Reputation: 21
Joomla 2.5 ACL restrict to specific features/views
I seem to be having a problem identifying how to restrict Joomla 2.5 back-end users to specific features / Views in a custom component I am writing. According to my understanding I should be able to add my views as a section in the access.xml file. I have attempted this by naming a section the same name as my view but I don't seem to be able to change the access to that view independently from the component as a whole. Does anybody have a more in depth example I can review or tips? Is this even possible?
Upvotes: 2
Views: 706
Answers (1)
Reputation: 656
I believe what you are trying to do is not supported by Joomla. My suggestion is to add a custom rule for views in access.xml
<section name="component">
<action name="core.admin" title="JACTION_ADMIN" description="JACTION_ADMIN_COMPONENT_DESC" />
<action name="core.manage" title="JACTION_MANAGE" description="JACTION_MANAGE_COMPONENT_DESC" />
<action name="core.create" title="JACTION_CREATE" description="JACTION_CREATE_COMPONENT_DESC" />
<action name="core.delete" title="JACTION_DELETE" description="JACTION_DELETE_COMPONENT_DESC" />
<action name="core.edit" title="JACTION_EDIT" description="JACTION_EDIT_COMPONENT_DESC" />
<action name="core.edit.state" title="JACTION_EDITSTATE" description="COM_CATEGORIES_ACCESS_EDITSTATE_DESC" />
</section>
<section name="views">
<action name="core.admin" title="JACTION_ADMIN" description="JACTION_ADMIN_COMPONENT_DESC" />
</section>
Then save your view in the #__assets table with a name like com_component.view.playerlist,
in the rules field you should save a JSON encoded list of your rules:
{"core.admin":{}}
You can check if current user can or cannot access a determinate section using JAccess
$user_id=JFactory::getUser()->id;
$has_permission = JAccess::check($user_id,'core.admin','com_component.view.playerlist');
if($has_permission){
draw_view();
}else{
JError::riseError(403,JText::_('PERMISSION_DENIED'));
// or
JError::raiseWarning(403,JText::_('PERMISSION_DENIED'));
}
If you have any doubt, feel free to comment.
Upvotes: 1
Related Questions
- joomla 3.0 site component access control
- ACL in joomla (access control list)?
- joomla forbid direct access to components and modules
- Joomla Component Permissions
- ACL for Joomla Component
- To implement new type ACL in joomla 2.5
- How to Set Access for a specific user to specific module in backend Joomla 2.5.4?
- Joomla ACL: Only allow access to custom component in the backend?
- Displaying specific content to specific user in Joomla 1.5
- Restricted Access in Joomla file