SimpleACL for Joomla helps you to restrict front-end access to particular user/section combinations. You can independently set permission to read, insert and update content items based on the section they belongs to.
The component does not override default Joomla roles, those roles are always checked first.
SimpleACL plays only with default com_content component and doesn’t affect other components or modules.
You can set a default access permission and selectively enable/block users to access content items in selected sections.
What can I do with this component?
A typical scenario:
- Your site is a company site and the company has several departments.
- Every department has a user who is in charge for editing web content for the department.
- Every department has its own section for content items.
- Users should only be able to edit content in their own department.
- There is a user who is the public relation manager, he must be able to edit content in all sections (without being Administrator).
- There are some section whose content should be readable only by selected users.
With SimpleACL you can set permissions to selected section/user combinations (or even to “Joomla! standard groups”/section combinations), this allows you to implement such a fine grained access control.
How it works?
SimpleACL works with an independent database table that hold the permissions for user/section combinations. A system plugin checks those access rules when the user access a content item from the front-end.
If you want to know more about the internals of Simple ACL and how it works, please see Decision Flowchart.
Please note that…
- Default Joomla roles are not overridden and are always checked first.
- SimpleACL works in the front-end only
- Only authenticated users are checked for ACLs
- “Administrator” or “Super Administrator” user are not checked for ACLs.
- Group support for standard Joomla! groups (author, editor, publisher…) is also available
- Custom groups creation is not supported (but you won’t miss it!)
License and costs
Simple ACL for Joomla 1.5 is free software (“free” as in “free speech”), licenced under Affero General Public License but I distribute it only in bundle with paid 12 month support service that costs 45 €.
Together with 12 months support you will get lifetime software updates, that means that you can pay just once and use the software forever in how many Joomla installations you like.
Please use the donation link at the top and middle of this page, you will immediately receive a download link.
Thank you for supporting free software and Joomla Simple ACL project!
They go in a language file, at the moment only English is in the distribution.
If you need more information about the Simple ACL, please read the FAQ at the bottom of this page.
What’s new in version G.x series
This new version brings many enhancements:
- limited group support (groups are standard Joomla groups such as “registered”, “author” etc.)
- check/uncheck all actions when editing ACLs
- Admin users will not be shown in the user list when creating ACLs
- limited menu integration
- ACL menu module (a mod_mainmenu which knows about ACLs)
- ACL section module (a mod_sections which knows about ACLs)
- DB backward compatible (will not overwrite your existing ACLs, but make a backup first)
Let’s give a closer look to some of the coolest new features…
Limited group support
You can now add ACLs to the following standard Joomla user groups:
In case of ACL conflicts between group-ACLs and user-ACLs, the second will always prevail.
Many of you have asked for an ACL-aware menu.
You can now enable menu integration as an experimental option in Simple ACL configuration.
If you enable this option, Simple ACL will try to hide menu items that point to articles, sections or categories that are not accessible by the logged in user.
In some cases, it can happen that all menu items are hiddden, in this case the user will see an empty menu list, but Simple ACL will not be able to hide the title of the menu itself because it operates at a different level in the joomla processing flow.
New: ACL menu and section modules!
In addition to the “Menu integration” above, the package now contains two ACL modules (aclmenus and aclsections), to be used instead of standard Joomla! mod_mainmenu and mod_sections.
Using this new modules you can have menus and sections lists that know when a menu item or a section can be accessed by the user, and can hide it accordingly.
Is this thing “stable” ?
Yes, sure. It’s now used on several production websites.
Can I limit access to a category instead of a section?
Not in the current version.
I will eventually implement it in a future version (but please don’t ask me when 🙂 )
Will Simple ACL alter in any way menu items or search results depending on user ACLs ?
Yes, Simple ACL comes with some companion plugins to hide unaccessible items from search results as well as from menus and section module (mod_sections).
How will I receive the software after the donation?
After a successful payment, you will receive a download link via email.
The email is automatically sent immediately after a successful payment, please check your spam folder if you don’t receive it in a few minutes.
Why should I pay for a free software component?
I think an explanation is needed: in my career I developed a couple of free (“free” as in “free speech”) software projects (KMLMapserver, MapStorer, Joomla FAP, SWFslideshow to cite a few), all of them are also “free” as in “free lunch” but in more than ten years I did not receive one cent as a donation, most of the time those projects were funded by one or more of my customers.
After keeping Simple ACL unpublished for a while, I simply felt I couldn’t spend time to publish, promote and give assistance on another free software project for nothing, I was simply dedicating too much time in open-source free projects without receiving back any money.
That’s why instead of keeping Simple ACL hidden in my desktop I decided to distribute it for a small fee, please note that this fee goes to cover the plain costs of assistance (answering to emails, writing documentation etc.) and development of Simple ACL, I will certainly not get rich with this fees.
This is not in contrast with free-software philosophy: GNU Free Software Foundation philosophy not only says that you can distribute free software for money, but encourage you to do so:
Can I distribute or sell Simple ACL?
Yes, you can. But doing so, you will probably provoke a stop in the development of Simple ACL, since I will not raise enough funds to cover the costs of its development.
It’s up to you.
Is this fee an yearly fee?
No, you donate once, you get the software and one year email assistance to set it up. That’s all.
I will send you all the future versions of the component (if any) for free.
“Delete” ACL rule doesn’t work
True, but this is not my fault, Joomla does not allow article deletion from the font-end, hence this rule is useless at the moment (but I have implemented it in case future Joomla versions support deletion from the front-end).
Why “Simple” ?
Well, because the objectives of this project were limited:
- do not touch the core of Joomla
- be unobstrusive: you can install and remove the component without consequences
- do not interfere with standard Joomla user and permissions: Simple ACL respect standard Joomla permissions levels, and only acts after Joomla has done its checks and controls
- solve a simple problem: let selected users to access and/or edit selected sections
I have 1000 users and 1000 sections, does Simple ACL suit my needs?
Probably not: Simple ACL does not support user defined (custom) groups, this mean that you should set up 1000 ACL’s to bind your 1000 users to their 1000 sections. This is just unpractical.
The latest version has limited group support. You can now add ACLs to the following standard Joomla user groups:
In case of ACL conflicts between group-ACLs and user-ACLs, the second will always prevail (see the Decision Flowchart scheme for details).
What kind of default access policy should I choose?
Simple ACL allows you to configure a default access policy on the individual actions (Create, Update, Retrieve and Delete (the lattest not being implemented in Joomla front-end at the moment).
Please remember that Simple ACL rules apply only to registered users, by keeping this in mind you could have two main scenarios (other scenarios or combinations are of course possible):
1 – Your website is completely public (everybody can see everything) but you have (for example) three authors (A, B, C) and two sections (A, B). You want user A to edit only section A, user B to edit only section B and user C to edit both. In this case, you would
- create users A, B and C as authors (or editor or publisher)
- set Joomla standard access to “public” for sections A, B and C (this is the default)
- set Simple ACL default access policy to Retrieve=Allow, Create=Deny, Update=Deny, Delete=Deny
- create one ACL for user A/section A to allow all actions (Create, Retrieve, Update, Delete)
- create one ACL for user B/section B to allow all actions (Create, Retrieve, Update, Delete)
- create one ACL for user C/section A to allow all actions (Create, Retrieve, Update, Delete)
- create one ACL for user C/section B to allow all actions (Create, Retrieve, Update, Delete)
2 – Your website is mainly public, but you have some private sections that you want to be accessible only from selected users. You have (for example) three authors (A, B, C) and two private sections (A, B) and you want user A able to read (and not edit) section A, user B able to read (and not edit) section B, user C able to read (and not edit) all three sections. In this case, you would
- create users A, B and C as registered (remember, they don’t need to edit anything, just read)
- create sections A, B and C and set standard Joomla access level to “registered” otherwise all user (included A and B) would be able to read section A and B while not authenticated (logged in)
- set Simple ACL default access policy to Retrieve=Deny, Create=Deny, Update=Deny, Delete=Deny
- create one ACL for user A/section A to allow Retrieve and deny all other actions
- create one ACL for user B/section B to allow Retrieve and deny all other actions
- create one ACL for user C/section A to allow Retrieve and deny all other actions
- create one ACL for user C/section B to allow Retrieve and deny all other actions
Why two different plugins?
System plugin must always be installed and activated otherwise Simple ACL will not work.
Content plugin is only useful when both of the following conditions apply:
- in your default access policy (as set in component parameters window) Retrieve=deny
- and you have a mixture of articles coming from allowed and denied sections in the front page
If given the conditions above you don’t activate the content plugin, a single denied article in the front page will deny the whole page.
What happens when a logged in user try to access/edit a denied page?
A “denied page” means a page containing an article that belongs to a section non accessible by that user because of Simple ACL restrictions.
The user will be redirected to a page generated by Simple ACL component (or to an URL of your choice, you can configure the URL through the component parameters configuration in the control panel). The generated deny page shows the deny message that you can change through the Simple ACL parameters settings in the control panel. The page shows also the default Simple ACL policy and the existing ACLs for that user so the user can see exactly which sections he can access.