Joomla! Issue Tracker - CMS

Download
Launch
Feeling Lucky

[#20007] - Feature Request: ACL Permissions view, sectional headers

?
avatar venomDeved
venomDeved
27 Mar 2018

Hi, I am building a component that requires multiple access levels for different sections of the component. A quick example would be for a store manager and a warehouse manager using a sales/inventory component.

The permissions I need would require a number of stores that the store manager can control and a warehouse manager manages the stock in each store. In the access levels I would provide this like

core.admin
core.admin.store
core.admin.warehouse
core.create.staff
core.delete.staff
core.edit.staff
core.create.stock
core.delete.stock
core.edit.stock

Having a huge list of access levels looks confusing on the permissions screen but is necessary to provide fine grade control in the admin views. Anyone without core.admin.warehouse would not see the warehouse side bar menu option and anyone without the core.admin.store would not see the stores side bar menu option.

What I propose is either being able to add multiple sections to the rules input in the form manifest so that each included section is listed with a fieldset title, or within a section between the actions is a simple type field in the access.xml manifest. This will break up the sections just to make it easier on the admin to edit the different parts for ACL permissions.

So the access.xml might look something like

<action name="core.admin">

<heading name="stores">
<action name="core.admin.store">
<action name="core.create.staff">
<action name="core.delete.staff">
<action name="core.edit.staff">

<heading name="warehouse">
<action name="core.admin.warehouse">
<action name="core.create.stock">
<action name="core.delete.stock">
<action name="core.edit.stock">

and the heading would simply be a

  <tr><th colspan="3">Store</th></tr>

between the actions

I think with the current code in form/fields/rules.php it might be a simple solution to add to the actions a new property and test for the property, or if the name property is missing it automatically becomes a heading/separator row.

<action label="Stores" type="heading">
<action name="core.admin.store">
<action name="core.create.staff">
<action name="core.delete.staff">
<action name="core.edit.staff">

and then the $actions as $action loop wouldn't need to be changed greatly

avatar venomDeved venomDeved - open - 27 Mar 2018
avatar joomla-cms-bot joomla-cms-bot - change - 27 Mar 2018
Labels Added: ?
avatar joomla-cms-bot joomla-cms-bot - labeled - 27 Mar 2018
avatar venomDeved venomDeved - change - 27 Mar 2018
The description was changed
avatar venomDeved venomDeved - edited - 27 Mar 2018
avatar mbabker
mbabker - comment - 27 Mar 2018

Personally, I don't think the access.xml file should be used to introduce what is in essence a styling/formatting element with no purpose in the actual ACL system (especially using the <action> tag, that to me is just asking for problems in sources which are parsing the XML schemas). Now if it were possible to add something like a group element within sections that could serve some type of purpose, that'd be a different story, but that would need a pretty good definition on what the functionality would be.

<section name="component">
    <action name="core.admin">
    <group name="store">
        <action name="core.admin.store" />
    </group>
</section>
avatar venomDeved
venomDeved - comment - 27 Mar 2018

@mbabker this would be a much better structure and would add the required functionality.

Would it be practical to change just the form/fields/rules.php to support multiple sections in the config.xml?

<field name="rules"
  type="rules">
    <section>component</section>
    <section>stores</section>
    <section>warehouse</section>
</field>

and in access.xml

<section name="component">
    <action name="core.admin">
</section>

<section name="stores">
    <action name="core.admin.store">
    <action name="core.create.store">
</section>

<section name="warehouse">
    <action name="core.admin.warehouse">
    <action name="core.create.warehouse">
</section>

I'm not sure if this would affect any other part of the access control code for validating user permissions.

avatar franz-wohlkoenig franz-wohlkoenig - change - 28 Mar 2018
Status New Discussion
avatar franz-wohlkoenig franz-wohlkoenig - change - 28 Mar 2018
Category Feature Request Fields
avatar ggppdk
ggppdk - comment - 28 Mar 2018

@mbabker

i have hit on same problem with big listing of ACL rules, and my current approach, is to inject sectional headers into the DOM using javascript after page loads.

It is intimidating and very difficult to the users to edit long lists of ACL rules without having any logical grouping

Is there an appropriate way that this can be implemented ?

avatar franz-wohlkoenig franz-wohlkoenig - change - 28 Mar 2018
Status Discussion Closed
Closed_Date 0000-00-00 00:00:00 2018-03-28 09:20:03
Closed_By franz-wohlkoenig
avatar joomla-cms-bot joomla-cms-bot - change - 28 Mar 2018
Closed_By franz-wohlkoenig joomla-cms-bot
avatar joomla-cms-bot joomla-cms-bot - close - 28 Mar 2018
avatar joomla-cms-bot
joomla-cms-bot - comment - 28 Mar 2018

Set to "closed" on behalf of @franz-wohlkoenig by The JTracker Application at issues.joomla.org/joomla-cms/20007

avatar franz-wohlkoenig
franz-wohlkoenig - comment - 28 Mar 2018

closed as having Pull Request #20012

avatar mbabker
mbabker - comment - 28 Mar 2018

Would it be practical to change just the form/fields/rules.php to support multiple sections in the config.xml?

Potentially.

Just remember though that our ACL doesn't consider sections as groups in the same context you originally suggested (a section defines the ACL for a specific part of your component, i.e. the full component, a component's categories, etc.; if you're needing to group a large number of permissions under one section I'm not so sure using sections in this way actually addresses your issue).

Add a Comment

Login with GitHub to post a comment