J3.x

J3.x:Developing an MVC Component/Adding Access

From Joomla! Documentation

< J3.x:Developing an MVC Component
Revision as of 18:44, 29 December 2018 by Robbiej (talk | contribs) (introductory and bottom sections added)
Joomla! 
3.x
Tutorial
Developing an MVC Component

Articles in This Series

  1. Introduction
  2. Developing a Basic Component
  3. Adding a View to the Site Part
  4. Adding a Menu Type to the Site Part
  5. Adding a Model to the Site Part
  6. Adding a Variable Request in the Menu Type
  7. Using the Database
  8. Basic Backend
  9. Adding Language Management
  10. Adding Backend Actions
  11. Adding Decorations to the Backend
  12. Adding Verifications
  13. Adding Categories
  14. Adding Configuration
  15. Adding ACL
  16. Adding an Install/Uninstall/Update Script File
  17. Adding a Frontend Form
  18. Adding an Image
  19. Adding a Map
  20. Adding AJAX
  21. Adding an Alias
  22. Using the Language Filter Facility
  23. Adding a Modal
  24. Adding Associations
  25. Adding Checkout
  26. Adding Ordering
  27. Adding Levels
  28. Adding Versioning
  29. Adding Tags
  30. Adding Access
  31. Adding a Batch Process
  32. Adding Cache
  33. Adding a Feed
  34. Adding an Update Server
  35. Adding Custom Fields
  36. Upgrading to Joomla4



This is a multiple-article series of tutorials on how to develop a Model-View-Controller Component for Joomla! VersionJoomla 3.x.

Begin with the Introduction, and navigate the articles in this series by using the navigation button at the bottom or the box to the right (the Articles in this series).



This tutorial is part of the Developing an MVC Component for Joomla! 3.2 tutorial. You are encouraged to read the previous parts of the tutorial before reading this.

In this step we add access capability to our component, which allows us to restrict the set of users who can view our helloworld data. This step really fits before Adding ACL, but is added belatedly for completeness here.

There is a video accompanying this step (which was originally produced at the same time as the other videos for ACL) available at Access Levels.

Under Construction!

Introduction

If you're not familiar with Access within Joomla, then it's worthwhile playing around with the functionality – setting access on menuitems and articles, setting the accesslevels of user groups (and hence of users), and confirming that users can see only the items to which they have been granted access. This works on both the site front end, and the admin back end.

The diagram shows how Joomla user access levels work.

Joomla Access Levels
Joomla Access Levels

Each item – eg an article, a menuitem, or in our case a helloworld record – has an access level assigned.

Each user is assigned one or more user groups, and user groups have a hierarchical (tree) structure, so that if a user belongs to a user group which is a child of another, then that user is also a member of the parent user group.

Each access level has one more associated user groups, who will then have view access to items which have that access level.

When the user requests to view a particular item, then the functionality

  1. obtains the set of accesslevels that the user has
  2. checks if the accesslevel of the requested item is within the set of accesslevels of that user
  3. if it is, then the item is presented to the user
  4. if it isn't, then an HTTP response with status 403 (forbidden) is returned.

Approach

To enable us to have an Access Level against a helloworld record, we need to specify a new field in the database, which we'll call "access". We'll set the database default value of this access field to be 1, which means that by default everyone can see the record.

To enable the administrator to set this field, we will add an Access field within the back-end edit form, and we use the "accesslevel" field type within the Joomla standard form field types. As is often the case, this field will get automatically saved to the "access" field in the database by our existing code.

On our administrator helloworlds view we'll add a column to display the Access Level assigned to that item. This will involve a change to the layout file to display the column. We also want to restrict the administrator to only those helloworld records that he/she has access to view, so this will involve a filter within the SQL query in our model.

The key Joomla method which we use to find the accesslevels which a user has is JUser::getAuthorisedViewLevels(), and for a user to be allowed to view an item, the item's accesslevel must be within the array of accesslevels returned by getAuthorisedViewLevels(). This is true for both front end and back end.

We will also follow the pattern in Joomla, which specifies that to view an item the user must have access to both the item itself and to the category (if any) associated with the item. Joomla already allows us to set an accesslevel against a category, and where categories are being displayed (both on front end and back end) it filters them to show only those which the user is entitled to see. However, we must write the code in the case where we're displaying helloworld records, to check that the user is entitled to view the associated category as well.

On the front end, whenever a single helloworld record is displayed, we will have to check that the user has access to that record, and if not, return an HTTP status 403.

If a number of helloworld records are being displayed, then we will change the SQL query to filter by the set of accesslevels which the user has.

Finally, as helloworld records may be viewed (to a certain extent) via the tags functionality, we update our field mappings so that our access field is copied into the ucm_content table. This means that the same restrictions will apply to viewing both the helloworld record and its copy in the ucm_content table.


Packaging the Component

Contents of your code directory. Each file link below takes you to the step in the tutorial which has the latest version of that source code file.

helloworld.xml 

<?xml version="1.0" encoding="utf-8"?>
<extension type="component" version="3.0" method="upgrade">

	<name>COM_HELLOWORLD</name>
	<!-- The following elements are optional and free of formatting constraints -->
	<creationDate>January 2018</creationDate>
	<author>John Doe</author>
	<authorEmail>john.doe@example.org</authorEmail>
	<authorUrl>http://www.example.org</authorUrl>
	<copyright>Copyright Info</copyright>
	<license>License Info</license>
	<!--  The version string is recorded in the components table -->
	<version>0.0.29</version>
	<!-- The description is optional and defaults to the name -->
	<description>COM_HELLOWORLD_DESCRIPTION</description>

	<!-- Runs on install/uninstall/update; New in 2.5 -->
	<scriptfile>script.php</scriptfile>

	<install> <!-- Runs on install -->
		<sql>
			<file driver="mysql" charset="utf8">sql/install.mysql.utf8.sql</file>
		</sql>
	</install>
	<uninstall> <!-- Runs on uninstall -->
		<sql>
			<file driver="mysql" charset="utf8">sql/uninstall.mysql.utf8.sql</file>
		</sql>
	</uninstall>
	<update> <!-- Runs on update; New since J2.5 -->
		<schemas>
			<schemapath type="mysql">sql/updates/mysql</schemapath>
		</schemas>
	</update>

	<!-- Site Main File Copy Section -->
	<!-- Note the folder attribute: This attribute describes the folder
		to copy FROM in the package to install therefore files copied
		in this section are copied from /site/ in the package -->
	<files folder="site">
		<filename>index.html</filename>
		<filename>helloworld.php</filename>
		<filename>controller.php</filename>
		<filename>router.php</filename>
		<folder>controllers</folder>
		<folder>views</folder>
		<folder>models</folder>
		<folder>helpers</folder>
	</files>

		<languages folder="site/language">
			<language tag="en-GB">en-GB/en-GB.com_helloworld.ini</language>
			<language tag="fr-FR">fr-FR/fr-FR.com_helloworld.ini</language>
		</languages>

	<media destination="com_helloworld" folder="media">
		<filename>index.html</filename>
		<folder>images</folder>
		<folder>js</folder>
		<folder>css</folder>
	</media>

	<administration>
		<!-- Administration Menu Section -->
		<menu link='index.php?option=com_helloworld' img="../media/com_helloworld/images/tux-16x16.png">COM_HELLOWORLD_MENU</menu>
		<!-- Administration Main File Copy Section -->
		<!-- Note the folder attribute: This attribute describes the folder
			to copy FROM in the package to install therefore files copied
			in this section are copied from /admin/ in the package -->
		<files folder="admin">
			<!-- Admin Main File Copy Section -->
			<filename>index.html</filename>
			<filename>config.xml</filename>
			<filename>helloworld.php</filename>
			<filename>controller.php</filename>
			<filename>access.xml</filename>
			<!-- SQL files section -->
			<folder>sql</folder>
			<!-- tables files section -->
			<folder>tables</folder>
			<!-- models files section -->
			<folder>models</folder>
			<!-- views files section -->
			<folder>views</folder>
			<!-- controllers files section -->
			<folder>controllers</folder>
			<!-- helpers files section -->
			<folder>helpers</folder>
		</files>
		<languages folder="admin/language">
			<language tag="en-GB">en-GB/en-GB.com_helloworld.ini</language>
			<language tag="en-GB">en-GB/en-GB.com_helloworld.sys.ini</language>
			<language tag="fr-FR">fr-FR/fr-FR.com_helloworld.ini</language>
			<language tag="fr-FR">fr-FR/fr-FR.com_helloworld.sys.ini</language>
		</languages>
	</administration>

</extension>

Contributors

Prev: Adding Tags
Next: Adding a batch process
Retrieved from "https://docs.sandbox.joomla.org/index.php?title=J3.x:Developing_an_MVC_Component/Adding_Access&oldid=585863"