next »

[Fotis]

@jetronic
The solution to what you ask is right above your post.
http://forum.joomlaworks.gr/index.php?topic=1119.msg11614#msg11614

@timgerr
Groups can only be created using a 3PD component like JACL (which we recommend as STEP 2, if you want more control over permissions).

@MokumDesign
Thanks for your kind words.

[Dysier]

Great tutorial.  Thanks!

Following the tutorial I was able to successfully grant managers access to community builder.  I would also like to do the same with AEC subscription component.  However, even know the managers have access to the component, they get the following message "You are not authorized to view this resource", along with no editing access. 

Is there something in addition to what's already been pointed out in the tutorial that I would need to set in the gacl file for cases such as this?

Thanks.

[kavin]

Well, Fortis, your tips are very helpful and thank you very much, but there is one more thing that I need to fix is

After I hided all access menu to the manager except the Virtuemart component which I have to let them manage the prodcut, but if I place this url "http://sitename/administrator/index2.php?option=com_installer&element=component" Manger will be able to access the installer, is there any way to prevent this serious menu and installation to manager?

[Fotis]

If I remember correctly, even if "managers" access com_installer, they can't perform any actions. 

[whiteknight]

To restrict access to parts of the joomla backend menu, the easiest way is to hide these links from certain groups.

To restrict accessing a component by typing the URL in the browser address field by backend users without the appropriate permission, I found this hack to be working. The downside is, that you must do it for each component you want to restrict.

After the famous

Code:

defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' );

in file administrator/components/com_yourcomponent/admin.com_yourcomponent.php

place following codesnippet:

Code:

if (!($acl->acl_check( 'administration', 'edit', 'users', $my->usertype, 'components', 'all' )
        | $acl->acl_check( 'administration', 'edit', 'users', $my->usertype, 'components', 'com_yourcomponent' ))) {
        mosRedirect( 'index2.php', _NOT_AUTH );
}

So for com_jwmmxtd (the JW Media Manager XTD) it is:

Code:

if (!($acl->acl_check( 'administration', 'edit', 'users', $my->usertype, 'components', 'all' )
        | $acl->acl_check( 'administration', 'edit', 'users', $my->usertype, 'components', 'com_jwmmxtd' ))) {
        mosRedirect( 'index2.php', _NOT_AUTH );
}

In theory this should be done by joomla core even before the component code is loaded to avoid useless loading of never used code in a request?

[vice]

Hello guys just wondering if this tutorial is working with joomla 1.5

[Katia]

This tutorial is for Joomla 1.0 but soon there will be a relevant update for Joomla 1.5 too!

[mtaras]

It will be useful if there is update for 1.5

Thanks.

[techboi]

@Fotis & Katia,

Great work with everything guys, Joomla and this article... Just wondering if there has been any progress into a simillar solution for 1.5.x? I'm sorry if I sound impatient, but last time anyone else asked was back in January :-p

Thanks so much in advance,
Thar.

[tr2n]

Hello all, it has been some time, have anyone found a solution for joomla 1.5.x?

Thanks!

[crony]

The guy who'll explain that will be a hero, and get 10 virgins when hel'll died...

[Fotis]

In Joomla! 1.5.x - locate libraries/joomla/user/authorization.php

The edit the code like you would in Joomla! 1.0.x - quite simple

Now what would I do 10 virgin if I died? 

[crony]

Well, let's see what you wouldn't do anymore if you die... 

You pointed the very right file ! Thanks !!!!

Needs some polishing, but after reading carefully the thread for modules, and for others component, it should be good !

[crony]

Ok, I just need to get the syntax for adding some component that does not work directly with manager rights...
For example SH404Sef...

I tried to add this, but did not work...

Code:

$this->addACL( 'com_sh404sef', 'manage', 'users', 'manager' );
$this->addACL( 'com_sh404sef', 'edit', 'users', 'manager' );

Do you know what should it be ?
Might be more a SH404Sef problem related...Posted here:
http://extensions.siliana.com/forums/index.php?topic=11802.0

I couldn't make diseapear the "site" menu completely as well, I couldn't setup into tools reading and sending mails (massmail is functionning...)
Tried but failed on:

Code:

$this->addACL( 'com_messages', 'add', 'users', 'manager' );
$this->addACL( 'com_messages', 'manage', 'users', 'manager' );
$this->addACL( 'com_messages', 'edit', 'users', 'manager' );

any clue ? (and then it will be perfect )

[Fotis]

Don't forget that some component do some internal permission checkings as well. So even if you enable the menu item for the component for managers, it does not necessarily mean it will actually function.

Perhaps sh404sef does that.

[crony]

Hey Fotis !

Thanks, and you must be right, but it's a bit hard to know where to get this info...

I've created a post here :
http://extensions.siliana.com/forums/index.php?topic=11850.0

Found this usefull too:
http://api.joomla.org/Joomla-Framework/User/JAuthorization.html

[hasanur]

Hello Fotis,

thanks a lot for all your support. I have gone through your all post here and that helped me a lot.

I am facing one problem that have built a component for joomla 1.5.10 but cannot put restriction for users there. I want not to view Publish, Unpublish button for the manager and no new button for administrator but all for super administrator.

I want to make plugin for this but at first I tried to put direct code into authorize.php to see if this code works but did not, like the following code ..

$acl =& JFactory::getACL();
$acl->_mos_add_acl('com_edatacontrol', 'manage', 'users', 'super administrator');

from where I was expecting not to have manage access to the com_edatacontrol component other than super administrator but that did not work.

In the joomla core acl i can see permission given to joomla core components, modules but when I am creating any component that did not require anything to give access to that component.. why ?

thanks. waiting for your kind reply when you have time.

[markgraham]

Hello
I have found this thread very usefull but am stuck on something.
I would like to give the managers group level access to com_users, I have done this in user/authorization.php (joomla 1.5):
$this->addACL( 'com_users', 'manage', 'users', 'manager' );

Now the users appear in the admin area. BUT I'd like the managers to be able to edit the users and usergroups etc in the K2 component area. I can search and replace
if ($user->gid > 23) for gid > 22, then the links appear but I always get a 403 error when I try to access the k2users.

Can anyone help?
Thanks
Mark Graham

[rpt]

Hi Fotis and all,

Just wondered if there was any kind of solution for Joomla 1.5 where you can manually LIMIT particular components from being viewed by a user group, using this hack? This would mean that you can set managers to e.g. view ALL components (hence they get the Components menu in the backend) but then you would put in some kind of code line to HIDE the components you did NOT want them to view. EG something like -

$this->addACL( 'com_components', 'manage', 'users', 'manager' );
$this->hideACL( 'com_jce', 'manage', 'users', 'manager' );

- would show all components but hide JCE from the manager.

I need to say I am not a programmer so have no idea if this would easy or hard - but such a function would give the us FULL control over what appears in these backend menus for different access levels. Though it was worth asking.

Regards.