CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site
This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Developer Discussion (Moderator: Donald Lobo) »
  • Joomla and groups for access control
Pages: [1]

Author Topic: Joomla and groups for access control  (Read 1958 times)

rogerco

  • I post occasionally
  • **
  • Posts: 66
  • Karma: 5
Joomla and groups for access control
June 17, 2008, 08:50:36 am
Cross posted this from the support suggestions topic because I now realise this might be a more appropriate place for technical replies  ;)

I've been grappling with and thinking of workarounds for the problem of wanting to control exposure to profiles in the Joomla front end - I need more granularity than the simple Joomla hierarchy of user/registered/special.

It occurred to me that one approach might be simply to modify the com_civicrm component for Joomla so that it offered an additional parameter to specify a group id who were allowed to access the particular CiviCRM task being specified in the menu item.

Looking at the com_civicrm code it looks like it should be possible to call the API function civicrm_group_contact_get() after the existing call to CRM_Core_BAO_UFMatch::synchronize() - which presumably can tell us if there is a matching CiviCRM user and its id.

civicrm_group_contact_get() will return a list of groups that the contact belongs to, if our specified group is in the list then call CRM_Core_Invoke otherwise report not authorised.

A corresponding change would be required in admin.civicrm.php to set up the new parameter which would be the id of the group who were allowed access to the option.

Using this approach the menu item would be visible to all registered (or special) users as specified by the standard Joomla means, but the item would only work when clicked if there was a CiviCRM contact matching the logged in Joomla user and who was a member of the appropriate group.

Ideally it would work with smart groups as well but I'm not clear if the API civicrm_group_contact_get works with them? Even if it was only with fixed groups it would be a big step forwards.

Is this an idea worth pursuing or am I failing to understand something basic.

RogerCO
UK

Donald Lobo

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 15963
  • Karma: 470
    • CiviCRM site
  • CiviCRM version: 4.2+
  • CMS version: Drupal 7, Joomla 2.5+
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: Joomla and groups for access control
June 17, 2008, 02:11:07 pm

One potential way of tackling this is to expose ACL support in Joomla :) We've done this with standalone in 2.0 and can potentially also do it with Joomla. You need to get an idea of how to structure thing with ACL's and help resolve any issues that come up

The code fixes are relatively trivial. If you can get on IRC, we can help u get going. The two files u need to change are:

1. CRM/Core/Permission/Joomla.php, function check( ). Merge this with the same function call from Standalone.php. You will need to tweak this function to give backend permission for everything and just use ACL's for the frontend (based on your needs etc)

2. CRM/Admin/Page/Access.tpl , line 32. Enable ACLBasic for Joomla also

lobo
A new CiviCRM Q&A resource needs YOUR help to get started. Visit our StackExchange proposed site, sign up and vote on 5 questions

petednz

  • Forum Godess / God
  • I’m (like) Lobo ;)
  • *****
  • Posts: 4899
  • Karma: 193
    • Fuzion
  • CiviCRM version: 3.x - 4.x
  • CMS version: Drupal 6 and 7
Re: Joomla and groups for access control
June 18, 2008, 12:57:04 pm
Hey Roger - for the NZ Greens we have done a whole lot of work so we can use custom data such as 'region' to define permissions. Ie so Users who are authorised to see only Cornwall members etc will do so, and those who are okay to see Cornwall and Devon can see both etc. Had a couple of issues to sort with seeing 'groups' but seems we may have cracked that too.
See recent post here http://forum.civicrm.org/index.php/topic,3695.0/topicseen.html
Sign up to StackExchange and get free expert advice: https://civicrm.org/blogs/colemanw/get-exclusive-access-free-expert-help

pete davis : www.fuzion.co.nz : connect + campaign + communicate

rogerco

  • I post occasionally
  • **
  • Posts: 66
  • Karma: 5
Re: Joomla and groups for access control
June 19, 2008, 08:55:34 am
Ok so I am experimenting with Donald's suggestion. I have also had to modify CRM\Core\Menu.php around line 849 to enable the Access Control menu item to appear under Manage CiviCRM in Joomla.

So now I've got the Access Control Panel available in the backend and I can add ACLs using groups but I can seem to add additional Roles. Whenever I try to add a role I get
Quote
Sorry. A non-recoverable error has occurred.

Database Error Code: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'DECIMAL)) AS max_weight FROM civicrm_option_value WHERE option_group_id = 8' at line 1, 1064
So I must have missed something?

But to get this far I have had to modify three files buried fairly deep in the structure which I don't like doing because it is going to make maintaining upgrades a nightmare.

How about the approach of using the API to check whether the joomla user was a member of a particular group required for the activity being attempted - it seems like potentially less messing with the core and keeps the mods all close to the Joomla side.

Also since one of the things I am wanting to achieve is to allow designated users to enter an activity log against an individual contact (eg to record outcome of a phone conversation) and to view the activity logs for any contact (eg see what was reported last time they were phoned), and I gather activities can not be used in profiles, this approach would also be a step towards that goal - I am assuming that I will end up packaging a new joomla component which will access and record activities in the Civicrm tables from the front end.

So I am moving towards thinking of a separate Joomla component for the front end which will mess directly with the Civicrm data (well through the APIs obviously to keep it clean  ;) )

RogerCO

Donald Lobo

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 15963
  • Karma: 470
    • CiviCRM site
  • CiviCRM version: 4.2+
  • CMS version: Drupal 7, Joomla 2.5+
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: Joomla and groups for access control
June 19, 2008, 12:20:51 pm

1. group_contact_get does not work with smart groups

2. you should give your group idea a shot. Its basically a restricted form of acls and should work (IMO)

lobo
A new CiviCRM Q&A resource needs YOUR help to get started. Visit our StackExchange proposed site, sign up and vote on 5 questions
Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Developer Discussion (Moderator: Donald Lobo) »
  • Joomla and groups for access control

This forum was archived on 2017-11-26.