This documentation relates to CiviCRM version 2.2. It's not maintained anymore.
Current version of documentation.

#usernavbar()

CiviCRM groups for Joomla access control

Comparaison des versions

Légende

  • Ces lignes ont été ajoutées. Ce mot a été ajouté.
  • Ces lignes ont été supprimées. Ce mot a été supprimé.
  • Formatting was changed.
Commentaire: Migrated to Confluence 4.0

This is effectively out of date and has been replaced by http://wiki.civicrm.org/confluence/pages/viewpage.action?pageId=20643843

This is a modification to two civicrm 2.0.4 files used in Joomla 1.5 which allows you to use CiviCRM groups as access control to front end CiviCRM menu items.
(This does not allow to set CiviCRM groups as access control to modules and content JUST front end CiviCRM items.)

As an additional benefit this gives a warning (but does not stop the user proceeding) if the Joomla and CiviCRM email addresses do not match. There may be users who want to use different emails for the website and whatever you are using CiviCRM for.

Be warned - this works with CiviCRM 2.0.2 and Joomla 1.5.3 - I have no idea if it is good for J1.0

The two files you need to modify are civicrm.xml which is found in
JOOMLAROOT/administrator/components/com_civicrm

and civicrm.php which is found in
JOOMLAROOT/components/com_civicrm

The mod to the xml file adds two new parameters when creating or editing a frontend CiviCRM menu entry from the adminstrator backend.
The first parameter allows you to specify a comma separated list of CiviCRM group ids which are allowed to access this menu item. 'public' bypasses the checking and '0' will allow any Joomla user who is also a CiviCRM contact to access.

The second parameter allows you to customise the message that the user sees if they do not have permission.

Here are the files - unzip, rename the originals so you dont loose them, and upload these joomlaCiviACL.zip

Here is the detail of the changes:

In civicrm.xml after about line 28

Bloc de code
    <param name="reset"

INSERT the following

Bloc de code
    <param name="aclGroups"   type="text" size="8" default="public" label="Access Groups"
description="The IDs of the groups allowed to access this option.
Separate with commas. 'public' for open access, '0' for any logged in user with CiviCRM contact matching email address.
Use 'public' here with 'registered' in the Joomla Access Level for any logged in user." />
    <param name="sorryText" type="text" size="30" default="Sorry, you do not have permission to do that"
label="Sorry message" description="Message to user if they are not authorised. Simple html possible" />

This adds the new parameters. For the aclGroups parameter the value 'public' (the default) will bypass any access control. You can of course use the Joomla Access Level public/registered/special to control visibility of the menu item as well. If you put '0' for the group then any registered website user who is also a CiviCRM contact will be able to access the item. Registered users without a matching CiviCRM identity will be barred.

In civicrm.php about line 25 AFTER the line

Bloc de code
require_once 'CRM/Core/Invoke.php';

INSERT the following lines:

Bloc de code
//==================== groupACL mod add 2 lines added
require_once 'api/v2/Contact.php';
require_once 'api/v2/GroupContact.php';
//=====================================

then around old line 54 AFTER the lines

Bloc de code
        $menu->load( $_GET['Itemid'] );
        $params = new mosParameters( $menu->params );

and BEFORE the line

Bloc de code
        $args = array( 'task', 'id', 'gid', 'reset' );

INSERT the following lines

Bloc de code
//=================================================================== groupACL mod add block
// This block checks if the user is member of groups specified for access control before allowing to proceed
		// get parameter aclGroups from itemId
		$accessStr = $params->get( 'aclGroups', 'public');
		$accessGrp = explode(',', $accessStr);
		// get the message to show if user has no access
		$sorryText = $params->get( 'sorryText', 'Sorry, you do not have permission to do that');
		// if the accessStr parameter is 'public' then anyone is allowed
		if ( $accessStr != 'public' ) {
			// get the users Joomla details
			global $my;
			$JoomEmail = $my->email;
			if (is_null($JoomEmail) ) {
				echo '<p>Sorry, you do not seem to be logged in with a valid email address. </p>';
				return;
			}
			$Jid = $my->id;
			require_once 'CRM/Core/BAO/UFMatch.php';
			$civiId = CRM_Core_BAO_UFMatch::getContactId($Jid);
			// if no CiviCRM individual with the matching id then exit
			if ( is_null($civiId) ) {
				echo '<p>Sorry, could not find your membership details.<p>';
				return;
			}
			// extra bit to check whether users emails match and warn if not
			$cntParams = array( 'contact_id' => $civiId );
			$result = civicrm_contact_get( $cntParams );
			$CiviEmail = $result['email'];
			// if they do not match warn them but allow to continue
			if (! ($JoomEmail == $CiviEmail )){
				echo '<h3>Warning</h3><p><b>Your website and membership emails do not match.</b>';
				echo '<br />Website = '.$JoomEmail.'  Membership = '.$CiviEmail;
				echo '<br />Please update one or the other';
			}
			// now we have the Civi ID we can get the groups the user belongs to
			$grpParams = array( 'contact_id' => $civiId, 'return.group_id' => 1);
			$myGroups = civicrm_group_contact_get( $grpParams );
			//clear a flag and iterate through the groups checking if they are in groupacl list			$allowed = in_array('0',$accessGrp);
			while (list ($key, $grpList) = each($myGroups)) {
				if ( in_array($grpList['group_id'], $accessGrp)) {
					$allowed = true;
				}

			}
			if (!$allowed)  {
			// no groups match so give them a message and exit
				echo '<p>'.$sorryText.'</p>';
				return;
			}
		}
//======================================================================	end of modification

Since this only affects the Joomla specific files could it be checked, tested, improved and incorporated as it provides good additional functionality.

RogerCO