SlideShare una empresa de Scribd logo

Cutting corners from a wheel -

K
kauselot

Forkito ACL presentation at J and Beyond conference 2011

Tecnología
1 de 43
Descargar para leer sin conexión
CUTTING CORNERS FROM A WHEEL // Forkito ACL // FORKITO
FINAL GOAL Easy to use and understand ACL system Reusable ACL library compatible with most widespread Joomla based projects FORKITO
FORKITO ACL FLAVORS Ţ Joomla fork flavor (working - oh yeah) Ţ Molajo flavor (in progress) Ţ Nooku flavor (planned) FORKITO
JOOMLA FORK FLAVOR FORKITO
JOOMLA FORK FLAVOR Did he really say that? FORKITO
JOOMLA FORK FLAVOR Starting point for the whole project. Used as proof of concept FORKITO
Joomla fork form == contains changes to 70+ files due to poor Joomla ACL implementation in application layer Joomla - ACL hardcoded everywhere revision 7 FORKITO
COVERED PARTS New forkito ACL library Joomla library methods are changed to proxies to a new library methods Includes internal methods that take care of backwards compatibility with old Joomla ACL FORKITO
COVERED PARTS Web application framework layer Ţ categories Ţ menus, Ţ modules, Ţ plugins Mainly changes to multiple items queries FORKITO
COVERED PARTS Application Ţ Backend components: com_categories, com_menus, com_modules, com_plugins Ţ Content components: com_content (back and frontend) Ţ Pagenavigation plugin- Contains changes to 37 php and 15 xml files, most extensive changes to com_users and com_content FORKITO
WHERE I CAN GET IT git clone git://git.forkito.org/forkito FORKITO
MOLAJO FLAVOR FORKITO
Completely new classes Where most development goes at the moment The most important part FORKITO
Molajo ? - web application layer will be completely redone together with components - layer includes hooks for ACL plugins Just few library overrides (JUser, JCategories, JMenu … ) Joomla compatibility methods removed – extension either uses Joomla or Forkito ACL FORKITO
Molajo ? - web application layer will be completely redone together with components - layer includes hooks for ACL plugins Just few library overrides (JUser, JCategories, JMenu … ) Joomla compatibility methods removed – extension either uses Joomla or Forkito ACL yes, it can be done FORKITO
NOOKU FLAVOR FORKITO
Will come after Molajo flavour it is expected that only minor changes will be needed in Forkito ACl for it to work with Nooku framework. Forkito will represent an addon library here FORKITO
Unified ACL // Forkito to Joomla ACL comparision// FORKITO
REMOVED VIEW ACCESS LEVELS AND ADDED VIEW TO ACTIONS 50% less users effort needed, 50% less complicated. View == action No need for a separate ACL system for managing view permissions. onfusing for the user and inefficient from the system point of view. FORKITO
RADICALLY IMPROVED AND SIMPLIFIED USER INTERFACE Ţ Simple matryx of groups and actions Ţ One-click permission changes Ţ Instantly visible changes in inherited values FORKITO
SIMPLIFIED OPERATIONAL LOGIC Lower level always wins Global >Component>(Category)>(Item) Anything set on the lower level beats what was set on the higher one (denied or allowed) Assigned permission beats inherited Users are auto assigned to parent groups, so anything that is set in parents will affect user's permissions, but only if it is not set explicitly in assigned groups. FORKITO
SIMPLIFIED OPERATIONAL LOGIC If one group gives you access you are in (key analogy) If you have a key that opens certain doors, it doesn't matter if another key doesn't work, you still can get in. When user is allowed to do something trough his membership in one of the assigned groups, all others are irrelevant. FORKITO
DRY-ED AND RE-ARCHITECTURED No code repetition A single method for a single purpose. Classes reusing other classes methods and not replicating them. Very low amount of code, will cut off even more in the future. FORKITO
JSON ENCODED RULES REPLACED WITH PERMISSIONS TABLE JSON encoded string of permissions, stored in simgle database field was one of the most horrible ideas ever seen in Joomla This kind of code crimes should be punishable with at least 100 hits with a stick. FORKITO
WHY ? FORKITO
It totally disables any database relations, conditional searches etc. with enormous impact on performance. FORKITO
To retrieve a list of items user has a permission to view (or edit or do any action) code would need to query for ALL items, unpack json string item by item and check permissions each item separately. Now imagine you have 100.000 or even 1 million items to inspect one by one and try to imagine how long that would take and e.g. how much memory it would consume. Get the picture? FORKITO
Having JSON in a database == a performance problem => you need more efficient system for managing thousands of users trying to view pages => you "solve" the problem by inventing another ACL system called access levels FORKITO
ALWAYS PRESENT BASIC SYSTEM GROUPS Groups that cannot be removed or their role changed While this might seem like a backwards step, this groups are really corner stones that CMS ACL cannot work without. Equivalent to unix wheel and anonymous groups roles. Having groups system can always rely on -> RELIABILITY, better performance and better security // including root configuration hack that is not need anymore // FORKITO
ALWAYS PRESENT BASIC SYSTEM GROUPS Everyone - Not-authenticated - anonymous visitors - Authenticated – anyone that is logged in -- Admins – replacing global core.admin permission (equivalent to unix wheel group) FORKITO
Simple API // Hod do I implement it // FORKITO
API GOAL Create minimal number of humanly understandable (self explaining) classes and method names. FORKITO
CHECK AUTHORIZATION - MACCESS CLASS Check single item's authorization : isUserAuthorizedTo + shortcut: isUserAuthorisedToView FORKITO
CHECK AUTHORIZATION - MACCESS CLASS Check multiple items authorization (by automatically inserting filtering sql in multiple items queries): insertFilterQuery FORKITO
MULTIPLE ITEMS AUTHORIZATION EXAMPLE JPluginHelper::_load() Joomla $levels = implode(',', $user->getAuthorisedViewLevels()); ... $query->select('folder AS type, element AS name, params') ->from('#__extensions') ->where('enabled >= 1') ->where('type ='.$db->Quote('plugin')) ->where('state >= 0') ->where('access IN ('.$levels.')') ->order('ordering'); FORKITO
MULTIPLE ITEMS AUTHORIZATION EXAMPLE Forkito ACL $query->select('e.folder AS type, e.element AS name, e.params, e.extension_id, e.asset_id') ->from('#__extensions AS e') ->where('enabled >= 1') ->where('type ='.$db->Quote('plugin')) ->where('state >= 0') ->order('ordering'); jimport('molajo.access.access'); MAccess::insertFilterQuery($db, $query, 'e.asset_id', 'core.view'); FORKITO
MULTIPLE ITEMS AUTHORIZATION EXAMPLE The same function is used in categories helper, modules helper, com_content articles model – anywhere where list of items needs to be filtered FORKITO
USER INTERFACE Insert acl widget HTML: MHtmlPermissions::aclWidget Get ready-made acl widget in shape of Joomla form field: MFormFieldAclwidget Very simple to include ACL widget in your component layout FORKITO
Future // Short term // FORKITO
Testing, testing. Bugfixing. Testing. Bugfixing. Bugfixing. Testing. Testing. Bugfixing. Testing, testing. Bugfixing. Testing. Bugfixing. Bugfixing. Testing. Testing. Bugfixing. Testing, testing. Bugfixing. Testing. Bugfixing. Bugfixing. Testing. Testing. Bugfixing. Testing, testing. Bugfixing. Testing. Bugfixing. Bugfixing. Testing. Testing. Bugfixing. Testing, testing. Bugfixing. Testing. Bugfixing. Bugfixing. Testing. Testing. Bugfixing. Testing, testing. Bugfixing. Testing. Bugfixing. Bugfixing. Testing. Testing. Bugfixing. FORKITO
USER INTERFACE IMPROVEMENT Inheritance breadcrumbs - show what this level is inheriting from FORKITO
Future // Long term // FORKITO
MORE ROUNDS OF SIMPLIFICATION Simple mode - flatten inheritance , keep only default and category (or item) permissions FORKITO

Recomendados

Applet
Applet Applet
Appletswapnac12
 
Awt, Swing, Layout managers
Awt, Swing, Layout managersAwt, Swing, Layout managers
Awt, Swing, Layout managersswapnac12
 
IPaste SDK v.1.0
IPaste SDK v.1.0IPaste SDK v.1.0
IPaste SDK v.1.0xrebyc
 
Design pattern in Symfony2 - Nanos gigantium humeris insidentes
Design pattern in Symfony2 - Nanos gigantium humeris insidentesDesign pattern in Symfony2 - Nanos gigantium humeris insidentes
Design pattern in Symfony2 - Nanos gigantium humeris insidentesGiulio De Donato
 
Using Contexts & Dependency Injection in the Java EE 6 Platform
Using Contexts & Dependency Injection in the Java EE 6 PlatformUsing Contexts & Dependency Injection in the Java EE 6 Platform
Using Contexts & Dependency Injection in the Java EE 6 PlatformArun Gupta
 
Utilize the Full Power of GlassFish Server and Java EE Security
Utilize the Full Power of GlassFish Server and Java EE SecurityUtilize the Full Power of GlassFish Server and Java EE Security
Utilize the Full Power of GlassFish Server and Java EE SecurityMasoud Kalali
 
Disney World 2010v2
Disney World 2010v2Disney World 2010v2
Disney World 2010v2ChristinaCo
 
Regents Pattaya The Student Guild
Regents Pattaya The Student GuildRegents Pattaya The Student Guild
Regents Pattaya The Student Guildjhortop
 

Recomendados

Applet
Applet Applet
Appletswapnac12
 
Awt, Swing, Layout managers
Awt, Swing, Layout managersAwt, Swing, Layout managers
Awt, Swing, Layout managersswapnac12
 
IPaste SDK v.1.0
IPaste SDK v.1.0IPaste SDK v.1.0
IPaste SDK v.1.0xrebyc
 
Design pattern in Symfony2 - Nanos gigantium humeris insidentes
Design pattern in Symfony2 - Nanos gigantium humeris insidentesDesign pattern in Symfony2 - Nanos gigantium humeris insidentes
Design pattern in Symfony2 - Nanos gigantium humeris insidentesGiulio De Donato
 
Using Contexts & Dependency Injection in the Java EE 6 Platform
Using Contexts & Dependency Injection in the Java EE 6 PlatformUsing Contexts & Dependency Injection in the Java EE 6 Platform
Using Contexts & Dependency Injection in the Java EE 6 PlatformArun Gupta
 
Utilize the Full Power of GlassFish Server and Java EE Security
Utilize the Full Power of GlassFish Server and Java EE SecurityUtilize the Full Power of GlassFish Server and Java EE Security
Utilize the Full Power of GlassFish Server and Java EE SecurityMasoud Kalali
 
Disney World 2010v2
Disney World 2010v2Disney World 2010v2
Disney World 2010v2ChristinaCo
 
Regents Pattaya The Student Guild
Regents Pattaya The Student GuildRegents Pattaya The Student Guild
Regents Pattaya The Student Guildjhortop
 
Molajo - Joomla based distributions
Molajo - Joomla based distributionsMolajo - Joomla based distributions
Molajo - Joomla based distributionskauselot
 
Regents Bangkok
Regents BangkokRegents Bangkok
Regents Bangkokjhortop
 
Turbocharging your extension // Joomla //
Turbocharging your extension // Joomla //Turbocharging your extension // Joomla //
Turbocharging your extension // Joomla //kauselot
 
Kis Sc
Kis ScKis Sc
Kis Scjhortop
 
Disney World 2010v4
Disney World 2010v4Disney World 2010v4
Disney World 2010v4ChristinaCo
 
Disney World 2010v3
Disney World 2010v3Disney World 2010v3
Disney World 2010v3ChristinaCo
 
Joomla 1.6. caching implemented #jab11
Joomla 1.6. caching implemented #jab11Joomla 1.6. caching implemented #jab11
Joomla 1.6. caching implemented #jab11kauselot
 
Enrich your extensions with Joomla! ACL support
Enrich your extensions with Joomla! ACL supportEnrich your extensions with Joomla! ACL support
Enrich your extensions with Joomla! ACL supportSander Potjer
 
Justin Herrin Comparing Joomla CCKs from jd12ne
Justin Herrin Comparing Joomla CCKs from jd12neJustin Herrin Comparing Joomla CCKs from jd12ne
Justin Herrin Comparing Joomla CCKs from jd12neJustin Herrin
 
Using spl tools in your code
Using spl tools in your codeUsing spl tools in your code
Using spl tools in your codeElizabeth Smith
 
What is the Joomla Framework and why do we need it?
What is the Joomla Framework and why do we need it?What is the Joomla Framework and why do we need it?
What is the Joomla Framework and why do we need it?Rouven Weßling
 
Dolibarr module development
Dolibarr module developmentDolibarr module development
Dolibarr module developmentRajib Hossain Pavel
 
David Rey Lessons Learned Updating Content Licensing To Be Plone 3 Compat...
David Rey Lessons Learned Updating Content Licensing To Be Plone 3 Compat...David Rey Lessons Learned Updating Content Licensing To Be Plone 3 Compat...
David Rey Lessons Learned Updating Content Licensing To Be Plone 3 Compat...Vincenzo Barone
 
AtoZ about TYPO3 v8 CMS
AtoZ about TYPO3 v8 CMSAtoZ about TYPO3 v8 CMS
AtoZ about TYPO3 v8 CMSNITSAN Technologies Pvt Ltd
 
jQuery Tips Tricks Trivia
jQuery Tips Tricks TriviajQuery Tips Tricks Trivia
jQuery Tips Tricks TriviaCognizant
 
Railo Presentation Railo 3.1
Railo Presentation Railo 3.1Railo Presentation Railo 3.1
Railo Presentation Railo 3.1Rhinofly
 
Introduction to building joomla! components using FOF
Introduction to building joomla! components using FOFIntroduction to building joomla! components using FOF
Introduction to building joomla! components using FOFTim Plummer
 
Alfresco monitoring with Nagios and ELK stack
Alfresco monitoring with Nagios and ELK stackAlfresco monitoring with Nagios and ELK stack
Alfresco monitoring with Nagios and ELK stackCesar Capillas
 
Mageguru - magento custom module development
Mageguru - magento custom module development Mageguru - magento custom module development
Mageguru - magento custom module development Mage Guru
 
Understanding Framework Architecture using Eclipse
Understanding Framework Architecture using EclipseUnderstanding Framework Architecture using Eclipse
Understanding Framework Architecture using Eclipseanshunjain
 
Developing Joomla Extensions JUG Bangladesh meetup dhaka-2012
Developing Joomla Extensions JUG Bangladesh meetup dhaka-2012Developing Joomla Extensions JUG Bangladesh meetup dhaka-2012
Developing Joomla Extensions JUG Bangladesh meetup dhaka-2012Sabuj Kundu
 
KAAccessControl
KAAccessControlKAAccessControl
KAAccessControlWO Community
 

Más contenido relacionado

Destacado

Molajo - Joomla based distributions
Molajo - Joomla based distributionsMolajo - Joomla based distributions
Molajo - Joomla based distributionskauselot
 
Regents Bangkok
Regents BangkokRegents Bangkok
Regents Bangkokjhortop
 
Turbocharging your extension // Joomla //
Turbocharging your extension // Joomla //Turbocharging your extension // Joomla //
Turbocharging your extension // Joomla //kauselot
 
Disney World 2010v4
Disney World 2010v4Disney World 2010v4
Disney World 2010v4ChristinaCo
 
Disney World 2010v3
Disney World 2010v3Disney World 2010v3
Disney World 2010v3ChristinaCo
 
Joomla 1.6. caching implemented #jab11
Joomla 1.6. caching implemented #jab11Joomla 1.6. caching implemented #jab11
Joomla 1.6. caching implemented #jab11kauselot
 

Destacado (7)

Molajo - Joomla based distributions
Molajo - Joomla based distributionsMolajo - Joomla based distributions
Molajo - Joomla based distributions
 
Regents Bangkok
Regents BangkokRegents Bangkok
Regents Bangkok
 
Turbocharging your extension // Joomla //
Turbocharging your extension // Joomla //Turbocharging your extension // Joomla //
Turbocharging your extension // Joomla //
 
Kis Sc
Kis ScKis Sc
Kis Sc
 
Disney World 2010v4
Disney World 2010v4Disney World 2010v4
Disney World 2010v4
 
Disney World 2010v3
Disney World 2010v3Disney World 2010v3
Disney World 2010v3
 
Joomla 1.6. caching implemented #jab11
Joomla 1.6. caching implemented #jab11Joomla 1.6. caching implemented #jab11
Joomla 1.6. caching implemented #jab11
 

Similar a Cutting corners from a wheel -

Enrich your extensions with Joomla! ACL support
Enrich your extensions with Joomla! ACL supportEnrich your extensions with Joomla! ACL support
Enrich your extensions with Joomla! ACL supportSander Potjer
 
Justin Herrin Comparing Joomla CCKs from jd12ne
Justin Herrin Comparing Joomla CCKs from jd12neJustin Herrin Comparing Joomla CCKs from jd12ne
Justin Herrin Comparing Joomla CCKs from jd12neJustin Herrin
 
Using spl tools in your code
Using spl tools in your codeUsing spl tools in your code
Using spl tools in your codeElizabeth Smith
 
What is the Joomla Framework and why do we need it?
What is the Joomla Framework and why do we need it?What is the Joomla Framework and why do we need it?
What is the Joomla Framework and why do we need it?Rouven Weßling
 
David Rey Lessons Learned Updating Content Licensing To Be Plone 3 Compat...
David Rey Lessons Learned Updating Content Licensing To Be Plone 3 Compat...David Rey Lessons Learned Updating Content Licensing To Be Plone 3 Compat...
David Rey Lessons Learned Updating Content Licensing To Be Plone 3 Compat...Vincenzo Barone
 
jQuery Tips Tricks Trivia
jQuery Tips Tricks TriviajQuery Tips Tricks Trivia
jQuery Tips Tricks TriviaCognizant
 
Railo Presentation Railo 3.1
Railo Presentation Railo 3.1Railo Presentation Railo 3.1
Railo Presentation Railo 3.1Rhinofly
 
Introduction to building joomla! components using FOF
Introduction to building joomla! components using FOFIntroduction to building joomla! components using FOF
Introduction to building joomla! components using FOFTim Plummer
 
Alfresco monitoring with Nagios and ELK stack
Alfresco monitoring with Nagios and ELK stackAlfresco monitoring with Nagios and ELK stack
Alfresco monitoring with Nagios and ELK stackCesar Capillas
 
Mageguru - magento custom module development
Mageguru - magento custom module development Mageguru - magento custom module development
Mageguru - magento custom module development Mage Guru
 
Understanding Framework Architecture using Eclipse
Understanding Framework Architecture using EclipseUnderstanding Framework Architecture using Eclipse
Understanding Framework Architecture using Eclipseanshunjain
 
Developing Joomla Extensions JUG Bangladesh meetup dhaka-2012
Developing Joomla Extensions JUG Bangladesh meetup dhaka-2012Developing Joomla Extensions JUG Bangladesh meetup dhaka-2012
Developing Joomla Extensions JUG Bangladesh meetup dhaka-2012Sabuj Kundu
 
LOGBack and SLF4J
LOGBack and SLF4JLOGBack and SLF4J
LOGBack and SLF4Jjkumaranc
 
LOGBack and SLF4J
LOGBack and SLF4JLOGBack and SLF4J
LOGBack and SLF4Jjkumaranc
 
LOGBack and SLF4J
LOGBack and SLF4JLOGBack and SLF4J
LOGBack and SLF4Jjkumaranc
 
LOGBack and SLF4J
LOGBack and SLF4JLOGBack and SLF4J
LOGBack and SLF4Jjkumaranc
 
Improved Joomla! 3.6 Updates
Improved Joomla! 3.6 UpdatesImproved Joomla! 3.6 Updates
Improved Joomla! 3.6 UpdatesSynapseIndia
 

Similar a Cutting corners from a wheel - (20)

Enrich your extensions with Joomla! ACL support
Enrich your extensions with Joomla! ACL supportEnrich your extensions with Joomla! ACL support
Enrich your extensions with Joomla! ACL support
 
Justin Herrin Comparing Joomla CCKs from jd12ne
Justin Herrin Comparing Joomla CCKs from jd12neJustin Herrin Comparing Joomla CCKs from jd12ne
Justin Herrin Comparing Joomla CCKs from jd12ne
 
Using spl tools in your code
Using spl tools in your codeUsing spl tools in your code
Using spl tools in your code
 
What is the Joomla Framework and why do we need it?
What is the Joomla Framework and why do we need it?What is the Joomla Framework and why do we need it?
What is the Joomla Framework and why do we need it?
 
Dolibarr module development
Dolibarr module developmentDolibarr module development
Dolibarr module development
 
David Rey Lessons Learned Updating Content Licensing To Be Plone 3 Compat...
David Rey Lessons Learned Updating Content Licensing To Be Plone 3 Compat...David Rey Lessons Learned Updating Content Licensing To Be Plone 3 Compat...
David Rey Lessons Learned Updating Content Licensing To Be Plone 3 Compat...
 
AtoZ about TYPO3 v8 CMS
AtoZ about TYPO3 v8 CMSAtoZ about TYPO3 v8 CMS
AtoZ about TYPO3 v8 CMS
 
jQuery Tips Tricks Trivia
jQuery Tips Tricks TriviajQuery Tips Tricks Trivia
jQuery Tips Tricks Trivia
 
Railo Presentation Railo 3.1
Railo Presentation Railo 3.1Railo Presentation Railo 3.1
Railo Presentation Railo 3.1
 
Introduction to building joomla! components using FOF
Introduction to building joomla! components using FOFIntroduction to building joomla! components using FOF
Introduction to building joomla! components using FOF
 
Alfresco monitoring with Nagios and ELK stack
Alfresco monitoring with Nagios and ELK stackAlfresco monitoring with Nagios and ELK stack
Alfresco monitoring with Nagios and ELK stack
 
Mageguru - magento custom module development
Mageguru - magento custom module development Mageguru - magento custom module development
Mageguru - magento custom module development
 
Understanding Framework Architecture using Eclipse
Understanding Framework Architecture using EclipseUnderstanding Framework Architecture using Eclipse
Understanding Framework Architecture using Eclipse
 
Developing Joomla Extensions JUG Bangladesh meetup dhaka-2012
Developing Joomla Extensions JUG Bangladesh meetup dhaka-2012Developing Joomla Extensions JUG Bangladesh meetup dhaka-2012
Developing Joomla Extensions JUG Bangladesh meetup dhaka-2012
 
KAAccessControl
KAAccessControlKAAccessControl
KAAccessControl
 
LOGBack and SLF4J
LOGBack and SLF4JLOGBack and SLF4J
LOGBack and SLF4J
 
LOGBack and SLF4J
LOGBack and SLF4JLOGBack and SLF4J
LOGBack and SLF4J
 
LOGBack and SLF4J
LOGBack and SLF4JLOGBack and SLF4J
LOGBack and SLF4J
 
LOGBack and SLF4J
LOGBack and SLF4JLOGBack and SLF4J
LOGBack and SLF4J
 
Improved Joomla! 3.6 Updates
Improved Joomla! 3.6 UpdatesImproved Joomla! 3.6 Updates
Improved Joomla! 3.6 Updates
 

Último

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 

Último (20)

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 

Cutting corners from a wheel -

  • 1. CUTTING CORNERS FROM A WHEEL // Forkito ACL // FORKITO
  • 2. FINAL GOAL Easy to use and understand ACL system Reusable ACL library compatible with most widespread Joomla based projects FORKITO
  • 3. FORKITO ACL FLAVORS Ţ Joomla fork flavor (working - oh yeah) Ţ Molajo flavor (in progress) Ţ Nooku flavor (planned) FORKITO
  • 5. JOOMLA FORK FLAVOR Did he really say that? FORKITO
  • 6. JOOMLA FORK FLAVOR Starting point for the whole project. Used as proof of concept FORKITO
  • 7. Joomla fork form == contains changes to 70+ files due to poor Joomla ACL implementation in application layer Joomla - ACL hardcoded everywhere revision 7 FORKITO
  • 8. COVERED PARTS New forkito ACL library Joomla library methods are changed to proxies to a new library methods Includes internal methods that take care of backwards compatibility with old Joomla ACL FORKITO
  • 9. COVERED PARTS Web application framework layer Ţ categories Ţ menus, Ţ modules, Ţ plugins Mainly changes to multiple items queries FORKITO
  • 10. COVERED PARTS Application Ţ Backend components: com_categories, com_menus, com_modules, com_plugins Ţ Content components: com_content (back and frontend) Ţ Pagenavigation plugin- Contains changes to 37 php and 15 xml files, most extensive changes to com_users and com_content FORKITO
  • 11. WHERE I CAN GET IT git clone git://git.forkito.org/forkito FORKITO
  • 12. MOLAJO FLAVOR FORKITO
  • 13. Completely new classes Where most development goes at the moment The most important part FORKITO
  • 14. Molajo ? - web application layer will be completely redone together with components - layer includes hooks for ACL plugins Just few library overrides (JUser, JCategories, JMenu … ) Joomla compatibility methods removed – extension either uses Joomla or Forkito ACL FORKITO
  • 15. Molajo ? - web application layer will be completely redone together with components - layer includes hooks for ACL plugins Just few library overrides (JUser, JCategories, JMenu … ) Joomla compatibility methods removed – extension either uses Joomla or Forkito ACL yes, it can be done FORKITO
  • 16. NOOKU FLAVOR FORKITO
  • 17. Will come after Molajo flavour it is expected that only minor changes will be needed in Forkito ACl for it to work with Nooku framework. Forkito will represent an addon library here FORKITO
  • 18. Unified ACL // Forkito to Joomla ACL comparision// FORKITO
  • 19. REMOVED VIEW ACCESS LEVELS AND ADDED VIEW TO ACTIONS 50% less users effort needed, 50% less complicated. View == action No need for a separate ACL system for managing view permissions. onfusing for the user and inefficient from the system point of view. FORKITO
  • 20. RADICALLY IMPROVED AND SIMPLIFIED USER INTERFACE Ţ Simple matryx of groups and actions Ţ One-click permission changes Ţ Instantly visible changes in inherited values FORKITO
  • 21. SIMPLIFIED OPERATIONAL LOGIC Lower level always wins Global >Component>(Category)>(Item) Anything set on the lower level beats what was set on the higher one (denied or allowed) Assigned permission beats inherited Users are auto assigned to parent groups, so anything that is set in parents will affect user's permissions, but only if it is not set explicitly in assigned groups. FORKITO
  • 22. SIMPLIFIED OPERATIONAL LOGIC If one group gives you access you are in (key analogy) If you have a key that opens certain doors, it doesn't matter if another key doesn't work, you still can get in. When user is allowed to do something trough his membership in one of the assigned groups, all others are irrelevant. FORKITO
  • 23. DRY-ED AND RE-ARCHITECTURED No code repetition A single method for a single purpose. Classes reusing other classes methods and not replicating them. Very low amount of code, will cut off even more in the future. FORKITO
  • 24. JSON ENCODED RULES REPLACED WITH PERMISSIONS TABLE JSON encoded string of permissions, stored in simgle database field was one of the most horrible ideas ever seen in Joomla This kind of code crimes should be punishable with at least 100 hits with a stick. FORKITO
  • 25. WHY ? FORKITO
  • 26. It totally disables any database relations, conditional searches etc. with enormous impact on performance. FORKITO
  • 27. To retrieve a list of items user has a permission to view (or edit or do any action) code would need to query for ALL items, unpack json string item by item and check permissions each item separately. Now imagine you have 100.000 or even 1 million items to inspect one by one and try to imagine how long that would take and e.g. how much memory it would consume. Get the picture? FORKITO
  • 28. Having JSON in a database == a performance problem => you need more efficient system for managing thousands of users trying to view pages => you "solve" the problem by inventing another ACL system called access levels FORKITO
  • 29. ALWAYS PRESENT BASIC SYSTEM GROUPS Groups that cannot be removed or their role changed While this might seem like a backwards step, this groups are really corner stones that CMS ACL cannot work without. Equivalent to unix wheel and anonymous groups roles. Having groups system can always rely on -> RELIABILITY, better performance and better security // including root configuration hack that is not need anymore // FORKITO
  • 30. ALWAYS PRESENT BASIC SYSTEM GROUPS Everyone - Not-authenticated - anonymous visitors - Authenticated – anyone that is logged in -- Admins – replacing global core.admin permission (equivalent to unix wheel group) FORKITO
  • 31. Simple API // Hod do I implement it // FORKITO
  • 32. API GOAL Create minimal number of humanly understandable (self explaining) classes and method names. FORKITO
  • 33. CHECK AUTHORIZATION - MACCESS CLASS Check single item's authorization : isUserAuthorizedTo + shortcut: isUserAuthorisedToView FORKITO
  • 34. CHECK AUTHORIZATION - MACCESS CLASS Check multiple items authorization (by automatically inserting filtering sql in multiple items queries): insertFilterQuery FORKITO
  • 35. MULTIPLE ITEMS AUTHORIZATION EXAMPLE JPluginHelper::_load() Joomla $levels = implode(',', $user->getAuthorisedViewLevels()); ... $query->select('folder AS type, element AS name, params') ->from('#__extensions') ->where('enabled >= 1') ->where('type ='.$db->Quote('plugin')) ->where('state >= 0') ->where('access IN ('.$levels.')') ->order('ordering'); FORKITO
  • 36. MULTIPLE ITEMS AUTHORIZATION EXAMPLE Forkito ACL $query->select('e.folder AS type, e.element AS name, e.params, e.extension_id, e.asset_id') ->from('#__extensions AS e') ->where('enabled >= 1') ->where('type ='.$db->Quote('plugin')) ->where('state >= 0') ->order('ordering'); jimport('molajo.access.access'); MAccess::insertFilterQuery($db, $query, 'e.asset_id', 'core.view'); FORKITO
  • 37. MULTIPLE ITEMS AUTHORIZATION EXAMPLE The same function is used in categories helper, modules helper, com_content articles model – anywhere where list of items needs to be filtered FORKITO
  • 38. USER INTERFACE Insert acl widget HTML: MHtmlPermissions::aclWidget Get ready-made acl widget in shape of Joomla form field: MFormFieldAclwidget Very simple to include ACL widget in your component layout FORKITO
  • 39. Future // Short term // FORKITO
  • 40. Testing, testing. Bugfixing. Testing. Bugfixing. Bugfixing. Testing. Testing. Bugfixing. Testing, testing. Bugfixing. Testing. Bugfixing. Bugfixing. Testing. Testing. Bugfixing. Testing, testing. Bugfixing. Testing. Bugfixing. Bugfixing. Testing. Testing. Bugfixing. Testing, testing. Bugfixing. Testing. Bugfixing. Bugfixing. Testing. Testing. Bugfixing. Testing, testing. Bugfixing. Testing. Bugfixing. Bugfixing. Testing. Testing. Bugfixing. Testing, testing. Bugfixing. Testing. Bugfixing. Bugfixing. Testing. Testing. Bugfixing. FORKITO
  • 41. USER INTERFACE IMPROVEMENT Inheritance breadcrumbs - show what this level is inheriting from FORKITO
  • 42. Future // Long term // FORKITO
  • 43. MORE ROUNDS OF SIMPLIFICATION Simple mode - flatten inheritance , keep only default and category (or item) permissions FORKITO