HOWTO: Add authorization to component administrator
Posted: Fri Aug 24, 2007 7:25 pm
If you're building a component, you may find that you want only certain groups accessing the administrator for your component. One example of this is looking at com_weblinks. If you look in the main component file in the administrator you'll see this code snippet:
This code effectively only allows people that have the 'manage' roll for 'com_weblinks' to access the administrator for the weblinks component. However if you put this code in your component and replace the 'com_weblinks' with your component, you will get an error. Through further inspection, you'll notice (after digging through a number of files) that the authorization roles are hardcoded in J! so only the core components can have authorization......or so you think.
You can add authorization to your component by placing something like the following at the top of your component's entry point (the file named.php).
This will add roles to your component when you replace 'com_componentname' with your component's name. In this case, super admins, admins and managers have the 'manage' roll. You can then check if the user has access using the same type of code that the com_weblinks component uses.
This also allows you to add many types of roles to discriminate even more. For example, you could allow someone to view your component's entries, but not edit them.
Hope that helps.
--joatmon
Code: Select all
$user = & JFactory::getUser();
if (!$user->authorize( 'com_weblinks', 'manage' )) {
$mainframe->redirect( 'index.php', JText::_('ALERTNOTAUTH') );
}
This code effectively only allows people that have the 'manage' roll for 'com_weblinks' to access the administrator for the weblinks component. However if you put this code in your component and replace the 'com_weblinks' with your component, you will get an error. Through further inspection, you'll notice (after digging through a number of files) that the authorization roles are hardcoded in J! so only the core components can have authorization......or so you think.
You can add authorization to your component by placing something like the following at the top of your component's entry point (the file named
Code: Select all
$authorization = &JFactory::getACL();
$authorization->addACL( 'com_componentname', 'manage', 'users', 'super administrator' );
$authorization->addACL( 'com_componentname', 'manage', 'users', 'administrator' );
$authorization->addACL( 'com_componentname', 'manage', 'users', 'manager' );
This will add roles to your component when you replace 'com_componentname' with your component's name. In this case, super admins, admins and managers have the 'manage' roll. You can then check if the user has access using the same type of code that the com_weblinks component uses.
This also allows you to add many types of roles to discriminate even more. For example, you could allow someone to view your component's entries, but not edit them.
Hope that helps.
--joatmon