Confused by templates, overrides & Joomla! ACL

General Fri, 18 November 2011 By Sander Potjer View Comments

A few weeks ago I did a Joomla ACL training for Edwin Blom. This is not very special because I do it regularly, but Edwin attended already one of my Joomla ACL presentations, using ACL Manager and spent some hours in discovering the Joomla ACL. Normally enough to have a good understanding of the new Joomla permission system. But Edwin was still confused and couldn't get the permissions configured as he had in mind.

User Group for each category

Edwin wanted several User Groups, all responsible for their own category on the website. So he created categories and a menu structure with menu items for each category. By using ACL Manager the permissions are configured in a way that each User Group is able to perform the Create, Edit and Edit State actions only for their own category.
If you are a bit familiar with Joomla ACL you will agree that this set up is one of the great possibilities with the new permission system. And not too difficult, normally...

Example ACL StructureEach User Group is able to edit a specific category, related to a menu item.

After creating this structure and testing around Edwin found out that it didn't worked as expected. The article edit buttons didn't showed up next to the article titles if a User Groups was allowed to edit the category and articles. He found out that only when an allowed for the Edit action in the Global Configuration the edit buttons showed up on the frontend. After changing some other permission settings in an attempt to make it work Edwin lost his understanding in Joomla ACL and asked me for help.

Settings are correct, but still not behaving as expected...

By a quick look at the permission settings via ACL Manager I noticed that some small improvements were possible - mainly caused by the attempt to understand ACL - but not something that should prevent the edit icons to show up at the frontend. All settings seems to be correct and from my experience in similar cases the edit icons should be visible with this configuration.

When Edwin showed me the frontend of the website I had a strong feeling that the downloaded template was the cause of the issue, selected by Edwins client. Since Joomla 1.5 we have a powerful tool available, called Template Overrides. With template overrides you can easily change the output of Joomla to match your template, to add features or to achieve other specific functionalities.

Grmbl, the template overrides & ACL...

Indeed, template overrides can change the output of Joomla... So, could the issue be caused by this template - or to be more specific - by the template overrides of this template? There is an easy way to find out by temporary renaming the 'html' folder in you template folder. So we renamed the folder to 'html-temp' and refreshed the frontend of the website.

A big smile appeared on Edwins face, so without looking at the screen I knew we found the cause of the issue: the template overrides of the template. Without the templates overrides active the permissions settings worked as expected again. So a happy Edwin again! He was able to continue with the project and the knowledge that his ACL understanding is correct. It was only confused by the template overrides.

Looking at the issue in detail

I asked for the template after the training to have a more detailed look at the issue. This will be some code talk, so you might want to skip to the bottom if you are not familiar with Joomla code ;-).

Let's start with a closer look at the template override file responsible for the output of a single article. In this file you will find some code that controls the display of the edit icon.

File: /templates/templatename/html/com_content/category/blog_item.php

<?php if ($canEdit) : ?>
	<?php echo JHtml::_('icon.edit', $this->item, $params); ?>
<?php endif; ?>

The code above is basically saying: "display the edit button if the variable $canEdit is true". So we need to check how this $canEdit variable is set in the file. At the top of this file we find the code below.

$canEdit = $this->user->authorise('core.edit', 'com_content.frontpage.'.$this->item->id);

This code is checking if the current user is able to perform the 'core.edit' action for the current article in the #__assets table of the database, where all user permissions are stored.

Error #1: Naming convention not correct

You may have noticed it already, the asset naming convention is wrong. The correct version of the code above is:

$canEdit = $this->user->authorise('core.edit', 'com_content.article.'.$this->item->id);

Using 'com_content.article.' instead of 'com_content.frontpage.' is right. This will return 'true' if the user is allowed for the 'Edit' action for this article.

Error #2: Checking for Edit action only

But even this correction may not solve the issue of the missing edit icon. The code is checking for the Edit action and will only work if the User is allowed to edit the article (inherited from the category). But what if we allow the User to only edit their own articles? Indeed, in that case above code will return 'false' because it is only checking the 'Edit' action and not the 'Edit Own' action. The code for checking the Edit Own action is as follow:

$canEdit = $this->user->authorise('core.edit.own', 'com_content.article.'.$this->item->id);

If we want to do it correctly we also need to check some other actions like Edit State. But to check all these actions separated and after that calculating if the edit icon should be visible is a bit cumbersome...

Correct code to check the $canEdit variable for articles

Joomla offers us a very easy way to check all possible edit actions. It will return 'true' if the current User is allowed to edit the article, based on all related actions. Just a single line of code is enough to check this and use the output to control the display of the edit icon.

$canEdit = $this->item->params->get('access-edit');

Prevent confusing, check your template!

As we can see in the example above it's important to make sure that the template (overrides) you are using is not changing the method of the permission check. You can always compare with the Joomla core files. This can prevent a lot of confusing while working with Joomla permissions.

Another method to make sure you don't get confused by you template is to use one of the default Joomla template while testing your permission settings. If you're sure everything is worked as expected you switch back to your own template. And don't forget to test it again!

Sander Potjer

Written by Sander Potjer

Sander Potjer is the developer of ACL Manager for Joomla. Sander Potjer's passion for Joomla! began back in 2005 when he designed and built a Joomla! web site for his rowing team. His involvement with the Joomla! community started in 2008 as co-founder of the local Dutch community. .