In a rather embarrassing episode, my 2-factor, super secure server with a J-Cook component installed made me squirm yesterday.

Turns out that you can access a component directly and it cuts through all the protection.

How can I set a DEFAULT VIEWING level (its not in ACL options) in a J-Cook component to make 100% sure that a GUEST (i.e not logged in) cannot access the componnent in anyway whatsoever via (i.e VIEW access)

(website)/components/mycomponent

or

(website)/index.php?option=com_mycomponent

I could program in a way of checking if signed in, but I would have thought I should be able to set this quite easily with hacking the code

EDIT : Write this in the entry file

A new ACL to create : core.access
Gonna include that. It has been asked many times.
Thank morgan, again, and sorry for beiing so long to react to that.

hi,
I have similar question so I've digged that topic out,

I have many views in component they are linked with custom buttons in style:
component/componetname/name/default?filter_status=1"

In Joomla menu I use "external links",
not default component page linking
to avoid page title to be replaced by menu position name.

but
i have many views dedicated to many users groups/acls

I thought I could use Joomla "hidden menu" to assign views to ACLs
but it doesn't work...

any ideas how to secure all

?

Don't want to fork all,
i can make some redirections in htaccess to collect all versions of pages
to one menu posistion...

Do you know the better way?

Normally, every filter is instancing a menu selector.

Is it it working for state filter ?
Must check it out...

hi Admin,
thx for replay,

there are fk filters,
bool filters are not included.

///////
Simplest problem looks like this:
-in component settings admin and user have rights to write, edit state etc i want to base on joomla acl

-we have 2 views
1 view - read only collection
2 view - editable collection with some secret data displayed

1 view is for user (acl in menu)
2 view is for admin (acl in menu)

than i have 50 other views that are not in main menu linked somewhere inside the component,
-25 for user
-25 for admin

I create hidden menu with all 50 that views and attach acls
I create htaccess that redirects

(website)/components/mycomponent/xxxxx/yyyy

and

(website)/index.php?option=com_mycomponent&view=xxxxxxxxxxxxx&layout=yyyyyyyyyyyy

to hidden menu position.

am i doing it right?

Sorry for late answer.
You can effectively do that, but if you want a better security, add some ACL by yoursefl at the very critical points.

I am gonna dig in more profundly because users have asked such thing. Limiting the access of the VIEW page by ACL (normally, we think in term of datas access.)

By the way. The boolean filter is now available in the last version:
www.j-cook.pro/index.php/docs/versions/215-2-8-2

I ve been doing some approaches with differing view and edit access
for many user groups or acls but by the end of day
separate collections, separate flys and separate forms linked properly with each other,
were simplest and most effective solution.

Limiting the access in builder would require adding id or name of group or ACL that is in other instance of Joomla,
no idea how to solve that easier...? Or in config on joomlas backed?

Second issue what was necessary and universal,
was to connect viewing records ACL with authors groups
for example if user is in group A,
and saves the record all users for group A have also access to that record,
but
when user is is many groups there was a problem,
should we define actual context...?

but when trying to allow users to edit only owns groups records
and have other records view only made
mess like hell


Thinking about data access
you mean adding ACLs to columns in table?
hmmm that would simplyfy a lot...


PS thx for filters in menu items!

The thing with Jooma is that you can do that easily.
I mean, you can filter by ACL literraly what you want.

First, define new ACL aliases in access.xml.
Then, insert the code for limiting access to a layout, or to view a particular column.
Finaly, map your groups to those ACLs

A second way, totaly different, is to apply an access to the records, using the 'viewaccess' feature. (using viewlevels).
Choose the Access wizard for every table you are using.
Defined some custom accessleves in the joomla core.
Associate the rows with the accesslevel you want.
That way, the layouts stays availables, but not the datas.

Joomla is quite exhaustive (compared to WP) in that way.
It depends what is your plan.
If you need more help, just tell me in private what is the map of the restrictions you want, I am hirable for such particular cases.

for now we have managed to make everything more or less to work,
but in the near future there is a high possibility of code refactoring,
now we have to sell some solutions to continue the work,
we will let you know it that happens.
thx for offering help.

You are welcome.