CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site
This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Installing CiviCRM »
  • Joomla! Installations (Moderator: Deepak Srivastava) »
  • Feedback needed for Joomla ACL configuration
Pages: [1]

Author Topic: Feedback needed for Joomla ACL configuration  (Read 3924 times)

nant

  • I post frequently
  • ***
  • Posts: 143
  • Karma: 4
    • Joomlapolis
  • CiviCRM version: 4.3.4
  • CMS version: Joomla 2.5.11
  • MySQL version: 5
  • PHP version: 5.3
Feedback needed for Joomla ACL configuration
October 07, 2012, 02:36:55 am
Ok, I have been browsing through the forums and I have noticed that Joomla ACL feedback has been requested in many threads.

Here is my contribution and hopefully a CiviCRM developer/expert will assist.

I am working on Joomla 2.5.6 and CiviCRM 4.2.0.

What I am trying to achieve is to allow access to CiviCRM component (from Joomla backend) without giving any additional Joomla administration privileges. I assume this is possible as Joomla does allow this with the ACL changes in version 2.5+.

A relevant article I have been using as an example is this one:
http://docs.joomla.org/Access_Control_List/2.5/Tutorial#Back-end_Article_Administrator

I have followed this logic by creating a new Joomla ACL group called CiviCRM Admin (child of Public as instructed by the Joomla tutorial). As the CiviCRM component does not have an Options button (like all other Joomla components do in backend) I found the

CiviCRM » Administer CiviCRM
Access Control

section and was able to see the permitted actions in the new group I created.

However, this does not include the basic Joomla related actions (Site Login, Admin Login, Super Admin, Access Component, etc.) as the tutorial Article component example illustrates.

This means the newly created Joomla ACL group can never be granted privileges to login to Joomla backend and thus can never reach the CiviCRM component.

Have I missed something or is this not feasible?

Thanking any expert in advance - I will post followup feedback if I can get things working...
--
Nick (aka nant from CB Team)

nant

  • I post frequently
  • ***
  • Posts: 143
  • Karma: 4
    • Joomlapolis
  • CiviCRM version: 4.3.4
  • CMS version: Joomla 2.5.11
  • MySQL version: 5
  • PHP version: 5.3
Re: Feedback needed for Joomla ACL configuration
October 07, 2012, 02:48:12 am
Followup:

A Joomla Administrator user (not the superadmin) gets following error message when trying to access the CiviCRM component after logging in backend Joomla area:

CiviCRM-001 - An error has occurred.
Sorry but we are not able to provide this at the moment.
You do not have permission to access this page
Return to home page.

Return to Control Panel

Call stack
#   Function   Location
1   JAdministrator->dispatch()   /Users/nick/Documents/JOOMLAPOLIS/DEV/SITES/civicrm/administrator/index.php:46
2   JComponentHelper::renderComponent()   /Users/nick/Documents/JOOMLAPOLIS/DEV/SITES/civicrm/administrator/includes/application.php:153
3   JComponentHelper::executeComponent()   /Users/nick/Documents/JOOMLAPOLIS/DEV/SITES/civicrm/libraries/joomla/application/component/helper.php:351
4   require_once()   /Users/nick/Documents/JOOMLAPOLIS/DEV/SITES/civicrm/libraries/joomla/application/component/helper.php:383
5   civicrm_invoke()   /Users/nick/Documents/JOOMLAPOLIS/DEV/SITES/civicrm/administrator/components/com_civicrm/admin.civicrm.php:40
6   CRM_Core_Invoke::invoke()   /Users/nick/Documents/JOOMLAPOLIS/DEV/SITES/civicrm/administrator/components/com_civicrm/admin.civicrm.php:87
7   CRM_Utils_System::permissionDenied()   /Users/nick/Documents/JOOMLAPOLIS/DEV/SITES/civicrm/administrator/components/com_civicrm/civicrm/CRM/Core/Invoke.php:131
8   CRM_Utils_System_Joomla->permissionDenied()   /Users/nick/Documents/JOOMLAPOLIS/DEV/SITES/civicrm/administrator/components/com_civicrm/civicrm/CRM/Utils/System.php:212
9   CRM_Core_Error::fatal()   /Users/nick/Documents/JOOMLAPOLIS/DEV/SITES/civicrm/administrator/components/com_civicrm/civicrm/CRM/Utils/System/Joomla.php:485
10   JError::raiseError()   /Users/nick/Documents/JOOMLAPOLIS/DEV/SITES/civicrm/administrator/components/com_civicrm/civicrm/CRM/Core/Error.php:305
11   JError::raise()   /Users/nick/Documents/JOOMLAPOLIS/DEV/SITES/civicrm/libraries/joomla/error/error.php:251

---

So at the moment, it looks like the only way I can access CiviCRM backend is as a Joomla superadmin.
As you can determine this is not really an alternative.
« Last Edit: October 07, 2012, 02:51:33 am by nant »
--
Nick (aka nant from CB Team)

nant

  • I post frequently
  • ***
  • Posts: 143
  • Karma: 4
    • Joomlapolis
  • CiviCRM version: 4.3.4
  • CMS version: Joomla 2.5.11
  • MySQL version: 5
  • PHP version: 5.3
Re: Feedback needed for Joomla ACL configuration
October 07, 2012, 04:21:27 am
Yet more followup.

Was able to get my new CiviCRM Admin properly configured (had forgotten the Global permissions step in the Joomla tutorial).

I am now able to login to Joomla backend and have access to the CiviCRM area without having any Joomla site related privileges.

--
Nick (aka nant from CB Team)

nant

  • I post frequently
  • ***
  • Posts: 143
  • Karma: 4
    • Joomlapolis
  • CiviCRM version: 4.3.4
  • CMS version: Joomla 2.5.11
  • MySQL version: 5
  • PHP version: 5.3
Re: Feedback needed for Joomla ACL configuration
October 07, 2012, 11:41:54 am
More feedback.

In my initial test I gave the Joomla ACL group Allowed access to each available action.

So basically I just gave access to everything.

I now tried to login as a user in the Joomla Administrator group (not superadmin).

The CiviCRM component shows up in Joomla backend, but selecting it gives me the (seems familiar now) error:
---
CiviCRM-001 - An error has occurred.
Sorry but we are not able to provide this at the moment.
You do not have permission to access this page
Return to home page.

Return to Control Panel

Call stack
#   Function   Location
1   JAdministrator->dispatch()   /Users/nick/Documents/JOOMLAPOLIS/DEV/SITES/civicrm/administrator/index.php:46
2   JComponentHelper::renderComponent()   /Users/nick/Documents/JOOMLAPOLIS/DEV/SITES/civicrm/administrator/includes/application.php:153
3   JComponentHelper::executeComponent()   /Users/nick/Documents/JOOMLAPOLIS/DEV/SITES/civicrm/libraries/joomla/application/component/helper.php:351
4   require_once()   /Users/nick/Documents/JOOMLAPOLIS/DEV/SITES/civicrm/libraries/joomla/application/component/helper.php:383
5   civicrm_invoke()   /Users/nick/Documents/JOOMLAPOLIS/DEV/SITES/civicrm/administrator/components/com_civicrm/admin.civicrm.php:40
6   CRM_Core_Invoke::invoke()   /Users/nick/Documents/JOOMLAPOLIS/DEV/SITES/civicrm/administrator/components/com_civicrm/admin.civicrm.php:87
7   CRM_Utils_System::permissionDenied()   /Users/nick/Documents/JOOMLAPOLIS/DEV/SITES/civicrm/administrator/components/com_civicrm/civicrm/CRM/Core/Invoke.php:131
8   CRM_Utils_System_Joomla->permissionDenied()   /Users/nick/Documents/JOOMLAPOLIS/DEV/SITES/civicrm/administrator/components/com_civicrm/civicrm/CRM/Utils/System.php:212
9   CRM_Core_Error::fatal()   /Users/nick/Documents/JOOMLAPOLIS/DEV/SITES/civicrm/administrator/components/com_civicrm/civicrm/CRM/Utils/System/Joomla.php:485
10   JError::raiseError()   /Users/nick/Documents/JOOMLAPOLIS/DEV/SITES/civicrm/administrator/components/com_civicrm/civicrm/CRM/Core/Error.php:305
11   JError::raise()   /Users/nick/Documents/JOOMLAPOLIS/DEV/SITES/civicrm/libraries/joomla/error/error.php:251
---

Any feedback on this?
What actions need to be allowed to not get this in backend?

Also for any devs reading - I think such errors need to be caught and displayed as more meaningful messages.
--
Nick (aka nant from CB Team)

Donald Lobo

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 15963
  • Karma: 470
    • CiviCRM site
  • CiviCRM version: 4.2+
  • CMS version: Drupal 7, Joomla 2.5+
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: Feedback needed for Joomla ACL configuration
October 07, 2012, 05:35:41 pm

is the user in the Allowed group? would be great if you can debug the code and figure out why joomla / civi does not recognize that the user has permission to do the task

if you are a joomla dev or org using civi-joomla, would be great if you can contribute patches and/or resources to improve the integration.  There is a scarcity of joomla devs within civi and would be good to grow that group

lobo
A new CiviCRM Q&A resource needs YOUR help to get started. Visit our StackExchange proposed site, sign up and vote on 5 questions

nant

  • I post frequently
  • ***
  • Posts: 143
  • Karma: 4
    • Joomlapolis
  • CiviCRM version: 4.3.4
  • CMS version: Joomla 2.5.11
  • MySQL version: 5
  • PHP version: 5.3
Re: Feedback needed for Joomla ACL configuration
October 08, 2012, 12:26:21 am
Quote from: Donald Lobo on October 07, 2012, 05:35:41 pm

is the user in the Allowed group? would be great if you can debug the code and figure out why joomla / civi does not recognize that the user has permission to do the task

if you are a joomla dev or org using civi-joomla, would be great if you can contribute patches and/or resources to improve the integration.  There is a scarcity of joomla devs within civi and would be good to grow that group

lobo

Thanks again for responding.

To be honest, I am having difficulty understanding fundamental aspects of the integration, so I am not sure if what I am seeing is a bug or a feature.

Please see my other thread on this same forum area.
--
Nick (aka nant from CB Team)
Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Installing CiviCRM »
  • Joomla! Installations (Moderator: Deepak Srivastava) »
  • Feedback needed for Joomla ACL configuration

This forum was archived on 2017-11-26.