UPDATE April 3, 2012: Since ACL Manager 1.2.0 it is possible to set the permissions for extensions that do not support Joomla ACL by default via ACL Manager. Find out more in the blog post "Upcoming: ACL support for any component".
I have been working on ACL Manager 1.1.0 last few days. One of the main new features in this release will be the support of additional custom permissions of 3rd party extensions. Joomla exists out of 10 core permissions that we can divide in three groups:
ACL Manager was already able to display the settings of these core permissions for 3rd party extensions. The ACL system in since Joomla 1.6 also allows 3rd party extension developers to use additional custom permissions. ACL Manager 1.1.0 will be able to display the settings of these additional permissions of extensions.
I thought that it would be good idea to test the additional actions support in ACL Manager with some extensions that are listed in the first pages of the Popular Extensions page of the Joomla Extensions Directory, to make sure the support is working fine in ACL Manager. To my big surprise I found out that many of the extensions with the Joomla 1.7 label do not support the Joomla ACL and maybe not deserve the Joomla 1.7 compatible label!
In many cases the extension does not allow to set the Component Permissions, so your not able to define which groups are able to access the component or are able to configure the options. All users with access to the backend of your Joomla 1.7 site can access the extension.
In other words, extensions that do not support Joomla ACL make the Joomla ACL system worthless because it is not possible to limit the User Group access to the Articles only for example. The other installed extension without ACL support will always be listed in the backend menu.
So when do we call an extension Joomla 1.7 (ACL) compatible? I would suggest that an extension needs to support two Joomla ACL core permissions at least: Configure (to configure the access settings) and Access Component (to define the access).
What if we would apply this rule? Let's see the impact on the Joomla 1.7 compatibility of 10 popular Joomla extensions!
Akeeba Backup meets the minimum requirements, it supports the Access Component and Configure permissions. On top of that Akeeba Backup added Backup, Configure and Download as additional permissions. So you can define permissions for those actions for each User Group. You can set the permissions in the Joomla style modal window, not via 'Options' button in the toolbar but via the 'Component Parameters' in the Akeeba Backup dashboard.
I would suggest to use the standard Joomla method. It's also confusing that another button called 'Configuration' is visible in the dashboard to configure the component itself, but some configuration is also possible via the 'Component Parameters'. Thats also the reason for the additional 'akeeba.configure' permission. So you need to configure the extension in two screens. Knowing Nicholas a bit I think there is a very good reason for this, otherwise: please, make one configuration screen :-). Akeeba Backup is ready.
It is not possible to configure permissions for ChronoForms. So ChronoForms is not Joomla 1.7 ready.
I did not expected that much of an extension that is compatible with all versions of Joomla (1.0, 1.5, 1.6 and 1.7), and indeed, Community Builder does not allow to set access permissions. The interface of the extensions does not look different since I installed it back in the Joomla 1.0 days. I can imagine it will be hard to implement ACL support for an extension running on all Joomla versions. But Community Builder is not Joomla 1.7 ready.
JCE Editor is using the Joomla ACL (you can define component access) and added some custom permission rules for access and edit Profiles, Preferences, Installer, File Browser & MediaBox. JCE Editor renamed 'Options' button in the toolbar to 'Preferences' with a custom styled layout and using 'jce.config' as action to control the access to the preferences.
Again I would suggest JCE Editor to follow the Joomla standards: don't use a custom layout for configuration, use the standard button label and use 'core.admin' as action instead of 'jce.config'. Users appreciate generic approach of the configuration of extensions and that is better for the usability. But most important, JCE Editor is ready.
JEvents is a great example of an extension that is using the Joomla core possibilities. It's not only using the Joomla core ACL but also using the Joomla categories structure for event categories. A big plus instead of building an own category structure.
But also JEvents is using a custom configuration screen and the button is not in the toolbar but in the dashboard of the extension. The delete actions in also renamed from 'core.delete' to 'core.deleteall'. This is not correct, it should be 'core.delete' (using the core permission) or 'jevents.deleteall' (using a custom permission). It may also be confusing that you can set up additional permissions for users (not groups!) for the extension, it would be great to see if those permissions are converted to the Joomla method. Anyway, JEvents is ready.
It is not possible to configure permissions for JomSocial. It would be a good start to implement Access Component and Configure at least. It will be a challenge, but it would be very nice if JomSocial is able to use the Joomla ACL for defining the permissions to their Groups, Events, Media, etc... system. At the moment JomSocial is not Joomla 1.7 ready.
Kunena Forum meets the minimum requirements, it supports the Access Component and Configure permissions. Configurable via the 'Options' button in the toolbar. It would be interesting to see if it would be possible to use the Joomla ACL for the forum board permissions, don't know if thats already on the roadmap. Kunena Forum is ready.
Phoca Gallery also meets the minimum requirements. It supports the Access Component, Configure, Create, Delete, Edit and Edit State permissions. Configurable via the 'Options' button in the toolbar. At the moment Phoca Gallery does not support permissions for the categories via the Joomla method. It would be very nice to see that the possible rights for photo categories (e.g. Upload Rights and Access Rights) would use the Joomla core ACL, which shouldn't be too complicated. Phoca Gallery is ready.
It is not possible to configure permissions for RSform Pro. Again, the minimum permissions would be good to implement and maybe think about using the Joomla ACL on the form level, define which group is able to edit, delete, etc form submissions. RSform Pro is not Joomla 1.7 ready for the moment.
It is not possible to configure permissions for Xmap. Minimum permissions are needed. So Xmap is not Joomla 1.7 ready.
Please see above points as feedback for your extension. As we can see there is still a lot of diversity in Joomla ACL support. Some do not support ACL at all, others support the minimum and other adding custom permissions. I also noticed confusing about the implementation of Joomla ACL in your own extension. Not surprisingly since this is a new feature in Joomla and there is not that much documentation around.
Next week I will publish a new article with some tips to support Joomla ACL in your extension. It isn't that difficult if we all follow the same guidelines. Hopefully all extensions with Joomla 1.7 compatibility label will support Joomla ACL soon so we all can benefit from the Joomla ACL power, and not just the Joomla core. Stay tuned!
UPDATE: The article is now available: How to add basic ACL support to your extension.
This article started with testing ACL Manager 1.1.0 that will display the settings of additional custom permissions of extensions. If an extension is following the guidelines for implementing Joomla ACL it will work in ACL Manager as well. When all extensions above are installed you will get the overview as seen below in ACL Manager. You can see directly which extensions don't support Joomla ACL and which added additional permissions.
Testing went well, so ACL Manager 1.1.0 will be available for public very soon!