Rules

In this section you can add, edit or delete rules for each component, category or item.

Before starting, lets explain what are these rules. Rules are the actions such as access, edit, delete etc. that users perform on your site. These rules are used in Permissions page to set who can perform what and later controlled by AceACL. Except the static Global Rules, other rules can be component, category or item based.

AceACL will automatically create 10 Global Rules after installation and they can not be deleted or modified. The purpose of this protection is because those rules are used by other components too.

10-Rules   10-Rules-Options

Global Rules


Login
: Restricts who can log-in in Front-end and Back-end separately
Access: Restricts who can access/view any component/category/item in Front-end
Manage: Restricts who can access/view any component in Back-end
Configure: Restricts who can configure any component in Back-end
Create: Restricts who can create any category/item in Front-end and Back-end separately
Delete: Restricts who can delete any category/item in Back-end
Edit: Restricts who can edit any category/item in Front-end and Back-end separately
Edit Own: Restricts who can edit it's own items in Front-end and Back-end separately
Edit State: Restricts who can edit the state (publish, archive) of any category/item in Back-end
Copy: Restricts who can copy any item in Back-end
Offline Login: Restricts who can log-in in Front-end and Back-end separately when your site is offline

You can also create as much rules as you want manually.

New/Edit Rule


Title
It's the title of Rule you will define. It can be whatever you want.

Component
If the rule will be used by more than one component then you should select "Global".

Category / Item
These are optional. If the rule will be component based then do not select any category. If the rule will category based then do not select any item.

Name
If you use the Component/Category/Item select boxes then the name will be generated automatically. You can also fill the name manually if you know the name of component and the ID of category or item. The rule name does also reflect it's level, component, category or item based. The format of rule names MUST be like this:

  Component: com_foo ==> com_content
  Category: com_foo.category.category_id ==> com_content.category.4
  Item: com_foo.item.item_id ==> com_conten.item.26

Action
This is the action that will be allowed/denied, such as edit, delete, move etc. It must be lower case. Generally you can get it from the non-SEF (Real) URL, like view=edit or task=move.

Client
Here you can set where the rule will be applicable (Front-end, Back-end or Both).

Level
Here you can select if the rule will be component, category or item based. If the Name contains .category.x then the Component option will be disabled. If the Name contains .item.x then the Component and Category options will be disabled. These automatic protections will be help to not make any mistake.


EXAMPLE RULE
Lets say that I'm using jDownloads component and I want to be able to set permissions for the Search page. In order to do that I should create a custom rule manually or expect to be create by the jDownloads extension for AceACL. Assume that it is not created by the extension and we should create it manually.

First of all, I must obtain the non-SEF URL: index.php?option=com_jdownloads&view=search&Itemid=133

2 variables of this URL suits to me, the option and view. So lets create the rule:

Title: Search page
Component: I can select the jDownloads component from the list
Category: None, do not select any
Name: If I've select the component above then it'll be automatically filled as com_jdownloads, otherwise I can use the option variable from the above URL
Action: search , I obtained this from the above link, view=search
Level: I'll select just Component as the search page is not affected by category/item

That's it. The rule is ready to be allowed/denied. Don't forget to set the permissions for this rule otherwise the Default action will be applicable because it's custom rule and there is no Global Rule like this so that the permssions could be inherited.