Upload
baijianpeng
View
4.764
Download
0
Embed Size (px)
DESCRIPTION
Joomla! 1.6 Access Control Proposal author: Amy Stephen
Citation preview
ACCESS CONTROL PROPOSALJoomla! 1.6
9/7/2009 [email protected]
EXISTING SITUATIONJoomla! 1.6 Access Control
9/7/2009 [email protected]
Joomla! 1.5
Access Control• One role per User
• System-wide Scope
Four types of permissions:
• System Access
• System Administration
• Content Development
• View Access
9/7/2009 [email protected]
Joomla! 1.5 ACL
System AccessTwo types:
• Registered – Frontend access only
• Special – Frontend and Administrator Access
A
B
19/7/2009 [email protected]
Joomla! 1.5 ACL
System Administration
Special Access Level –Ability to Logon to the Administrator:
• Manager – Backend Publisher
• Administrator – Users and Extensions
• Super Administrator -+ Site Template, Cache, Check-in and Global Configuration
29/7/2009 [email protected]
Joomla! 1.5 ACL
Content Development
Three levels of permission:• Author – Create and Edit what they created
• Editor – + Edit all
• Publisher – Plus Publish
39/7/2009 [email protected]
Joomla! 1.5 ACL
View AccessAccess Levels:• Public
• Registered – Logged on
• Special – Backend access
Defined for:•Categories
•Content
•Menu Items and Modules
49/7/2009 [email protected]
GOALS AND OBJECTIVESJoomla! 1.6 Access Control
9/7/2009 [email protected]
Joomla! 1.6 UX Access Control Goals:
Don’t design it poorly.
Don’t make it complicated.
Don’t make something stupid.9/7/2009 [email protected]
9/7/2009 [email protected]
No.
Joomla! 1.6 ACL Objectives
System Access
Ability to provide Administrator Access to Frontend users.
19/7/2009 [email protected]
Joomla! 1.6 ACL Objectives
System Administration
Ability to set up System Administration Groups and assign permissions that fit organizational roles.
Examples:• Advertising – Banners
• Designer – Templates and Modules
• Site Developer Team –All Extensions, Modules, Menus 2
9/7/2009 [email protected]
Joomla! 1.6 ACL Objectives
Content Development
Empower organizations to segment Content with Groups and Access Control Rules that fits their needs.
3
School
Elementary
1st Grade 2nd Grade
Administration
Principal
9/7/2009 [email protected]
Joomla! 1.6 ACL Objectives
View Access
Augment View Access Levels to facilitate sharing information based on roles, interest areas, responsibilities, or whatever the needs might be.
4
Products • Customers
Timesheets and
Assignments• Employees
Financials • Accountants
9/7/2009 [email protected]
USER MANAGERJoomla! 1.6 Access Control
9/7/2009 [email protected]
Joomla! 1.6 User Manager
OptionsSuggest moving Global Configuration –System – User Settings here.
A Legacy parameters that will continue to be used. Note: The fourth parameter, New User Registration Type, is defined on Group Listpage.
B Suggest adding three new parameters:
• Enable Users as Groups
• Enable Content Creator to Update
• Enable New Group Creation for View Level
The first new option helps with Group Creation when establishing the Access Levelfor the Frontend.
The second option enables Web masters to decide if updating is allowed after creation since updates post-Publishing has been problematic.
The final option is described in the View Access Level section, and is used to enable creation of new Groups when needed for Access Level in Content development.
9/7/2009 [email protected] 16
B
A
User Manager: Users ListA - Remove Groups Column, problematic since Users can be in multiple groupsB - Groups listbox can filter by Groups, including Custom GroupsC – Also, the proposed Members list will display one row per Username / Group
C
AB
9/7/2009 [email protected]
User Manager: Edit User: GroupsUser may be a member of multiple Groups. Groups can be added and removed on page. Note: consistent Widget UX object discussed in Group Edit.
9/7/2009 [email protected]
User Manager Groups –A – Default User Registration TypeB – System Groups C – Custom Groups
B
C
A
9/7/2009 [email protected]
Used to specify the Default value assigned to new Users
Registered is default Legacy value
Remove from Global Configuration.
9/7/2009 [email protected] 20
A
Joomla! 1.6 User Manager
Default User Registration Type
Joomla! 1.6 User Manager
System GroupsPublic
Frontend Visitors
No Membership Editing
Can create rules
Take Action on Assets associated with Public Access Levels
Exceptions? Concerns?
RegisteredLogged on Users
No Membership Editing
Can create rules
Take Action on Assets associated with Public and Registered Access Levels
Super AdministratorFull Control
Cannot delete
No Rule Editing
Can manage membership
Do not recommend adding Legacy System Groups: Author, Editor, Publisher, Manager, Administrator due to System Wide capabilities and confusion
9/7/2009 [email protected] 21
B
CUSTOM GROUPS, ACCESS CONTROL RULES, AND MEMBERS
Joomla! 1.6 Access Control
9/7/2009 [email protected]
Administrators Manage PluginsRules define Who? What? and Where?
GroupSpecifies who can perform this action.
ActionDescribes what can be done.
AssetSpecifies where this Action is allowed.
Accountants Publish
Articles within the
Fiscal Category
Joomla! 1.6 ACL Proposed Rules
Group-Action-Asset
9/7/2009 [email protected]
Joomla! 1.6 ACL Proposed Rules
Group-Action-Asset Recommended:
System Groups: Public, Published, Super Administrator
Custom Groups: Created, as needed, by Site Developer
In order for Groups to be useful, it is important that the Interface enable Users to create Groups at the point of selection. More later…
Groups define who can do something.
9/7/2009 [email protected]
Joomla! 1.6 ACL Proposed Rules
Group-Action-Asset Recommended:
Access: Login
Content-related: View, Respond, Create, Publish
Publish includes Update, Delete, and Archive
System Administration: Install, Manage, Uninstall
Actions describe what can be done. Extensions can use existing actions or add actions, as needed.
9/7/2009 [email protected]
Joomla! 1.6 ACL Proposed Rules
Group-Action-Asset
Recommended:
All Access• Site (Frontend) Access• Administrator Access
All Content• Articles, Banners, Contacts, Contact Form,
Comments, Media, Newsfeed, Ratings, and Web Links
• Content Assets can be further specified by Category or Content Item
All AdministrationSite Development• Global Configuration, Installer, Languages,
Menus, Modules, Plugins, Templates System Management:• Cache, Check-in, Mass Mail, Messages, Redirect,
Users
Assets describe where an Action is allowed.
Content, Menu Item, and Module Assets can further restrict Actions to a Category or Item
Accountants Publish Articles within the Fiscal Category.
Parents View Menu Item Upcoming Events.
9/7/2009 [email protected]
User Manager Group- Group Name
-Suggest Removing Parent- Manage ACL Rules Widget- Manage Group Member Widget- Proposed Widgets are Edit areas with List, Sort, Filter, Add, and Delete functions.
1
2
9/7/2009 [email protected]
ACL Rules WidgetAdd Rule1. ACL Rules Widget on Group page.2. Press Add Rule.3. Widget slides open exposing Add Rule Form with
only the populated Action list box.4. Select Action. 5. Request sent and Asset list box is populated with
entries appropriate for selected Action.6. Select Asset.7. If Asset is type of Content, Menu, or Module, a
request is sent and the Categories list box populated with entries appropriate for the selected Asset. (Or, Menu Items or Module names).
8. Select Category (Or, Menu Item or Module name).9. Request sent and the Content Item list box is
populated with entries for that Category. The Apply Rule to Child Objects checkbox is presented.
10. Optionally, select Content Item and Apply Rule to Child Objects listbox.
11. Press Add Rule to process change. ACL Rules widget closes.
Delete Rule1. Sort, Scroll, Filter, or Search for Rule.2. Press X to the right of the Rule.3. Respond to Prompt, Apply Rule Removal to Child
Objects.
1
9/7/2009 [email protected]
Group Members WidgetAdd Member
1. Group Members Widget on Group page.
2. Press Add Member.
3. Widget slides open exposing Add Member Form.
4. Enter Name in Autosuggest Listbox.
5. Select Name .
6. Press Add Member to process change. Group Member Widget closes with added Member.
Delete Member
1. Sort, Scroll, Filter, or Search for Member.
2. Press X to the right of the Member.
3. Widget slides open exposing Add Member Form.
4. Respond to Prompt confirming Delete. Group Member Widget presents without Member.
2
9/7/2009 [email protected]
Rules List-Good resource to sort by Action, Asset, Category, Item, and Group-Ex. find all Groups w Web links access
9/7/2009 [email protected]
Member List-Good resource to sort by Username, Name, and Group
9/7/2009 [email protected]
VIEW ACCESS LEVEL FOR CONTENT, MENU ITEMS, MODULES
Joomla! 1.6 Access Control
9/7/2009 [email protected]
Joomla! 1.6 Access Control
View Access Level
Access Level defines who can View content from the Frontend. In 1.5, default is “Public” and can be changed to “Registered” or “Special.”
Recommendations for Joomla! 1.6:
Build list of Access Level values from the list of System and Custom Group Names.
Default Access Level to Parent value(s). (Remove default in Global Configuration).
Remove Access Column in all List Views since it is no longer required to be a single value. The Access Listbox should remain allowing identification of content for that selected Access Level (Group).
9/7/2009 [email protected] 33
1
2
Joomla! 1.6 ACL Proposed Rules
View Access LevelDefault Access Level to Parent value(s).
Publish permission required before Access Level can be changed, otherwise, hide this Widget.
View Access Level Widget:
Group(s) Selection and Removal Widget enables search for Group. Multiple Groups can be selected for Access Level.
New Group Creation – Add User Manager Option “Enable New Group Creation for View Level.” If Parameter is activated, Widget should allow the creation of a Group and automatically add a View Access Rule for the current Object. The Widget should also enable search and selection of Group Members. Note: Use Group Member Widget with Group Name field.
If additional changes are desired for the new Group, those changes should be made in the User Manager to ensure proper access.
This Widget should be available everywhere the Access List selection is required.
9/7/2009 [email protected]
USE CASEJoomla! 1.6 Access Control
9/7/2009 [email protected]
Use Case: Elementary School
9/7/2009 [email protected]
Elementary
Office
Internal
External
Classroom
News
Showcase
Portfolios Student
1. Create Categories
2. Create Pages
3. Create Users
4. Create Groups
5. Assign Members
6. Assign Rules
7. Create Menus
8. Create Menu Items
9. Create Modules
10. Create Templates
Joomla! 1.6 ACL Use Case
Design Test
9/7/2009 [email protected]
1. Create Categories
2. Create Pages
3. Create Users
4. Create Groups
5. Assign Members
6. Assign Rules
7. Create Menus
8. Create Menu Items
9. Create Modules
10. Create TemplatesOffice Staff - Jean, SamFaculty - Lou, AddisonThe Student - RainbowParents - Stormy, Skye
Joomla! 1.6 ACL Use Case
Design Test
9/7/2009 [email protected]
1. Create Categories
2. Create Pages
3. Create Users
4. Create Groups
5. Assign Members
6. Assign Rules
7. Create Menus
8. Create Menu Items
9. Create Modules
10. Create Templates
Group Action Asset Category Item Members
Public View Articles Office External News
View Articles Classroom
View Menu Item Showcase
View Menu Item News
View Menu Item Office
View Menu Item External News
Respond Comments News
Registered View Menu Item News
Super Administrator Sam
Content Administrator Access Administrator Jean
Publish All Content
Manage Users
Manage Modules
Manage Template
Faculty Access Administrator Lou, Addison
Create Articles Internal News
View Menu Item Internal News
Office Staff Publish Articles Office Internal News Jean, Sam
Publish Articles Office External News
View Menu Item Office
Students Create Articles Student Rainbox
Response Comment Student
Parents Response Comment Student Stormy, Skye
Teacher Publish Articles Student Lou
Response Comment Student
Publish Articles News
Joomla! 1.6 ACL Use Case
Design Test
9/7/2009 [email protected]
The proposed design provides for these recommendations:
• The Access Control, Group, Membership Widgets must be flexible, not require page load or visit to another page.
• Widgets must link all information together so that every necessary configuration –be it the Group, Member List, Rules, and even multiple sets of such, are easy to iteratively complete.
• Widgets must be provided to create View Level Access Groups and define Members to create a truly usable interface.
Access Control Custom Groups and Rules are very powerful and flexible. I do not foresee concerns about major limitations. It should be adequate for any custom need I can imagine.
I do have concerns about usability. Even with my very small Use Case, the configuration required to implement the design – on paper – was considerable.
Consider, in Joomla! 1.5:
•Each User could have only one Group.
•Each content Item, Menu, Menu Item and Module could only have on Group, and typically that remained the default Public value.
Consider the difference for Joomla! 1.6:
When Groups, Membership, and three-part Group-Action-Asset Rules are created and applied to cascading layers of Components, Categories, Items, Menus, Menu Items, and Modules.
In short, User Interface will make or break Access Control in Joomla! 1.6.
Joomla! 1.6 ACL Use Case
Design Test Conclusion
9/7/2009 [email protected]