Implementing access control on breeds listing page.
In the Creating Toolbar and Config Options at Backend section, we have created the configuration options for the access control list at the backend through which we are going to control access for a user group to determine which one can perform which operation in the component. You can access that by going to the component backend and clicking on the “Options” tab as shown in the screenshot below.
After clicking on this, you will get the configuration page and by clicking on the Permissions tab, you will get the following screen which is meant to control access to our component key functions like viewing, creating, editing, deleting, updating and updating your own.
Files to create / update
update default.php /site/views/breeds/tmpl/default.php
File Details
/site/views/breeds/tmpl/default.php
<?php
// No direct access
defined('_JEXEC') or die;
JHtml::addIncludePath(JPATH_COMPONENT . '/helpers/html');
JHtml::_('bootstrap.tooltip');
JHtml::_('behavior.multiselect');
JHtml::_('formbehavior.chosen', 'select');
$user = JFactory::getUser();
$userId = $user->get('id');
$listOrder = $this->state->get('list.ordering');
$listDirn = $this->state->get('list.direction');
$canCreate = $user->authorise('core.create', 'com_breed');
$canEdit = $user->authorise('core.edit', 'com_breed');
$canCheckin = $user->authorise('core.manage', 'com_breed');
$canChange = $user->authorise('core.edit.state', 'com_breed');
$canDelete = $user->authorise('core.delete', 'com_breed');
?>
<form action="<?php echo JRoute::_('index.php?option=com_breed&view=breeds'); ?>" method="post"
name="adminForm" id="adminForm">
<?php
echo JLayoutHelper::render('joomla.searchtools.default', array('view' => $this));
?><br><br>
<table class="table table-striped" id="breedList">
<thead>
<tr>
<?php if (isset($this->items[0]->id)): ?>
<th width="1%" class="nowrap center hidden-phone">
<?php echo JHtml::_('grid.sort', 'JGRID_HEADING_ID', 'a.id', $listDirn, $listOrder); ?>
</th>
<?php endif; ?>
<th class=''>
<?php echo JHtml::_('grid.sort', 'COM_BREED_BREEDS_BREEDNAME', 'a.breedname', $listDirn, $listOrder); ?>
</th>
<th class=''>
<?php echo JHtml::_('grid.sort', 'COM_BREED_BREEDS_PIC', 'a.pic', $listDirn, $listOrder); ?>
</th>
<th class=''>
<?php echo JHtml::_('grid.sort', 'COM_BREED_BREEDS_BREEDCAT', 'a.breedcat', $listDirn, $listOrder); ?>
</th>
<th class="center">
<?php echo JText::_('COM_BREED_BREEDS_ACTIONS'); ?>
</th>
</tr>
</thead>
<tfoot>
<tr>
<td colspan="<?php echo isset($this->items[0]) ? count(get_object_vars($this->items[0])) : 10; ?>">
<?php echo $this->pagination->getListFooter(); ?>
</td>
</tr>
</tfoot>
<tbody>
<?php foreach ($this->items as $i => $item) : ?>
<?php $canEdit = $user->authorise('core.edit', 'com_breed'); ?>
<?php if (!$canEdit && $user->authorise('core.edit.own', 'com_breed')): ?>
<?php $canEdit = JFactory::getUser()->id == $item->created_by; ?>
<?php endif; ?>
<tr class="row<?php echo $i % 2; ?>">
<?php if (isset($this->items[0]->id)): ?>
<td class="center hidden-phone">
<?php echo (int) $item->id; ?>
</td>
<?php endif; ?>
<td>
<a href="/nomi/<?php echo JRoute::_('index.php?option=com_breed&view=breed&id='.(int) $item->id); ?>">
<?php echo $this->escape($item->breedname); ?></a>
</td>
<td> <img src="/nomi/<?php echo JURI::base(); ?>/components/com_breed/breedpic/<?php echo $item->pic;; ?>" width="100px"> </td>
<td>
<?php echo $item->breedcat; ?>
</td>
<?php if ($canEdit || $canDelete): ?>
<td class="center">
<?php if ($canEdit): ?>
<a href="/nomi/<?php echo JRoute::_('index.php?option=com_breed&task=breedform.edit&id=' . $item->id, false, 2); ?>" class="btn btn-mini" type="button"><i class="icon-edit" ></i></a>
<?php endif; ?>
<?php if ($canDelete): ?>
<button data-item-id="<?php echo $item->id; ?>" class="btn btn-mini delete-button" type="button"><i class="icon-trash" ></i></button>
<?php endif; ?>
</td>
<?php endif; ?>
</tr>
<?php endforeach; ?>
</tbody>
</table>
<?php if ($canCreate) : ?>
<a href="/nomi/<?php echo JRoute::_('index.php?option=com_breed&task=breedform.edit&id=0', false, 2); ?>"
class="btn btn-success btn-small"><i
class="icon-plus"></i>
<?php echo JText::_('COM_BREED_ADD_ITEM'); ?></a>
<?php endif; ?>
In this step of the tutorial, we are trying to implement ACL on our breed listing page, so that the edit and delete operations access on this page can be controlled. To make it happen, first we added a code snippet to the default.php file of the frontend breeds listing view, from line 15 to 19 as shown above.
To implement action controls in the code, we just call the authorise () method of the JUsers class, which takes two arguments. The first one is the action and the second is the asset name. Action refers to the access granted, like creating, editing, etc, and asset name refers to the name of the component.
Now, to make these action controls work, we are using a structure like this,?php if ($canEdit) // edit icon?> It means that if a user belonging to that specific group is allowed to edit an item, an edit icon or link will appear and he will be able to edit the item. In the above mentioned default.php file code, we have implemented this for showing or hiding the edit and delete icons from line 95 to 106, and similarly, to display an add new item button, we have used $canCreate on line 113. On line 135, we have used $canDelete to display the javascript confirm delete code.