CiviCRM Community Forums (archive)

So the mods I made seem to be working ok on a live site, although I'm not very happy with them as it is still possible for some unwanted access to records (although I think not by public users, and not editing).

Thinking on a bit, it seems to me that what I really need is to create an additional table that specifies for each profile who can access it on the front end and what they can do.

The who should be Joomla user groups and/or Civi Groups (including smart groups) - and for both categories multiple groups need to be specified.

The how to implement this in the backend would be to add an additional entry under the CiviCRM component menu to set up the permissions. This would involve modifying two Joomla specific files (admin.civicrm.php to detect and call the new task and the xml file to add the menu task) and adding standard Joomla style backend files to edit the permissions table.

Then the frontend civicrm.php would require a much simpler modification to read the permissions for the requested profile and throw the user back before invoking CiviCRM if they were not authorised.

New table would be jos_civi_profiles with columns for id, profile_id, joomla_groups, civi_groups

I do like the ability to use combination of Joomla permissions and Civi Groups to control access as it gives me a lot of easy control over who can do what.

Does this make sense? How does it relate to anything that might be in the roadmap for improving the Joomla frontend?

RogerCO

Hi Donald, thanks, ok.

I tried the IRC link at the top of this forum and it asked for my username then presented me with a pale blue screen with a list of usernames on the right (including mine) and a prompt at the top saying freenode blah blah: but I didn't seem to be able to do anything so am not sure if it works. After a few minutes on Thursday a couple of lines of incomprehensible text got added that seemed to be someone saying slash and someone else saying ouch - but no meaning. I couldn't type anything though - do I need a different login?

I've looked at the tables in civicrm with acl in their name but in the absence of any clue as to how they are supposed to work it would be a major exercise to try and reverse engineer the hundred odd files in Civi to find out how it all hangs together - and then work out how to make it work with Joomla (I guess there is probably a good reason why it has never been implemented since it is pretty fundamental to the use of the system)

I don't think there is a problem with the backend civi in Joomla as only admins would have access to that anyway, and since all frontend access within Joomla has to start through components/civicrm.php it would seem fairly straightforward to implement some filtering or access control there. This also avoids having to understand how the Drupal system is working.

I'm not against trying to work with the existing Civi ACL system, but the statement that it is more complex than it should be and not very well documented seems to imply that it might be best abandoned, at least for the Joomla version.

If IRC is a real time chat system then tell me how to access it and when you'll be there and I'll come and listen to you explain how Civi ACL works and see if we can use that - day job and time-zone differences permitting of course :-)

RogerCO