Simple ACL ready for Joomla 1.5

Simple ACL

Simple ACL Logo
SimpleACL for Joomla helps you to restrict front-end access to particular user/section combinations. You can independently set permission to read, insert and update content items based on the section they belongs to.

The component does not override default Joomla roles, those roles are always checked first.

SimpleACL plays only with default com_content component and doesn’t affect other components or modules.

You can set a default access permission and selectively enable/block users to access content items in selected sections.

What can I do with this component?

A typical scenario:

  • Your site is a company site and the company has several departments.
  • Every department has a user who is in charge for editing web content for the department.
  • Every department has its own section for content items.
  • Users should only be able to edit content in their own department.
  • There is a user who is the public relation manager, he must be able to edit content in all sections (without being Administrator).
  • There are some section whose content should be readable only by selected users.

With SimpleACL you can set permissions to selected section/user combinations (or even to “Joomla! standard groups”/section combinations), this allows you to implement such a fine grained access control.

See also Simple ACL recipes (work in progress)

How it works?

SimpleACL works with an independent database table that hold the permissions for user/section combinations. A system plugin checks those access rules when the user access a content item from the front-end.

If you want to know more about the internals of Simple ACL and how it works, please see Decision Flowchart.

Please note that…

  1. Default Joomla roles are not overridden and are always checked first.
  2. SimpleACL works in the front-end only
  3. Only authenticated users are checked for ACLs
  4. “Administrator” or “Super Administrator” user are not checked for ACLs.
  5. Group support for standard Joomla! groups (author, editor, publisher…) is also available
  6. Custom groups creation is not supported (but you won’t miss it!)

License and costs

Simple ACL for Joomla 1.5 is free software (“free” as in “free speech”), licenced under Affero General Public License but I distribute it only in bundle with paid 12 month support service that costs 45 €.

Together with 12 months support you will get lifetime software updates, that means that you can pay just once and use the software forever in how many Joomla installations you like.

Please use the donation link at the top and middle of this page, you will immediately receive a download link.

Thank you for supporting free software and Joomla Simple ACL project!

Translations

They go in a language file, at the moment only English is in the distribution.

If you need more information about the Simple ACL, please read the FAQ at the bottom of this page.

What’s new in version G.x series

This new version brings many enhancements:

  • limited group support (groups are standard Joomla groups such as “registered”, “author” etc.)
  • check/uncheck all actions when editing ACLs
  • Admin users will not be shown in the user list when creating ACLs
  • limited menu integration
  • ACL menu module  (a mod_mainmenu which knows about ACLs)
  • ACL section module (a mod_sections which knows about ACLs)
  • DB backward compatible (will not overwrite your existing ACLs, but make a backup first)

Let’s give a closer look to some of the coolest new features…

Limited group support

You can now add ACLs to the following standard Joomla user groups:

  • registered
  • author
  • editor
  • publisher
  • manager

In case of ACL conflicts between group-ACLs and user-ACLs, the second will always prevail.

Menu integration

Many of you have asked for an ACL-aware menu.

You can now enable menu integration as an experimental option in Simple ACL configuration.

If you enable this option, Simple ACL will try to hide menu items that point to articles, sections or categories that are not accessible by the logged in user.

In some cases, it can happen that all menu items are hiddden, in this case the user will see an empty menu list, but Simple ACL will not be able to hide the title of the menu itself because it operates at a different level in the joomla processing flow.

New: ACL menu and section modules!

In addition to the “Menu integration” above, the package now contains two ACL modules (aclmenus and aclsections), to be used instead of standard Joomla! mod_mainmenu and mod_sections.

Using this new modules you can have menus and sections lists that  know when a menu item or a section can be accessed by the user, and can hide it accordingly.

Screenshots

FAQ

Is this thing “stable” ?

Yes, sure. It’s now used on several production websites.

Can I limit access to a category instead of a section?

Not in the current version.
I will eventually implement it in a future version (but please don’t ask me when :) )

Will Simple ACL alter in any way menu items or search results depending on user ACLs ?

Yes, Simple ACL comes with some companion plugins to hide unaccessible items from search results as well as from menus and section module (mod_sections).

How will I receive the software after the donation?

After a successful payment, you will receive a download link via email.

The email is automatically sent immediately after a successful payment, please check your spam folder if you don’t receive it in a few minutes.

Why should I pay for a free software component?

I think an explanation is needed: in my career I developed a couple of free (“free” as in “free speech”) software projects (KMLMapserver, MapStorer, Joomla FAP, SWFslideshow to cite a few), all of them are also “free” as in “free lunch” but in more than ten years I did not receive one cent as a donation, most of the time those projects were funded by one or more of my customers.

After keeping Simple ACL unpublished for a while, I simply felt I couldn’t spend time to publish, promote and give assistance on another free software project for nothing, I was simply dedicating too much time in open-source free projects without receiving back any money.

That’s why instead of keeping Simple ACL hidden in my desktop I decided to distribute it for a small fee, please note that this fee goes to cover the plain costs of assistance (answering to emails, writing documentation etc.) and development of Simple ACL, I will certainly not get rich with this fees.

This is not in contrast with free-software philosophy: GNU Free Software Foundation philosophy not only says that you can distribute free software for money, but encourage you to do so:

http://www.fsf.org/licensing/licenses/gpl-faq.html#DoesTheGPLAllowMoney

http://www.gnu.org/philosophy/selling.html

Can I distribute or sell Simple ACL?

Yes, you can. But doing so, you will probably provoke a stop in the development of Simple ACL, since I will not raise enough funds to cover the costs of its development.

It’s up to you.

Is this fee an yearly fee?

No, you donate once, you get the software and one year email assistance to set it up. That’s all.
I will send you all the future versions of the component (if any) for free.

“Delete” ACL rule doesn’t work

True, but this is not my fault, Joomla does not allow article deletion from the font-end, hence this rule is useless at the moment (but I have implemented it in case future Joomla versions support deletion from the front-end).

Why “Simple” ?

Well, because the objectives of this project were limited:

  • do not touch the core of Joomla
  • be unobstrusive: you can install and remove the component without consequences
  • do not interfere with standard Joomla user and permissions: Simple ACL respect standard Joomla permissions levels, and only acts after Joomla has done its checks and controls
  • solve a simple problem: let selected users to access and/or edit selected sections

I have 1000 users and 1000 sections, does Simple ACL suit my needs?

Probably not: Simple ACL does not support user defined (custom) groups, this mean that you should set up 1000 ACL’s to bind your 1000 users to their 1000 sections. This is just unpractical.
The latest version has limited group support. You can now add ACLs to the following standard Joomla user groups:

  • registered
  • author
  • editor
  • publisher
  • manager

In case of ACL conflicts between group-ACLs and user-ACLs, the second will always prevail (see the Decision Flowchart scheme for details).

What kind of default access policy should I choose?

Simple ACL allows you to configure a default access policy on the individual actions (Create, Update, Retrieve and Delete (the lattest not being implemented in Joomla front-end at the moment).

Please remember that Simple ACL rules apply only to registered users, by keeping this in mind you could have two main scenarios (other scenarios or combinations are of course possible):

1 – Your website is completely public (everybody can see everything) but you have (for example) three authors (A, B, C) and two sections (A, B). You want user A to edit only section A, user B to edit only section B and user C to edit both. In this case, you would

  • create users A, B and C as authors (or editor or publisher)
  • set Joomla standard access to “public” for sections A, B and C (this is the default)
  • set Simple ACL default access policy to Retrieve=Allow, Create=Deny, Update=Deny, Delete=Deny
  • create one ACL for user A/section A to allow all actions (Create, Retrieve, Update, Delete)
  • create one ACL for user B/section B to allow all actions (Create, Retrieve, Update, Delete)
  • create one ACL for user C/section A to allow all actions (Create, Retrieve, Update, Delete)
  • create one ACL for user C/section B to allow all actions (Create, Retrieve, Update, Delete)

2 – Your website is mainly public, but you have some private sections that you want to be accessible only from selected users. You have (for example) three authors (A, B, C) and two private sections (A, B) and you want user A able to read (and not edit) section A, user B able to read (and not edit) section B, user C able to read (and not edit) all three sections. In this case, you would

  • create users A, B and C as registered (remember, they don’t need to edit anything, just read)
  • create sections A, B and C and set standard Joomla access level to “registered” otherwise all user (included A and B) would be able to read section A and B while not authenticated (logged in)
  • set Simple ACL default access policy to Retrieve=Deny, Create=Deny, Update=Deny, Delete=Deny
  • create one ACL for user A/section A to allow Retrieve and deny all other actions
  • create one ACL for user B/section B to allow Retrieve and deny all other actions
  • create one ACL for user C/section A to allow Retrieve and deny all other actions
  • create one ACL for user C/section B to allow Retrieve and deny all other actions

Why two different plugins?

System plugin must always be installed and activated otherwise Simple ACL will not work.

Content plugin is only useful when both of the following conditions apply:

  • in your default access policy (as set in component parameters window) Retrieve=deny
  • and you have a mixture of articles coming from allowed and denied sections in the front page

If given the conditions above you don’t activate the content plugin, a single denied article in the front page will deny the whole page.

What happens when a logged in user try to access/edit a denied page?

A “denied page” means a page containing an article that belongs to a section non accessible by that user because of Simple ACL restrictions.
The user will be redirected to a page generated by Simple ACL component (or to an URL of your choice, you can configure the URL through the component parameters configuration in the control panel). The generated deny page shows the deny message that you can change through the Simple ACL parameters settings in the control panel. The page shows also the default Simple ACL policy and the existing ACLs for that user so the user can see exactly which sections he can access.

78 Comments to “Simple ACL ready for Joomla 1.5”

  1. ItOpen - Open Web Solutions, WebGis Development » Blog Archive » Simple ACL for Joomla Says:
    2008-09-24 at 12.54 pm  

    [...] ItOpen – Open Web Solutions, WebGis Development » Blog Archive » Simple ACL ready for Jo… Says: 2008-09-24 at 12.36 pm [...]

  2. Ollie Ford Says:
    2008-11-21 at 4.23 pm  

    Hi, is it possible to have this limit category access instead of sections?

  3. Alessandro Pasotti Says:
    2008-11-21 at 4.42 pm  

    @Ollie,

    not at the moment, I will eventually implement it in a future version.

  4. Pawel Says:
    2008-12-05 at 3.57 pm  

    I just paid & got it in few minutes. I’ll make a comment after job… On the start all is OK!

  5. Prea Markovic Says:
    2008-12-11 at 3.36 am  

    Hello,

    Is it possible with “simple ACL” make articles that are only visible to one user.
    I would like to generate for each of my customers page with info considering only them.

  6. Alessandro Pasotti Says:
    2008-12-11 at 9.50 am  

    @Prea

    this can be done with Simple ACL: you can set default access policy to Retrieve=deny so that registered users (remember: Simple ACL has no effect on “guests”) will not have access to any section while logged in.

    Then you can set up an ACL rule for each customer to give him Retrieve=allow access to their personal section.

    Using a combination of Joomla standard access level (public, registered, special) and Simple ACL rules you can achieve many complex access control setups.

  7. Pawel Says:
    2009-01-16 at 1.56 pm  

    Simple ACL is working very satisfactory on my Web page.
    Of course it should be better to have the some possibilities on categories. Now the only way is to create new sections instead categories and bigger site makes you more troubles with internal structure.
    Please think about it – the way how to do it isn’t very complcated, is it?

  8. Alessandro Pasotti Says:
    2009-01-16 at 4.05 pm  

    @Pawel,

    it’s more complicated than you can imagine…
    … if you want a bullet-proof solution that can work with both sections and categories in all kind of scenarios the people is using Simple ACL at the time being.

    Of course, IF (you just need categories AND you are satisfied with a quick hack AND you can do some PHP coding) THEN you could do it in a couple of hours (testing included) :)

  9. Lee Meadows Says:
    2009-03-19 at 2.12 pm  

    Hi Alessandro,

    I have received the files this morning – thanks you!

    Lee.

  10. wanted Says:
    2009-04-17 at 4.08 am  

    Have a trial version for Joomla 1.5.10 and working over the PHP4?
    I’ve try many kinds of CAL but seems not working well.

  11. Alessandro Pasotti Says:
    2009-04-20 at 11.32 am  

    @wanted

    no, sorry there is not a trial version.

    PHP4 is supported (but not recommended!) in the stable version only.

    New beta version was not (yet) tested on PHP4 but I would expect it will work without problems.

  12. Kathy Says:
    2009-06-13 at 4.00 am  

    I am working on a medical tourism website where I will have public access to view some basic pages/articles and registered users who will be able to view only more detailed pages/articles. Then I need a third level of users who can access and modify perhaps only information regarding their trip. No one else can view their information unless authorized by the client–say a relative or friend they want to be aware of their trip information. This means the search function must not bring up their profiles and pages/articles.

    It looks like I can set up a section for each user and restrict access to just that user, much like access to bank account information. Right?

    Can Simple ACL work to provide this? I am not a programer so I need a plugin that is easily modified and set up.

    Thanks.

    Kathy

  13. Alessandro Pasotti Says:
    2009-06-13 at 11.18 am  

    @Kathy,

    Yes, Simple ACL will do what you want: you will deny access to all as default ACL policy, create one section for each user, set up an ACL to grant access to that user, and only that user will be able to read/search and optionally edit or create content in that section.

    And yes, Simple ACL is really “simple” to install and configure, this is its unique selling point, after all: do one thing and do it well and easily.

    That said, be warned that Simple ACL was not built with military grade security in mind, this means that if you put a reserved document (say a PDF) in one of the reserved pages, if an unauthorized user knows the exact document URL, nothing will prevent her/him to download the document if she/he enters the URL directly in the browser address bar.

  14. Lawrence Says:
    2009-07-16 at 6.12 pm  

    Can this be installed with Joomla 1.0?

  15. Alessandro Pasotti Says:
    2009-07-16 at 6.29 pm  

    @Lawrence:

    no.

  16. David Says:
    2009-08-01 at 1.24 am  

    I surely know this question has been asked and answered but not in the way my brain is working, so…

    Can I set/restrict my Authors to only be able to ‘see’ certain sections/categories and thus be only able to write to those restricted sections/categories.

    eg – on my Site I have

    Sections: A, B, C, D, E, F, G

    I want to allow Authors the ability to ONLY write for Sections: A, B, G

    (I still wish to retain Admin control over final publishing for public viewing)

    Thanks

    David

  17. Alessandro Pasotti Says:
    2009-08-01 at 8.55 am  

    @David,

    yes, of course it’s possible. It’s just a matter of setting the right ACLs.

    Set default configuration to Create=Deny, Retrieve=Allow, Update=Deny
    Create 3 ACLs to Create=Allow and Update=Allow for group Author and sections A,B,G

  18. Alexis Says:
    2009-10-19 at 9.56 pm  

    Hello! I just saw this “The latest version has limited group support. You can now add ACLs to the following standard Joomla user groups:
    registered
    author
    editor
    publisher
    manager”.

    it might be silly of me to ask, but just to be sure… Does that mean that Simple ACL doesn’t support the creation of other user groups??

    Thanks,

    Alexis

  19. Alessandro Pasotti Says:
    2009-10-20 at 8.44 am  

    @Alexis

    Simple ACL does not support custom user-defined groups.

    You can create ACLs for

    * single user / single section
    * standard Joomla groups (author, editor etc.) / single section
    * default

    This ACLs offers a broad range of use cases but Simple ACL is not the solution for *all* ACL problems, is’t “Simple” after all.

  20. Alexis Says:
    2009-10-20 at 3.56 pm  

    Got it! Thank you very much for your reply, as i was saying it was just to be sure. Good luck!

  21. Christian Says:
    2009-10-23 at 2.29 pm  

    Hello,

    Is your tool useful for my site?

    The situation is:

    About 10 people (group registered, status publisher) should be allowed to edit and insert news only in one defined category with the frontend editor. The articles in this news category are viewable by public and the first five articles are shown also on the frontpage.

    They should not to be allowed to change (edit,delete) public articles in other categories (rest of the site) when they logged in the frontend.

  22. Alessandro Pasotti Says:
    2009-10-23 at 3.04 pm  

    Yes, Simple ACL will do it but only if you change category into a section: Simple ACL works with sections, not with categories (of course you can create a section with a single category for this purpose).

    You will
    * set default Simple ACL parameters to allow retrieve and deny all other actions
    * create an ACL for standard group “publishers” to grant edit and insert for your defined section

  23. Sarah Eagle Says:
    2009-11-10 at 5.25 pm  

    Your flowchart is excellent. Does a K2 (http://k2.joomlaworks.gr/) piece of content get treated the same way as a standard Joomla section/category/article?

    So if I have all content in K2 instead, will Simple ACL still work?

    Thanks

  24. Alessandro Pasotti Says:
    2009-11-10 at 5.36 pm  

    @Sarah,

    Sorry I really have no idea, we have never worked with K2.

  25. Anders Says:
    2009-11-23 at 9.21 pm  

    Im using Simple ACL, and it works great. But I have given som editors the right to publish to one section and category on the page, but I have to approve the articles before they are published.

    How do I make them published automaticly?

    Thanks.

  26. Alessandro Pasotti Says:
    2009-11-23 at 9.38 pm  

    @Anders,

    Your question has not much to do with Simple ACL (which does not override standard Joomla permissions): in the Joomla CMS only “publishers” can publish.

  27. Blain Ingram Says:
    2009-11-24 at 12.42 am  

    1. Does Simple ACL work with CB registration?
    2. Is there a way to test this with a short trial period and then registration key. I am tired of getting burned by the paid stuff. Oddly enough the free stuff ends up being more stable? Just paid for Juga…a waste of time and money.

  28. Alessandro Pasotti Says:
    2009-11-24 at 9.51 am  

    @Blain:

    1 – I haven’t tested, so I assume No.
    2 – No sorry, I guarantee Simple ACL works as advertised, but feel free to ask more informations about Simple ACL, describe your use case and I honestly will tell you if Simple ACL will do the job.

    Simple ACL is fine for a broad range of use cases, but of course it’s not a solution for *all* ACL problems.

  29. WhyWaitWeb Says:
    2009-12-17 at 6.08 pm  

    Hi Alessandro,

    Can you install other extensions alongside SimpleACL to allow front end deletion,

    Thanks..

  30. Alessandro Pasotti Says:
    2009-12-17 at 6.17 pm  

    @WWW

    In theory, yes: the “delete” action is checked by Simple ACL (post-mortem as all other actions).

    Since the “delete” function is not available in front-end this feature is untested.

    What extension are you thinking to install?

  31. Beck Says:
    2010-01-09 at 12.59 am  

    I’ve just used SimpleACL on a site with approx 30 registered users. The users require read access only to different sections, on account of the fact that they are members of different committees, sub committees. I had about 8 sections in total.

    I had to create approx 100 ACL but given that each one took seconds to create, it really wasn’t too onerous a task. It took me about 45 minutes to create the ACL’s from the first to the last.

    Thanks for this extension, I’m really pleased with how it does exactly what I want.

  32. Paul Says:
    2010-01-15 at 1.12 pm  

    Hi Alessandro

    I need guest and registered levels of access for my site but need a third for “special members” to access the forum.

    Looking at a tip on a board, I thought about using Editor (ie Special level)and then restricting their ability to edit. I only want the admins to edit.

    Will your software allow me to restrict editing on all pages by editors (and remove the edit icon from the page).

    My thanks

  33. Alessandro Pasotti Says:
    2010-01-15 at 1.25 pm  

    @Paul

    You’d better use “Author” instead of “Editor” and yes, Simple ACL will do fine in preventing authors to create new contents (or editing existing one) but Simple ACL will not be able to remove the edit icon because this icon is generated in the template (it’s something you can fix easily editing the template code or with a template override).

    When an unauthorized user clicks on the edit icon he will be redirected to the “deny” page (where you can put your own text).

  34. Paul Says:
    2010-01-15 at 1.48 pm  

    Wow – incredible response. My thanks for your assistance. Will go looking at the template :- )

  35. howard Says:
    2010-02-02 at 8.42 am  

    Hi Allessandro

    We have SimpleACL up and working fine. Great job.

    Is it possible to use a redirect instead of the SimpleACL error page ? We would like to send the user back to the home page.

  36. Anonymous Says:
    2010-02-02 at 9.50 am  

    @Howard

    Yes, this is now possible, you can specify in the Simple ACL configuration parameters an URL where users are redirected when they try to do a denied action.

    You can change the redirect as you wish.

    For the homepage, just leave “index.php”.

  37. BTS Says:
    2010-02-11 at 1.48 am  

    Hi I am wondering how you integrate this with DOCMan? Any guidance would be appreciate. Thanks!

  38. Alessandro Pasotti Says:
    2010-02-12 at 12.32 am  

    @BTS

    There is no interaction with DocMan, or with any other component.

    DocMan has its own permission system.

  39. Noster Says:
    2010-02-25 at 8.19 pm  

    Before I adquire Simple ACL, I need to know if I can do the following:

    -I want to have an area in my site where clients can see information related to them. For example, I want to have a common tab “client access”. If client “A” clicks that tab, he will see his information, with other tabs related to his account. If client “B” clicks the tab, he will see only his information. Information of Client A will be very different to the information of client B.

    I understand that I would have to register and give access to every client manually, it’s not a problem.

    is this possible?

  40. Alessandro Pasotti Says:
    2010-02-25 at 8.34 pm  

    @Noster:

    Simple ACL does one simple thing (and does it well): control user access to sections (and categories or articles below the section), what you put in your sections or categories articles it doesn’t matter.

    There is limited menu item support: if you create a menu item that points to an article, a section or a category which is denied by an ACL, then Simple ACL will try to hide the menu (some templates might override this behaviour so it’s only 99% safe) .

    I hope I answered your question.

  41. Jamz Says:
    2010-02-25 at 10.07 pm  

    Hi There,

    I have a quick question about this… Does this addon allow custom user groups to be created? Then access given to the pages for the different user groups.

    We are creating a website that has 3 different age groups, and would like only age group 1 to see some pages, age group 2 to see some more and age group 3 to see them all.

    Is this possible with this?

  42. Alessandro Pasotti Says:
    2010-02-26 at 9.49 am  

    @Jamz:

    It’s in the FAQ: Simple ACL does not support user defined (custom) groups.

    But keep in mind that you need to do one operation to put a user in a group and you need to do one operation to create a user ACL, so if the relationship is such as each user belongs to exactly one group then Simple ACL is the perfect tool.

  43. ItOpen – Open Web Solutions, WebGis Development » Blog Archive » Joomla Simple ACL recipes Says:
    2010-03-13 at 10.48 am  

    [...] page is a collection of small recipes and hints about Simple ACL [...]

  44. Helena Says:
    2010-03-25 at 6.48 pm  

    Obrigado pelo módulo Simple ACL. Apesar de não ter conhecimento de programação, tive suporte imediato, que me atendeu de forma profissional e rápida. É muito bom encontrar profissionais assim, dispostos a oferecer um trabalho sério e de qualidade.
    Estou muito satisfeita.
    Valeu!

  45. Ivo Carvalho Says:
    2010-04-22 at 7.32 pm  

    I’ve used Simple ACL in a different way. My site is private, only registered members can access it. It’s an Hospital site in wich each department has an section, so each member can only access its own section. I have about 100 members, each with its own rules in SimpleACL and it has worked wonderfully!
    Thank you!

  46. Barry Wallace Says:
    2010-05-11 at 4.08 pm  

    Works a dream for our site. We have lots of sections, but once logged in, users can now see a members area. We only wanted them to be able to update this section – this has worked fine.

  47. Pedram Says:
    2010-07-16 at 5.50 pm  

    Hey Alessandro, i had a question about this ACL extension, what i am looking to do is to upload invoices to my website for restricted access but i want the customers to be able to ONLY see their own invoices i have tried many different things but these would make the invoices visible to all the users that are registered, would it be possible to accomplish this with simple ACL?

    Thanks so much i look forward to your response.

  48. Alessandro Pasotti Says:
    2010-07-16 at 6.58 pm  

    Yes, see recipe n° 3. You will need to create a section, a menu item and an ACL rule for each of your customers to selectively open access to their “private section”, you can place invoices in the section body itself or create articles inside.

    Please note that we will be closed for holidays until 26 july, assistance is not guaranteed during this period.

    Download is automatic so it will work even if our offices are closed.

  49. Bill Speary Says:
    2010-07-25 at 1.54 am  

    I just bought “Simple ACL ready for Joomla 1.5″, and I have a couple of questions. I just built a site which has a public section and an owner section.

    Once a user has logged in and registered, we need to determine if he is an owner and, if so, give him access to the owner section. What access level should I use?

    Several of the articles in the owner section have designated authors. How do I give them access to edit and publish only those articles?

    Thanks. Bill

  50. Alessandro Pasotti Says:
    2010-07-26 at 11.33 am  

    @Bill:

    > Once a user has logged in and registered, we need to determine if he is an owner and, if so, give him access to the owner section. What access level should I use?
    >

    If I understand right, you have a section named “owner” and you want to grant access to that section to selected users.

    First thing to keep in mind is that Simple ACL (SACL) respect standard Joomla access rules, tis means that you must not use access level “public” for restricted sections, choose an access level which is compatible for the user you want to grant access to that section (for example: “registered” or “special”).

    > Several of the articles in the owner section have designated authors. How do I give them access to edit and publish only those articles?
    >

    You can follow recipe 3:
    http://www.itopen.it/2010/03/13/joomla-simple-acl-recipes/

    Basically, you configure SACL to be closed by default and open selected sections to selected users.

    You can use different combinations of

    * user-specific ACL
    * group-specific ACL (group=Joomla group like “author”, “editor”, “regitered” etc.)
    * default ACL

    The first that match, will win and grant or deny the required action (edit, add, read or delete).

    The following flowchart will help you to understand what’s going on inside SACL. If in doubt, you can activate debug in SACL parameters and you will see printed at the top of the front-end page the reason for a grant or deny action.

    http://www.itopen.it/wp-content/uploads/2008/09/Simple-ACL-Decision-Flowchart.png

    Hope this helps.

  51. Louise Says:
    2010-08-17 at 11.48 pm  

    I’ve read your site and this list of comments, but i’m always nervous of buying an extension before I feel totally comfortable.

    I’m currently developing a website for a photographer and am looking into options for client areas, where by a client could log in and see their images only.

    With Simple ACL it seems to me this would be straightforward. I’m guessing you would create a section for each client, and then give them access to that section only, as a registered user? And it would be possible to only let them view content (not edit etc..)? Would there be any issues with this that I am missing?

    Thanks for your help.

  52. Alessandro Pasotti Says:
    2010-08-18 at 8.23 am  

    @Luoise,

    Yes, to the first two questions.

    I can’t answer to the second, the main potential (but very unlikely) issue with a “mostly private” setup concerns how to present to the users their own content. You will probably need to create a menu item for each private section and then enable menu integration in Simple ACL options. This menu integration is advertised as “experimental”, this means that it will work on 99,99% of Joomal installations but there are a few cases in wich the standard Joomla mod_mainmenu is overridden by the template causing menu intgration to fail.

    I can only guarantee that menu integration works perfectly with all Joomla standard templates (the templates that are distributed with Joomla itself).

    It’s a long time now we are thinking of writing a simple “ACL-aware” mod_sections, this will probably be the definitive solution to this problem.

  53. Louise Says:
    2010-08-18 at 3.29 pm  

    @Alessandro

    Thanks so much for your detailed answer, its really helpful.

    I will keep a look out for ACL-aware in the future!!

    Louise

  54. Alessandro Pasotti Says:
    2010-08-19 at 4.22 pm  

    @Louise,

    We have developed the ACL-aware Sections module, it’s currently under testing and will be released within the main package in a few days.

    Of course all previous customers will receive it immediately after our quality controls are passing.

  55. sky Says:
    2010-08-22 at 9.14 am  

    so when will SimpleACL support limit access to a category ?

  56. sky Says:
    2010-08-22 at 9.54 am  

    I have 1000 users in registered group, and I want to grant 20 of them the right to edit certain section’s contents. Can SimpleACL does this?

  57. Alessandro Pasotti Says:
    2010-08-22 at 11.46 pm  

    @sky

    Simple ACL will not support ACL on categories in the near future.

    To answer your second question: no, because Simple ACL do not override standard Joomla role access control and Joomla does not allow a “registered” user to edit anything, “author” level is the minimum role to edit something in Joomla.

  58. Kailey Says:
    2010-09-13 at 7.36 pm  

    Is there a way to demo this product before purchasing it?

  59. Kailey Says:
    2010-09-13 at 7.46 pm  

    Does simple ACL allow publishers to publish new content to a specific section rather then just be able to edit it?

  60. Alessandro Pasotti Says:
    2010-09-14 at 8.50 am  

    @Kailey

    No, sorry, there is no demo.

    As for your second question, I would say yes. Let me explain how it works.

    You can configure Simple ACL (SACL) to deny by default all “insert/create” actions. Then you can create an ACL to allow your publisher users (all of them or just a selected set) to “insert/create” content in one or a few selected sections.

    When the publisher will try to “insert/create” an article from the front-end he will be presented the full list of sections (no apparent changes in the interface so far) but if they choose a section they are not allowed to publish in, SACL redirect them to an error page (default is a page with a configurable message and a list of existing ACLs for that user, you can also choose a custom URL as the error page).

  61. Bill Speary Says:
    2010-09-28 at 12.16 am  

    I want to give a client access to Joomla 1.5 BACKEND. BUT I don’t want him to change ANYTHING.

    Any way to do this usin ACL??
    Bill

  62. Alessandro Pasotti Says:
    2010-09-28 at 8.05 am  

    @Bill

    No: Simple ACL is active in the front-end only.

  63. Jeff Says:
    2010-10-23 at 9.02 pm  

    Can the edit icon be removed for those who don’t have access to edit the article?

  64. Alessandro Pasotti Says:
    2010-10-24 at 10.29 am  

    @Jeff:

    No: the edit icon is generated from the template, given the fact that there are thousands of different Joomla! templates, there is no possibility to control this behavior from a component or a plugin.

  65. Andrew Says:
    2010-11-13 at 6.56 am  

    I need to develope a website for a Diabetic Clinic. A patient must be able to log in and see their test results. Obviously the page with the test results must be private and only viewable to the patient.

    Can I do that with this plugin?

  66. Alessandro Pasotti Says:
    2010-11-13 at 11.12 am  

    @Andrew:

    Yes, see recipe 3 here:
    http://www.itopen.it/2010/03/13/joomla-simple-acl-recipes/

    Please keep in mind that:
    * you will need one section for each user
    * you will need to create one ACL rule for each user/section combination
    * Simple ACL security is not military-grade: attachments will be accessible by direct links (security through obscurity)

    To create a menu link to the user’s (patient’s) “private” section you can use the new “aclsections” module, provided with Simple ACL, this module shows only sections to which the user has access, so the patient will see only the link to his private section.

    Regards.

  67. litsa Says:
    2010-11-24 at 5.24 pm  

    Hello,

    I want to build a website for a English language center. Is it possible if I use your extension, to give access for each user (parent) to a specific article (about their kid only). I will also like, the user not to see what other students exist in the system. Is that possible?

  68. Alessandro Pasotti Says:
    2010-11-24 at 6.19 pm  

    @litsa,

    Yes, please read the answer in the comment just one line above yours.

    You should use sections instead of articles and Simple ACL will works as you wish.

  69. Lui Says:
    2011-07-28 at 8.57 pm  

    Is this extension compatible with K2 component?

  70. Alessandro Pasotti Says:
    2011-07-29 at 10.02 am  

    No. Sorry.

  71. Petar Says:
    2011-11-11 at 12.40 am  

    There is a backend demo for Simple ACL?

  72. Alessandro Pasotti Says:
    2011-11-18 at 6.33 pm  

    No, sorry, but you can take a look to the screenshots in this page.

  73. Simona Says:
    2011-11-22 at 2.18 pm  

    Salve, avrei una domanda: in un sito devo poter gestire privilegi diversi per gli utenti in lettura, nello specifico: gli agenti devono poter consultare alcune sezioni, i clienti altre (che in realtà confluiscono in un’unica e generica area riservata).
    Il vostro plug-in mi permetterebbe di gestire questa situazione?
    Grazie mille!

  74. Alessandro Pasotti Says:
    2011-11-22 at 3.06 pm  

    @Simona,

    in linea di massima, si. Però non è possibile creare gruppi custom, quindi o crei dei record ACL per ciascun utente definendo quale sezione può consultare oppure assegni le due tipologie di utente ad uno dei “gruppi” standard Joomla (registered, author, editor ecc.) e crea una ACL per il “gruppo”.

  75. Hadi Says:
    2012-03-19 at 11.09 am  

    I need a demo to explore your component features.
    Is it possible to have a control to any specific links at the backend, so i can set the permission for particular groups/users?
    For example, I have some events on Civicrm component, and I need to restrict to any particular Event so that only the Event which belong to a group can be viewed by the user on that group.

  76. Alessandro Pasotti Says:
    2012-03-19 at 1.40 pm  

    @Hadi,

    sorry, there is no demo available. Also I don’t think that SimpleACL is useful for you, it does not allow to restrict arbitrary links because it is only active on Joomla standard sections.

  77. Deirdre Says:
    2012-03-28 at 2.12 pm  

    Hi Alessandro

    I have set up simple ACL on an intranet & have restricted access to one section. I want to be able to prompt the user to login when they click on this section. I tried to do this using acl redirect in the component parameters but it is not working. It just displays 403 page you are not authorised to view this resource

    Is there a way around this? thanks

  78. Alessandro Pasotti Says:
    2012-03-28 at 2.20 pm  

    @Deirdre,

    no, this not possible with Simple ACL. Simple ACL is completely inactivated when the user is not logged in.

Leave a Reply