Subscribe to Collegiate Chronicles        RSS Feed
***** 1 Votes

Joomla Permissions: I Hate You.

Icon 1 Comments
Long time, no update. My apologies to all those who have been hanging on my every word, my thrill-a-minute Joomla gangsta life... but maybe you should, like, go outside once in a while or something.

Anyway, several months back, the massive pain in the keister site I was working on was officially launched. Now I'm on to piecing together a basic user manual (so far 15 pages and counting) and setting up user permissions in the system to keep people from accessing areas they shouldn't be accessing and allow them to access areas they should be accessing.

My gripe at the moment is in the User interface. There are three menu options: User Manager, Groups, and Access Levels.

My own personal brand of logic tells me that I should be able to lock things down by access level. For example, if I want no one other than me to gain access to the Template Manager, I should - in theory - be able to set up a "No Template" access level and any Groups created under that access level would not be able to access the Template Manager, right? WRONG!

I have yet to figure out why the "Access Levels" option even exists. It does absolutely nothing. I read the documentation. I own the damned book. It exists seemingly for the sole purpose of making the menu look larger.

So, fine, I say! If I can't stop it through the Access Levels, I can do it through user groups! And sweet success... it works! Great, right? Yes and no.

Let's say I have two groups. Group 1 ("No Template") is not allowed to access the Template Manager. Group 2 ("No Template No Menu") is not allowed to access the Template Manager or the Menu Manager. Got it? Good.

Now say I've created my "No Template" Group, set up all the necessary group-specific permissions and all users in this group are doing swell. I should - at least by MY logic - be able to use the handy-dandy "Save as a Copy" button to duplicate the "No Template" Group and settings, right? WRONG! I can duplicate the "No Template" Group, but I have to start all over with the settings to morph it into the "No Template No Menu" Group.

What this means is though I already took the time to specifically deny access to the Template Manager in my original group, I now have to go back through with my duplicated group and specifically deny access to both the Template Manager AND the Menu Manager.

Oh waily, waily! Poor baby has to do it twice! -- That's what you're thinking. I can hear it in your scoffs. Well stop your scoffing and listen closely: my two sample user groups don't even BEGIN to scratch the surface of the nightmare on my desk.

I have Group 1 that needs to be locked out of everything except the Article Manager. This means I have to go through each and every item in the Joomla Administration system to specifically deny access to every last little thing to which Group 1 is not allowed access...
Global Configuration, Maintenance, User Manager, Groups, Access Levels, User Notes, User Categories, Mass Mail, Menu Manager, Banners, Contacts, Weblinks, Newsfeeds, Employment Listings, Contact Forms, Google Calendar, JCE Editor, Redirects, Extension Manager, Module Manager, Plugin Manager, Template Manager, Language Manager...

Every single option on that list. One by one. Access denied. Access denied. Access denied.

Which means when I create Group 2 which needs locked out of everything except the Article Manager and the Employment Listings, instead of being able to copy all the permissions from Group 1, then make the adjustment to allow the Employment Listings, I have to go through every single one of the menu options listed and specifically deny access to the new user group.

I have 43 user groups to create.

To make it even more of a headache, each person with access to the Article Manager does not get access to all of the articles... only the articles dealing with their specific department. So I have to lock down the articles by individual user... which means going through almost 5,000 individual articles and manually changing the name of the person in charge of maintaining it. If the user isn't set as the default article editor, the system will deny them access to the article. At present, I am the default editor for every article in the entire system.

I was supposed to start training people on this nightmare last week. Let's just say the deadline has been postponed indefinitely.


1 Comments On This Entry

Page 1 of 1


31 July 2013 - 04:21 PM


I Hate You

At least riperator loves me. He said so in my profile :wub:
Page 1 of 1

January 2021

171819202122 23

Recent Entries

Recent Comments

Search My Blog

1 user(s) viewing

1 Guests
0 member(s)
0 anonymous member(s)