traduzioni
I messaggi sono relativamente pochi e sono tutti contenuti in una cartella “language” con il file corrispondente alla lingua.
Al momento solo il file relativo alla lingua inglese è presente nella distribuzione.
What’s new in version G.x series
This new version brings many enhancements:
- limited group support
- check/uncheck all actions when editing ACLs
- Admin users will not be shown in the user list when creating ACLs
- limited menu integration
- DB backward compatible (will not overwrite your existing ACLs, but make a backup first)
Let’s give a closer look to some of the coolest new features…
Limited group support
You can now add ACLs to the following standard Joomla user groups:
- registered
- author
- editor
- publisher
- manager
In case of ACL conflicts between group-ACLs and user-ACLs, the second will always prevail.
Limited menu integration
Many of you have asked for an ACL-aware menu.
You can now enable menu integration as an experimental option in Simple ACL configuration.
If you enable this option, Simple ACL will try to hide menu items that point to articles, sections or categories that are not accessible by the logged in user.
In some cases, it can happen that all menu items are hiddden, in this case the user will see an empty menu list, but Simple ACL will not be able to hide the title of the menu itself because it operates at a different level in the joomla processing flow.
Screenshots
-
- Simple ACL Decision Flowchart
FAQ
Is this thing “stable” ?
Yes, sure. It’s now used on several production websites.
Can I limit access to a category instead of a section?
Not in the current version.
I will eventually implement it in a future version (but please don’t ask me when 
)
Will Simple ACL alter in any way menu items or search results depending on user ACLs ?
Yes, Simple ACL comes with some companion plugins to hide unaccessible items from search results amd the latest version has also an experimental feature to hide unaccessible menu items from menus.
How will I receive the software after the donation?
After a successful payment, you will receive a download link via email.
Why should I pay for a free software component?
I think an explanation is needed: in my career I developed a couple of free (“free” as in “free speech”) software projects (KMLMapserver, MapStorer, Joomla FAP, SWFslideshow to cite a few), all of them are also “free” as in “free lunch” but in more than ten years I did not receive one cent as a donation, most of the time those projects were funded by one or more of my customers.
After keeping Simple ACL unpublished for a while, I simply felt I couldn’t spend time to publish, promote and give assistance on another free software project for nothing, I was simply dedicating too much time in open-source free projects without receiving back any money.
That’s why instead of keeping Simple ACL hidden in my desktop I decided to distribute it for a small fee, please note that this fee goes to cover the plain costs of assistance (answering to emails, writing documentation etc.) and development of Simple ACL, I will certainly not get rich with this fees.
This is not in contrast with free-software philosophy: GNU Free Software Foundation philosophy not only says that you can distribute free software for money, but encourage you to do so:
http://www.fsf.org/licensing/licenses/gpl-faq.html#DoesTheGPLAllowMoney
http://www.gnu.org/philosophy/selling.html
Can I distribute or sell Simple ACL?
Yes, you can. But doing so, you will probably provoke a stop in the development of Simple ACL, since I will not raise enough funds to cover the costs of its development.
It’s up to you.
Is this fee an yearly fee?
No, you donate once, you get the software and one year email assistance to set it up. That’s all.
I will send you all the future versions of the component (if any) for free.
“Delete” ACL rule doesn’t work
True, but this is not my fault, Joomla does not allow article deletion from the font-end, hence this rule is useless at the moment (but I have implemented it in case future Joomla versions support deletion from the front-end).
Why “Simple” ?
Well, because the objectives of this project were limited:
- do not touch the core of Joomla
- be unobstrusive: you can install and remove the component without consequences
- do not interfere with standard Joomla user and permissions: Simple ACL respect standard Joomla permissions levels, and only acts after Joomla has done its checks and controls
- solve a simple problem: let selected users to access and/or edit selected sections
I have 1000 users and 1000 sections, does Simple ACL suit my needs?
Probably not: Simple ACL does not support user defined (custom) groups, this mean that you should set up 1000 ACL’s to bind your 1000 users to their 1000 sections. This is just unpractical.
The latest version has limited group support. You can now add ACLs to the following standard Joomla user groups:
- registered
- author
- editor
- publisher
- manager
In case of ACL conflicts between group-ACLs and user-ACLs, the second will always prevail (see the Decision Flowchart scheme for details).
What kind of default access policy should I choose?
Simple ACL allows you to configure a default access policy on the individual actions (Create, Update, Retrieve and Delete (the lattest not being implemented in Joomla front-end at the moment).
Please remember that Simple ACL rules apply only to registered users, by keeping this in mind you could have two main scenarios (other scenarios or combinations are of course possible):
1 – Your website is completely public (everybody can see everything) but you have (for example) three authors (A, B, C) and two sections (A, B). You want user A to edit only section A, user B to edit only section B and user C to edit both. In this case, you would
- create users A, B and C as authors (or editor or publisher)
- set Joomla standard access to “public” for sections A, B and C (this is the default)
- set Simple ACL default access policy to Retrieve=Allow, Create=Deny, Update=Deny, Delete=Deny
- create one ACL for user A/section A to allow all actions (Create, Retrieve, Update, Delete)
- create one ACL for user B/section B to allow all actions (Create, Retrieve, Update, Delete)
- create one ACL for user C/section A to allow all actions (Create, Retrieve, Update, Delete)
- create one ACL for user C/section B to allow all actions (Create, Retrieve, Update, Delete)
2 – Your website is mainly public, but you have some private sections that you want to be accessible only from selected users. You have (for example) three authors (A, B, C) and two private sections (A, B) and you want user A able to read (and not edit) section A, user B able to read (and not edit) section B, user C able to read (and not edit) all three sections. In this case, you would
- create users A, B and C as registered (remember, they don’t need to edit anything, just read)
- create sections A, B and C and set standard Joomla access level to “registered” otherwise all user (included A and B) would be able to read section A and B while not authenticated (logged in)
- set Simple ACL default access policy to Retrieve=Deny, Create=Deny, Update=Deny, Delete=Deny
- create one ACL for user A/section A to allow Retrieve and deny all other actions
- create one ACL for user B/section B to allow Retrieve and deny all other actions
- create one ACL for user C/section A to allow Retrieve and deny all other actions
- create one ACL for user C/section B to allow Retrieve and deny all other actions
Why two different plugins?
System plugin must always be installed and activated otherwise Simple ACL will not work.
Content plugin is only useful when both of the following conditions apply:
- in your default access policy (as set in component parameters window) Retrieve=deny
- and you have a mixture of articles coming from allowed and denied sections in the front page
If given the conditions above you don’t activate the content plugin, a single denied article in the front page will deny the whole page.
What happens when a logged in user try to access/edit a denied page?
A “denied page” means a page containing an article that belongs to a section non accessible by that user because of Simple ACL restrictions.
The user will be redirected to a page generated by Simple ACL component. This page shows the deny message that you can change through the Simple ACL parameters settings in the control panel. The page shows also the default Simple ACL policy and the existing ACLs for that user so the user can see exactly which sections he can access.
24 September 2008 at 12.54
[...] ItOpen – Open Web Solutions, WebGis Development » Blog Archive » Simple ACL ready for Jo… Says: 2008-09-24 at 12.36 pm [...]
19 November 2008 at 22.24
Hi Alessandro,
If I have 1000 users and 5 sections, and each user needs to access only one section, will I need 5 ACLs or 1000 ACLs?
Thanks,
Dave
19 November 2008 at 22.33
@Dave
You will need 1000.
20 November 2008 at 19.26
Can you copy ACLs or must you create them from scratch each time? What is the approximate fee in US $?
20 November 2008 at 22.54
@Daniel
No, there is no copy function, but it would’nt help much if it were there, since you should edit the ACL in any case at least to change the user/section combination.
21 November 2008 at 16.23
Hi, is it possible to have this limit category access instead of sections?
21 November 2008 at 16.42
@Ollie,
not at the moment, I will eventually implement it in a future version.
27 November 2008 at 10.24
Gentilmente vorrei sapere se una volta acquistato il componente può essere installato in più siti da me gestiti.
Grazie
27 November 2008 at 10.27
@Silvano
certamente!
02 December 2008 at 17.12
how will I get support
02 December 2008 at 17.58
@John
Perhaps you missed a question mark?
BTW support is done via email or Trouble Ticket System as you wish.
05 December 2008 at 15.57
I just paid & got it in few minutes. I’ll make a comment after job… On the start all is OK!
11 December 2008 at 3.36
Hello,
Is it possible with “simple ACL” make articles that are only visible to one user.
I would like to generate for each of my customers page with info considering only them.
11 December 2008 at 9.50
@Prea
this can be done with Simple ACL: you can set default access policy to Retrieve=deny so that registered users (remember: Simple ACL has no effect on “guests”) will not have access to any section while logged in.
Then you can set up an ACL rule for each customer to give him Retrieve=allow access to their personal section.
Using a combination of Joomla standard access level (public, registered, special) and Simple ACL rules you can achieve many complex access control setups.
13 December 2008 at 17.44
your example:
create one ACL for user A/section A to allow all actions (Create, Retrieve, Update, Delete)
So this user would then be able
1. to submit a new story from the front end (once logged in) but would he be able to publish it – that is, would it appear in the publice part of the web site as soon as he saved it?
Thanks,
Richard
13 December 2008 at 19.34
@Richard
Yes and no: the user A would be able to submit a new article in the section A, but if the article will be published or not will depend on Joomla standard role of user A (author, publisher or editor).
Simple ACL plays *before* Joomla core system and respect standard Joomla roles.
13 December 2008 at 20.21
Thanks for your reply. You wrote:
Yes and no: the user A would be able to submit a new article in the section A, but if the article will be published or not will depend on Joomla standard role of user A (author, publisher or editor).
Simple ACL plays *before* Joomla core system and respect standard Joomla roles.
My quetion: so if user A was registered as a publisher in the Joomla core system, he would be able to submit, publish and edit, but only in section A? He would not be able to do any of these things in any other section?
And the section we are talking about here is the standard Joomla section of section and category?
Thanks,
Richard
13 December 2008 at 22.55
@Richard
Yes to both your questions.
Keep in mind that you can set default Simple ACL rule that will be examined if there is no explicit ACL match for a specific user/section combination. In your case, I would set default Simple ACL rule to Create=deny and Update=deny, so that only users for which an ACL exists will be able to submit or update articles in a given section.
15 December 2008 at 16.40
Hi we want to set up some users that can only edit a single article
i.e User A can edit article A
B can only edit article B
and so on
will we be able to do this with your component
15 December 2008 at 16.46
@Martin,
no, Simple ACL works on sections and not on articles.
15 December 2008 at 17.42
You wrote (above): Keep in mind that you can set default Simple ACL rule that will be examined if there is no explicit ACL match for a specific user/section combination. In your case, I would set default Simple ACL rule to Create=deny and Update=deny, so that only users for which an ACL exists will be able to submit or update articles in a given section.
Well, it works after a fashion but its operation is too confusing, I believe, to let loose on users.
What I wanted was the ability to restrict a user to creating and publishing in his own section. I assumed that he/she, once logged in, would only find edit buttons on his/her own section articles, but this is not the case. Edits are visible on all articles/sections just not saveable right at the end of the process.
Having set it up by allocating a different section to each user, and setting the permissions as you suggested, in order to publishe their own articles the user needs to be set as a Joomla pubisher. When this user logs in he is certainly able to edit his own section and publish to it, but all the other articles on the web site also appear with the ‘edit’ icon and this user can go through the motions of editing other articles. When he tries to save he will be denied but it seems to me this is too late and too confusing.
Even if I set the default ACL rules to deny for all categories, when this user, classed as publisher and allowed by ACL to use all functions – articles in other sections are invisible but not the ‘edit’ symbol and clicking on the edit symbol brings up the editing window allowing all functions except save when one gets to the end.
I guess this is the way it works, but it seems simpler, in the end, just to ask the user to stick to his own section and leave others alone – certainly less confusing to the user.
Richard
15 December 2008 at 18.05
@Richard,
You are absolutely right: it’s confusing etc..
The problem is that to achieve the ideal behaviour you must change the core of Joomla, a plugin or component will not be sufficient.
Other ACL components choose to alter Joomla core (it means to overwrite some of the core files and/or alter default database tables) this quickly becomes a mantainance nightmare and cause a lot of problems at installation time and/or if you wish to remove the ACL component.
Similar behaviour can be obtained at the template level, but this also make impossible to distribute the code since virtually everybody use a different or a customized template.
Simple ACL comes from a compromise: what can be achieved with standard components or plugins without altering the core? What you miss is the possibility to act “before” the user click “submit” (that would mean changing the core) or to hide the edit icons (that would mean alter the template).
On the other hand, a system plugin (as Simple ACL system plugin) is far more safe that a template based solution.
To tell you the truth, all Joomla ACL components I’ve seen so far are only hacks and Simple ACL is not an exception: a real ACL system *MUST* sit in the core, we all hope Joomla 1.6 will bring us a stable and functional ACL system.
16 January 2009 at 13.56
Simple ACL is working very satisfactory on my Web page.
Of course it should be better to have the some possibilities on categories. Now the only way is to create new sections instead categories and bigger site makes you more troubles with internal structure.
Please think about it – the way how to do it isn’t very complcated, is it?
16 January 2009 at 16.05
@Pawel,
it’s more complicated than you can imagine…
… if you want a bullet-proof solution that can work with both sections and categories in all kind of scenarios the people is using Simple ACL at the time being.
Of course, IF (you just need categories AND you are satisfied with a quick hack AND you can do some PHP coding) THEN you could do it in a couple of hours (testing included)
18 January 2009 at 23.18
@Pierre
Try this: in Components -> Simple ACL -> Global configuration
set “Show configuration” to “yes” and change “Deny message” text to something more descriptive, like “Sorry, you are not able to submit articles in this setcion, please see below the default settings and the ACLs set up for your account”
For your second question, you could set Global configuration “Retrieve” to “yes”, this way all users will be able to read all sections (if there is not an ACL that explicitely blocks access for a given user/section combination).
06 March 2009 at 12.59
Thanks for the reply Alessandro, but it is feasible that there will many thousands of users/editors, manual intervention for each one is something that i would like to avoid.
Thanks anyway.
08 March 2009 at 0.51
That would be a better solution for what i am looking for, if i could just set a permission for everyone who registers, they are automaticly set as “editors”, i only want to stop them editing certain pages, ie the home page and one or two others.
Can this be done?
08 March 2009 at 17.43
@Paul,
not with the current version, but I’ve developed a beta version that supports ACLs for Joomla standard group:
* registered
* author
* editor
* publisher
* manager
administrators will always have full access granted.
In case of conflicts, ACL for users will always prevail over group ACLs.
I think I will release this new beta for testing in a few days.
I will send the beta to all the people who have donated in the past and to all new donors.
08 March 2009 at 20.03
Ok Alessandro, can you email when you have released this and i will make a donation!
Many thanks
Paul.
19 March 2009 at 14.12
Hi Alessandro,
I have received the files this morning – thanks you!
Lee.
26 March 2009 at 22.07
Ciao Alessandro,
sono interessato a usare il tuo plug-in. Il sito che sto per publicare usa il plug-in joomfish.
Credi che il tuo plug-in sarebbe ancora valido?
Grazie.
26 March 2009 at 22.28
@Vittorio,
si, non dovrebbero esserci interferenze con Joomfish.
26 March 2009 at 22.38
Ciao Alessandro, capisco e approvo la tua scelta di esigere un contributo per tuo lavoro (non tutti hanno le idee chiare sulla differenza tra “gratis” e open source). Però solitamente prima di spendere soldi cerco di verificare se il software fà al caso mio..
Il pratica io devo poter mostrare ad utenti che si loggano in un sito in joomla una pagina personale (che deve essere diversa per ognuno) e nello stesso tempo impedire agli altri di poter accedere alla stessa..
Si può fare?
Grazie
26 March 2009 at 23.13
@Davis
Non sono sicuro che faccia esattamente al caso tuo: con simple ACL puoi decidere quali singoli utenti oppure interi gruppi di utenti Joomla (registered, author, publisher, manager) possono (o non possono) leggere, modificare o inserire articoli in una data sezione.
Nella versione beta c’è una integrazione sperimentale con i menu, quindi un utente vedrà solo le voci di menu che puntano a sezioni (o categorie appartenenti a sezioni oppuere singoli articoli appartenenti a sezioni) alle quali può accedere in lettura.
Quindi potresti fare così: mettere il default a read=deny, in questo modo chiudi tutte le sezioni a tutti gli utenti, poi crei una acl per ciascun utente facendola puntare alla propria sezione e concedendo i permessi del caso.
07 April 2009 at 22.14
I’d like to allow access to the following on my website (hpronline.org):
– Blog section to a new user type categorized “Blogger”, to draft, save, publish, and edit *their own work*…
– Allow that user to add to, but not delete from, pages they created another section.
– Allow that user to add metadata (tags) to, but otherwise not change, pages in a third section.
Are these possible?
07 April 2009 at 22.21
I’d like to allow access to the following on my website (hpronline.org):
– Blog section to a new user type categorized “Blogger”, to draft, save, publish, and edit *their own work*…
– Allow that user to add to, but not delete from, pages they created another section.
– Allow that user to add metadata (tags) to, but otherwise not change, pages in a third section.
Are these possible? Please let me know ASAP.
08 April 2009 at 8.09
@Elise,
sorry that I see this comment only now: I don’t think you can do all what you ask with Simple ACL.
You cannot create custom groups, only standard Joomla groups (registered, author, editor, publisher) and single users are supported at the moment.
Anyway, you could set all you users to “author” (or “publisher”, depending if you want them to be able to publish or not: remember that Simple ACL will always honor Joomla! standard roles first!) , then create a section for each user, where they can publish their own articles (you must create a single ACL for each user/section combination here).
Then you create another section and an ACL to allow the users in group “author” (or “user”, depending what you choose before) to post in that section.
I have no clue about metadata, Simple ACL knows nothing about them.
17 April 2009 at 4.08
Have a trial version for Joomla 1.5.10 and working over the PHP4?
I’ve try many kinds of CAL but seems not working well.
20 April 2009 at 11.32
@wanted
no, sorry there is not a trial version.
PHP4 is supported (but not recommended!) in the stable version only.
New beta version was not (yet) tested on PHP4 but I would expect it will work without problems.
20 April 2009 at 20.43
I only need for some admins to have an access to a couple components and nothing more (back-end). Can this extension customize that?
20 April 2009 at 21.45
@hannibal,
no, sorry. Simple ACL has only effect on front-end sections.
15 May 2009 at 15.46
Salve,
sono un newbie assoluto e ho l’ingrato compito di dover fare il sito web per il mio dipartimento universitario, dove sono tutti anche peggio di me e quindi…
ho bisogno di una soluzione – la piu’ semplice possibile – per:
- permettere a ognuno dei 20-30 membri dello staff di modificare la propria pagina / sezione, e solo quella!
- permettere ad alcuni (5-6), di postare anche sulla front-page e in altre pagine “comuni”.
- tutto possibilmente da fare tramite il front-office.
si puo’ fare? senza grossi problemi posso far coincidere sectios and categories
grazie!
15 May 2009 at 15.59
@Giorgio,
con Joomla + Simple ACL faresti tutto quello che chiedi, solo per la home dovrai usare al posto del componente frontpage il componente content con la vista blog/sezioni scegliendo una sezione che sarà quella da mostrare in home page.
La configurazione di Simple ACL avviene dal back-end, tutto il resto lo puoi fare da front-end.
25 May 2009 at 22.35
Alessandro, thanks a lot, simple ACL works well and it is super-simple to implement!
12 June 2009 at 18.29
Hello,
I’m responsible for the Website of our public school “Technische Schule Aalen” (www.tsaalen.de).
I’m interested in your SimpleACL extension, but in our adminstration there is no official way do donate via PayPal.
Can you provide any other way to send you the money?
Thanks
Robert
13 June 2009 at 4.00
I am working on a medical tourism website where I will have public access to view some basic pages/articles and registered users who will be able to view only more detailed pages/articles. Then I need a third level of users who can access and modify perhaps only information regarding their trip. No one else can view their information unless authorized by the client–say a relative or friend they want to be aware of their trip information. This means the search function must not bring up their profiles and pages/articles.
It looks like I can set up a section for each user and restrict access to just that user, much like access to bank account information. Right?
Can Simple ACL work to provide this? I am not a programer so I need a plugin that is easily modified and set up.
Thanks.
Kathy
13 June 2009 at 11.18
@Kathy,
Yes, Simple ACL will do what you want: you will deny access to all as default ACL policy, create one section for each user, set up an ACL to grant access to that user, and only that user will be able to read/search and optionally edit or create content in that section.
And yes, Simple ACL is really “simple” to install and configure, this is its unique selling point, after all: do one thing and do it well and easily.
That said, be warned that Simple ACL was not built with military grade security in mind, this means that if you put a reserved document (say a PDF) in one of the reserved pages, if an unauthorized user knows the exact document URL, nothing will prevent her/him to download the document if she/he enters the URL directly in the browser address bar.
22 June 2009 at 23.24
hi,
I want to have several pages within my joomla-website (1.5.11) which are available only for special users.
what means, I have about 100 people, who should get an individual account. there will be a blog-category for each user with several pages which should be available for all visitors, but 1 page of this blog should have restricted access and should be available only for this one special user.
is this possible with simple acl???
thanks,
nelu
28 June 2009 at 8.57
@nelu,
Simple ACL works with whole sections only, so the answer is no (for your second requirement).
28 June 2009 at 18.03
Hello, I believe your product is what I need for my site. But I do have a problem. Your payment option is only paypal.com And paypal does not have my country in their country list. Is there another way I can pay for this product? because I do have a master card.
Reply Asap.
28 June 2009 at 18.17
@Chucks,
I believe that paypal also accept mastercard.
The only other option is wire tranfer (bank to bank) but you would pay the transfer costs and they could be quite high (it is also very slow).
In case you choose the wire, write me an email (the address is in Contacts page).
04 July 2009 at 11.50
hi,
just received and installed Simple Acl. Installation and setup went well, but I am unable to create any acl. Can this be due to my site running under php 4.4.2 and/or Mysql 3.23 ?
I always get a message : Error creating item. If this is the problem, is there any workaround ?
Thanks for a quick reply.
15 July 2009 at 6.39
Hi–
I’ve read through the comments thread here on what Simple ACL can and cannot do, but I’d like to ask about my specific scenarios before purchase/donation. I’ve now tried six other ACL systems and none would do everything I need in any reasonable way, so I’m hoping yours is the component I’ve been looking for!
Here’s my needs list:
1. control access by Joomla default groups (Guest, Registered, Author, Editor, etc…), but
2. control what menu items a user can see based on Joomla default groups.
3. control what content sections a user interact with based on Joomla default groups.
4. only need to have ACL rules based on Joomla default groups; do not need to add an ACL per user.
Will SimpleACL do this for me?
Thanks!
-wb
15 July 2009 at 14.14
@wayneb,
Yes and no: Simple ACL will hide menu items only when they link to “denied” sections, or categories (categories belonging to denied sections) or articles (articles belonging to denied sections). Simple ACL will not interfere with any other menu types.
So, if your menu items will only point to content items (sections, categories or articles), Simple ACL will work for you just fine.
Of course if you’re fine with standard Joomla “hyerarchical” access control (publisher > editor > author) you will not need Simple ACL nor any other additional component.
15 July 2009 at 16.09
@Frank
I’m sorry I didn’t see your comment… the next time please file your requests in http://busg.itopen.it under “Simple ACL”.
Coming to your problem, there is an issue with very old versions of MySQL, the only way to install is to run a SQL query by hand to create the necessary table:
————-
CREATE TABLE IF NOT EXISTS `jos_simpleacl` (
`id` int(11) NOT NULL auto_increment,
`userid` int(11) NOT NULL,
`action` set(‘c’,'r’,'u’,'d’) NOT NULL,
`sectionid` int(11) NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `sacl_unique` (`userid`,`sectionid`)
) TYPE=MyISAM ;
———————-
To run the query you should have access to a shell or you can use phpmyadmin which is available from most ISP control panels.
Let me know if this solves your problem.
Best regards.
16 July 2009 at 1.08
Alessandro–
Thanks for the fast reply!
I still believe I need Simple ACL or the like, as, unless I’m missing something, the standard Joomla 1.5x restrictions are Public, Registered and Special, lumping everyone above Registered into Special, which is my problem. I need to be able to differentiate access to all the standard access groups. Or, am I missing something in Joomla core? Everything I’ve tried is Public, Registered and Special; no way to tie a restriction to Editor specifically, for example….
Again, thanks for the info and, unless you have a solution without Simple ACL, I’ll most likely be purchasing it shortly.
Thanks!
-wb
16 July 2009 at 9.11
@wayneb
Yes, you’re right, I forgot that Joomla core squash all above registered into special…
Simple ACL will work for you, but remember: it works in the front-end only and for sections only.
16 July 2009 at 18.12
Can this be installed with Joomla 1.0?
16 July 2009 at 18.29
@Lawrence:
no.
17 July 2009 at 21.58
Alessandro–
Understood. Just one last question. Regarding the ‘experimental’ menu suppression/control, will it work on top-level menu ’seperator’ items (those who have Main Menu as their direct parent but have child menu items)? If so, then this is exactly what I need, as controlling front-end access to allow some Main Menu items to only be visible to Editors or Publishers, as opposed to Authors and Registered.
Thanks!
-wb
P.S. in case it matters, I’m using J1.5.x and a RocketTheme template that uses MooMenu.
17 July 2009 at 22.43
@wayneb,
frankly speaking, your mileage may vary… Menu integration was not tested much, the logic behind it checks if the menu item is pointing to a com_content item (section, category or an article), if yes, it checks ACLs for the section and hide it accordingly.
23 July 2009 at 3.35
It is either not working right or I’m doing something wrong. Majority of my website is public. Therefore, my ACL’s global configuration has to have: Retrieve: ‘Allow’ because if it is selected as ‘Deny’, the public can’t read the public pages. And I have three groups of users (A,B&C), where each group user can see a specific section (for example user A can see section A and user B can see section B). Therefore, each of these group user is destinated as ‘registered’ within user manager and within Simple ACL, the user is destinated to the specific section. And I destinated the section’s article and menu to be ‘registered’. But the problem is that when user A signs in, user A can see all articles within A, B & C, therefore seeing articles not within their section. Why is that? Thanks for your help!
27 July 2009 at 14.40
@Jen,
Hi,
your first assumption is not correct: SimpleACL works only with authenticated users (registered and logged in) so you don’t need to set default Retrieve=Allow to allow unautenthicated users to browse public sections.
In your case, change default access to Retrieve=Deny and (if needed) create an ACL to grant access to Registered group to the public sections.
01 August 2009 at 1.24
I surely know this question has been asked and answered but not in the way my brain is working, so…
Can I set/restrict my Authors to only be able to ’see’ certain sections/categories and thus be only able to write to those restricted sections/categories.
eg – on my Site I have
Sections: A, B, C, D, E, F, G
I want to allow Authors the ability to ONLY write for Sections: A, B, G
(I still wish to retain Admin control over final publishing for public viewing)
Thanks
David
01 August 2009 at 8.55
@David,
yes, of course it’s possible. It’s just a matter of setting the right ACLs.
Set default configuration to Create=Deny, Retrieve=Allow, Update=Deny
Create 3 ACLs to Create=Allow and Update=Allow for group Author and sections A,B,G
11 August 2009 at 9.13
Does the plugin support Chinese Character encoding? I mean, if some of the articles, sections or categories are posted or named in Chinese, will the display and access work properly? will garbled code appear?
Thank you very much
11 August 2009 at 9.23
@Miao,
I don’t know, but I don’t see any reason why the encoding should influence Simple ACL checks in any way.
06 October 2009 at 23.01
Hello, What we are looking for is a way to redirect each user that logs in to a custom page just for them with information that applies only to that user. We might also want to just show a different module to each user when they log in. Can this be done with Simple ACL?
07 October 2009 at 8.06
I need to restrict access to a section. But I also need to be able to change the password for the group that has access to this section. So, for example, perhaps the password for a section is asdf. I would then change the password for this section to hjkl. Then I would notify the entire group about the new password. Will ACL do this for me?
Thanks,
Scott
07 October 2009 at 8.46
@JJ:
No, the only thing Simple ACL does is manage access to sections for users or standard joomla user groups (author, editor etc.).
@Scott:
No, neither Joomla nor Simple ACL implement user-defined groups or section passwords.
19 October 2009 at 21.56
Hello! I just saw this “The latest version has limited group support. You can now add ACLs to the following standard Joomla user groups:
registered
author
editor
publisher
manager”.
it might be silly of me to ask, but just to be sure… Does that mean that Simple ACL doesn’t support the creation of other user groups??
Thanks,
Alexis
20 October 2009 at 8.44
@Alexis
Simple ACL does not support custom user-defined groups.
You can create ACLs for
* single user / single section
* standard Joomla groups (author, editor etc.) / single section
* default
This ACLs offers a broad range of use cases but Simple ACL is not the solution for *all* ACL problems, is’t “Simple” after all.
20 October 2009 at 15.56
Got it! Thank you very much for your reply, as i was saying it was just to be sure. Good luck!
23 October 2009 at 14.29
Hello,
Is your tool useful for my site?
The situation is:
About 10 people (group registered, status publisher) should be allowed to edit and insert news only in one defined category with the frontend editor. The articles in this news category are viewable by public and the first five articles are shown also on the frontpage.
They should not to be allowed to change (edit,delete) public articles in other categories (rest of the site) when they logged in the frontend.
23 October 2009 at 15.04
Yes, Simple ACL will do it but only if you change category into a section: Simple ACL works with sections, not with categories (of course you can create a section with a single category for this purpose).
You will
* set default Simple ACL parameters to allow retrieve and deny all other actions
* create an ACL for standard group “publishers” to grant edit and insert for your defined section
02 November 2009 at 21.28
I would like to allow people to self-register on my site, but not automatically give them access to restricted sections. I want to manually validate each new login (to make sure they’re a customer) and then grant them access to the restricted section of the site.
From what I can tell, self registration automatically puts users into the Registered group.
Is this something that Simple ACL can help with?
Tx,
Henry
02 November 2009 at 21.52
@Henry,
You don’t need Simple ACL: Joomla standard workflow will do it just fine.
05 November 2009 at 11.48
I want a user to decide to register for my site from our home page… Go to paypal… become registered… then once paid and registered have access to members only menus items AND most important have their own unique portal page or section. Is this possible?
Thank You
10 November 2009 at 17.25
Your flowchart is excellent. Does a K2 (http://k2.joomlaworks.gr/) piece of content get treated the same way as a standard Joomla section/category/article?
So if I have all content in K2 instead, will Simple ACL still work?
Thanks
10 November 2009 at 17.36
@Sarah,
Sorry I really have no idea, we have never worked with K2.
23 November 2009 at 21.21
Im using Simple ACL, and it works great. But I have given som editors the right to publish to one section and category on the page, but I have to approve the articles before they are published.
How do I make them published automaticly?
Thanks.
23 November 2009 at 21.38
@Anders,
Your question has not much to do with Simple ACL (which does not override standard Joomla permissions): in the Joomla CMS only “publishers” can publish.
24 November 2009 at 0.42
1. Does Simple ACL work with CB registration?
2. Is there a way to test this with a short trial period and then registration key. I am tired of getting burned by the paid stuff. Oddly enough the free stuff ends up being more stable? Just paid for Juga…a waste of time and money.
24 November 2009 at 9.51
@Blain:
1 – I haven’t tested, so I assume No.
2 – No sorry, I guarantee Simple ACL works as advertised, but feel free to ask more informations about Simple ACL, describe your use case and I honestly will tell you if Simple ACL will do the job.
Simple ACL is fine for a broad range of use cases, but of course it’s not a solution for *all* ACL problems.
17 December 2009 at 18.08
Hi Alessandro,
Can you install other extensions alongside SimpleACL to allow front end deletion,
Thanks..
17 December 2009 at 18.17
@WWW
In theory, yes: the “delete” action is checked by Simple ACL (post-mortem as all other actions).
Since the “delete” function is not available in front-end this feature is untested.
What extension are you thinking to install?
06 January 2010 at 14.31
Dear Alessandro,
I am about to buy the extension but as I new to webhosting service and to Joomla, I have realized that some extensions need Apache installed and running in the server in order to work, is this the case of Simple ACL???
Antonio
06 January 2010 at 19.13
#Antonio
All you need is a working installation of Joomla 1.5.
08 January 2010 at 22.19
Forgive me if this question has been asked already but I didn’t have time to look through all of the comments for this extension.
Our clients are a professional association, and we need to setup a front end access control system specifically just for viewing certain sections.
The idea behind this is that they have certain sections that they only want members to see. In addition to this members can also be part of smaller committees like board members or young professionals, these groups would have their own sections as well which should only be viewable by members who are part of these groups.
The final piece to this puzzle, and don’t ask because i don’t get it either, is that not everyone has to be a member. They actually have board members who aren’t members of the association. So these people would need access only to their special committee section.
Is something like this capable with Simple ACL?
08 January 2010 at 22.43
@Mickey:
in theory: yes.
Given a proper amount of ACL rules you can achieve virtually any configuration.
The question is: is this practical?
It depends on how many groups (comitees) and members you have and, last but not least, on how frequently they change.
I suspect that without custom defined groups (which Simple ACL doesn’t have) you will need to create a lot of ACL rules in order to get what you want.
08 January 2010 at 23.13
Yeah I would prefer the ability to create user groups, are there any ACL solutions you can recommend? We looked into the Opensource Excellence ones but they seem to only support a one to one relationship for the groups.
Thanks for your response
08 January 2010 at 23.16
@Mickey,
no, sorry. I decided to write my own solution because there were no other simple and unobstrusive components.
You’ll have to wait for Joomla 1.6.
09 January 2010 at 0.59
I’ve just used SimpleACL on a site with approx 30 registered users. The users require read access only to different sections, on account of the fact that they are members of different committees, sub committees. I had about 8 sections in total.
I had to create approx 100 ACL but given that each one took seconds to create, it really wasn’t too onerous a task. It took me about 45 minutes to create the ACL’s from the first to the last.
Thanks for this extension, I’m really pleased with how it does exactly what I want.
15 January 2010 at 13.12
Hi Alessandro
I need guest and registered levels of access for my site but need a third for “special members” to access the forum.
Looking at a tip on a board, I thought about using Editor (ie Special level)and then restricting their ability to edit. I only want the admins to edit.
Will your software allow me to restrict editing on all pages by editors (and remove the edit icon from the page).
My thanks
15 January 2010 at 13.25
@Paul
You’d better use “Author” instead of “Editor” and yes, Simple ACL will do fine in preventing authors to create new contents (or editing existing one) but Simple ACL will not be able to remove the edit icon because this icon is generated in the template (it’s something you can fix easily editing the template code or with a template override).
When an unauthorized user clicks on the edit icon he will be redirected to the “deny” page (where you can put your own text).
15 January 2010 at 13.48
Wow – incredible response. My thanks for your assistance. Will go looking at the template :- )
22 January 2010 at 7.41
Ciao, volevo sapere se SimpleACL permette questo: Rossi si iscrive come Author, inserisce un suo nuovo articolo (in una qualunque delle sezioni del sito). Io come Superadmin controllo l’articolo e lo pubblico. Attualmente Rossi può modificare il suo articolo. Io vorrei sapere se posso con SimpleACL “bloccare” le variazioni dell’Autore sui suoi articoli.
Il livello Autore permette di scrivere nuovi articoli e dopo la pubblicazione modificarli. Vorrei eliminare questa possibilità. Ciao
22 January 2010 at 11.35
@Renato:
Si, funziona impostando l’ACL di default per permettere l’inserimento ma non la modifica di un articolo inserito (questo indipendentemente dal fatto che sia stato o pubblicato oppure no).
02 February 2010 at 8.42
Hi Allessandro
We have SimpleACL up and working fine. Great job.
Is it possible to use a redirect instead of the SimpleACL error page ? We would like to send the user back to the home page.
02 February 2010 at 9.50
@Howard
I’m sorry, this is not possible at the moment, but you can change the default behavior with some small modifications in the code:
in /plugins/system/simpleacl.php line 127:
$app->redirect(‘index.php?option=com_simpleacl&task=deny’);
you can change the redirect as you wish.
For the homepage, just leave “index.php”.
11 February 2010 at 1.48
Hi I am wondering how you integrate this with DOCMan? Any guidance would be appreciate. Thanks!
12 February 2010 at 0.32
@BTS
There is no interaction with DocMan, or with any other component.
DocMan has its own permission system.
25 February 2010 at 20.19
Before I adquire Simple ACL, I need to know if I can do the following:
-I want to have an area in my site where clients can see information related to them. For example, I want to have a common tab “client access”. If client “A” clicks that tab, he will see his information, with other tabs related to his account. If client “B” clicks the tab, he will see only his information. Information of Client A will be very different to the information of client B.
I understand that I would have to register and give access to every client manually, it’s not a problem.
is this possible?
25 February 2010 at 20.34
@Noster:
Simple ACL does one simple thing (and does it well): control user access to sections (and categories or articles below the section), what you put in your sections or categories articles it doesn’t matter.
There is limited menu item support: if you create a menu item that points to an article, a section or a category which is denied by an ACL, then Simple ACL will try to hide the menu (some templates might override this behaviour so it’s only 99% safe) .
I hope I answered your question.
25 February 2010 at 22.07
Hi There,
I have a quick question about this… Does this addon allow custom user groups to be created? Then access given to the pages for the different user groups.
We are creating a website that has 3 different age groups, and would like only age group 1 to see some pages, age group 2 to see some more and age group 3 to see them all.
Is this possible with this?
26 February 2010 at 9.49
@Jamz:
It’s in the FAQ: Simple ACL does not support user defined (custom) groups.
But keep in mind that you need to do one operation to put a user in a group and you need to do one operation to create a user ACL, so if the relationship is such as each user belongs to exactly one group then Simple ACL is the perfect tool.
01 March 2010 at 11.43
Hi, could you tell me if this is possible please before i purchase.. basically i want to add an item on the user menu that only a few say 3 registerd users can see ie 3 employees of a company
thank you
01 March 2010 at 12.04
@stuart
I would say yes, but it depends on several conditions:
* the menu item must point to a section (or a category or an article belonging to a section) which is not public
* your template does not override menu component/module in strange ways (very unlikely, but must be remarked)
* the user has ACL “access read” granted for that section
* there is an ACL rule that denies access to that section for other users (otherwise everybody will see the menu)
The last is the tricky point: you can choose to deny access to all sections by default and grant individual access rights or you can play with joomla roles (i.e. create and ACL for “Authors” or for “Editors”). Or you can do the other way round: grant all to everybody and deny to selected users/sections.
Simple ACL is simple to use and very flexyble, but ACLs configurations are often a very complicated beast, virtually everybody needs a different configuration.
Also keep in mind that Simple ACL will not be able to hide the menu module (the menu item container) but it will only hide the individual menu items (this is seldom a problem, just use a module with hidden title).
03 March 2010 at 3.29
Are search engines able to “see” what is in ACL restricted sections?
What about users know the exact URL of the restricted Section? For example, someone who was once allowed but is now unwelcome.
My more general question is how secure is ACL? Can I feel confident putting sensitive material behind it or should I always assume everything on the internet is really public?
Cordially,
John Harper
03 March 2010 at 9.52
@John,
good questions!
First, I would say that Simple ACL was not buld with military grade security in mind, nor was Joomla itself.
Restricted sections cannot be “public” (in Joomla level sense), so search engines will not see them.
Knowing the URL will not be sufficient to access a denied sections but knowing the URL of an image or a file attachment will permit access to that image or attachment (this is obvious, since an image or attachment can be attached to many articles or sections or categories).
03 March 2010 at 23.58
Thank you for your work, knowledge and willingness to share. I am just gathering information right now and am not ready to buy Simple ACL.
However, I do want to make a small donation just because I don’t believe in something for nothing – it always turns into nothing for something right there at the end. You guys have a cold beer on me!
Cordially,
John Harper
04 March 2010 at 0.15
I can’t seem to find a link for donations. ???
Cordially,
John Harper
04 March 2010 at 10.15
@John
thank you for your wise words.
I’m surprised: I’m working with and on open source project since 10 years now, and you are the first willing to donate something. But I fully agree with you and I myself make yearly donations of part of my money to other open source projects I use (QGSIs, Docman, JCE… to cite a few).
If you are really willing to offer me a beer you can click on the [Buy now] button at the top of this page, copy the email address of my paypal account and just make a new paypal donation to that address, you choose the amount.
Thanks.
06 March 2010 at 18.31
It isn’t easy to buy you a beer. First of all, I don’t have a PayPal account. I would have to use a credit card. Then the form is in Italian and I don’t even see the USA listed as a country. I thought it might be like Spanish but apparently not. Spanish is commonly spoken here in Texas but Italian isn’t.
At any rate, I am lost when it comes to making a donation. I’ll just buy one for a stranger and give a hearty “Cheers” to Alessandro Pasotti. Thank you for your work.
Cordially,
John Harper
07 March 2010 at 9.03
Hi
I bought Simple ALC some years ago, and im very pleased with the product and your support level.
Now im going to build a website in Wordpress, and need the same features as Simple ALC provides for Joomla.
Do you know of such a plugin, or can Simple ALC manage the task?
I know its a bit offtopic, but googling it didn’t help me.
Thanks.
10 March 2010 at 22.26
Vorrei sapere se esiste un sito DEMO dove testare il componente. (vorrie evitare di pagare 45 Euro per un componente che non fa poi quello di cui necessitiamo)?
Vorrei sapere anche se è possibile limitare l’accesso ad alcune pagine in base alla tipologia utente?
Grazie
10 March 2010 at 22.44
@Claudio:
No: non esiste una demo, ma se mi spiegate quello che volete fare vi dico se Simple ACL vi può essere utile o meno.
No: la limitazione è su intere sezioni e non su singoli articoli (ammesso che con “pagine” intendeste dire articoli)
@Anders:
No sorry, I’m not aware of any WP plugin for ACLs.