In a previous article, we created 6 new groups and connected them to Access Levels. In this article, we will we will review steps 5, 6, 7, 8 and 9 of the Custom Group creation process and then test the back end of our new Demo network.
#5 Create an Administrator Menu to appear on the left side of the Front End whenever an administrator logs in
Several new menu items will be needed for the Administrator end of our website to be accessed by various levels of all six new administrator groups. We could just add these menu items to the main menu. But it is better to leave the Main Menu for links needed by the General Public. We will therefore create a new Administrator Menu and place it on the right side of our home page. This way whenever an administrator logs into the front end of our website, there will be an obvious new menu that pops up with the links they need to use to go to their particular areas on our website. To create a new Administrator Menu, log in as a Super User and click on Menus, Manage, Add New Menu. For Title, type in Administrator Menu. For Menu Type, type in administratormenu (no spaces). For Description, type in Administrator Menu. For client, leave it set for Site as we want this to display on the Front end of our website and not the back end.
Then click Save and Close. This will bring us back to the Menu Manager where our new menu now appears in the table of menus:
Click on “Add a module for this menu type.” For Module Title, type in Administrator Menu. For Title, leave it at Show. For Position, click on Helix title position. For Access, change the access to the Special Admin Access Level. This will allow all administrators access to the Administrator Menu – even though the actual menu items each group sees will depend on the access level of each menu item.
Click Save and Close.
Add the ARI Menu Module to Control the Appearance of our Admin Menu Module
To control the appearance of our Admin Top Menu, we need to add a new Menu Module that will allow is to move our Admin Menu to the top of our website pages. The Helix template offers a very powerful Mega Menu which we will review later. But it does not offer the ability to add extra menus. We will therefore need to use a different Joomla Extension to control the appearance of our Admin Top Menu. An easy free option in the Joomla Extensions Directory is called the ARI menu. Here is the link: https://extensions.joomla.org/extension/structure-a-navigation/menu-systems/ari-ext-menu/
Click on Download and download the extension. Then place it in your website Extensions folder. Then install it: Extensions, Manage, Install.
Assign the ARI Menu Module to the Helix title Module Position
Go to Extensions, Modules and click on the ARI module to open it. Change the title to Admin Top Menu. Change Show Title to Hide. Change module position to Helix title. Change Status to Published. Change Access to Special Admin. In Menu Parameters, change the Menu name to Admin Menu. Then scroll down and change the background color to Sky Blue #ccccff. Change the font size to 24px. Change the font wieght to bold. Increase the Font Size on Submenus to 16px.Then click Menu Assignment tab and change the module assignment to All Pages. Then click Save and Close.
Hide the existing Admin Menu Module
Click on the Admin Menu module to edit it. Change its status to unpublished. Then click Save and Close.
#6 Create Six Menu Items in the Administrator Menu to Display the Categories and Articles for each custom Group
Now we need to display our new categories and articles on our website. Click Menus, Administrator Menu and click Add New Menu Item. For type, select Category Blog. Use the Drop Down arrow to select the Service Provider Information category. For title, call it Service Provider Information. For Access, click on the Special Access Level (so all Administrator groups can see it). Then click Save and New.
For the remaining five groups, also use category blogs assigned to their categories. But for access, click on their precise access group. For example, the Information Team Tips Menu Item would be assigned to the Information Team Access Group.
Also go the Create Article Menu Item in the Main Menu and change its location to the Administrator Menu. Then click Save and Close.
This way, when Service Providers log into the front end of our website, they will be able to create and edit their articles and add images to their own images folder.
Here is what the Admin Top Menu looks like to a logged in Super User:
The power of Joomla Groups, Permissions and Access Levels is that we can define what different groups see when they log into the front end of our website.
#7 Assign at least one User to each custom group so we can test our system.
To test our new system, we will need at least one user assigned to each of the six new custom groups in addition to our super user. Earlier, we created email addresses for 20 demo group members, We then added 9 of these members using the back end control panel rather than having them register on the front end with our custom Member Registration form. Here we will add the Chair member to the Service Provider group. Click on the Chair to edit this member. Then click Assigned User Groups. Then check the Service Provider box.
Then click Save and Close. Then click on the Events Coordinator to add them to the Events group. Add the Information Coordinator to the Information Group. Add the Members Coordinator to the Members Group. Add the Newsletter Coordinator to the Newsletter Group. Add the Tech Team Coordinator to the Tech Team group.
We will keep the ViceChair in the Registered User group for now and add our remaining Service Provider members later. Here are our current members and their groups:
#8 Define Precise Permissions for Each Custom Group
After we have at least one user assigned to each custom group, we are nearly ready to set Global Permissions for each custom group. But first we need to install a Phoca Downloads component and a BW Postman Newsletter Component. We will explain how to use these later. For now, find each in the Joomla Extensions Directory. Then download them and install them.
Then go to to System, Global Configurations and click on the Permissions tab. The Permission Setting screen opens at the Public Table which has all permissions set in Red for Not Allowed:
Click on the Registered tab to display the Registered Permissions Table and you will see all they are allowed to do is log into the front end of our website. Then scroll down and click on the Service Providers Table:
Click on the Author Group Permissions table and you will see that they have the same permissions as the Services Provider group. This is because the Service Provider group inherits their Permissions from the Author group. Namely, the Author and Service Provider groups both have permissions to log into the front end and then create and edit their own articles.
Next click on the Information Team group Permissions Table.
The Information Team is allowed to log into the back end of the website. However, they are not allowed to do Super User tasks. They are also not allowed to edit the Options and Permissions areas. Accessing Administration Interface means being able to access anything by the Global Configurations tab. So it makes sense that this is turned off. What we want is for the Information Team group to be able to access the Phoca Cart Downloads Component.
Click on Phoca Downloads in the side menu. Then click on the Permissions tab. Then click on Information Team. Here are the default Permissions for this combination:
Unfortunately, the Information Team is not allowed to access the Newsletter Component. Change Inherited to Allowed for both:
Then click Save. Next click on the Newsletter Team Permissions Table. They have the same Permissions as the Information Team. This means that because the Information Team can access Phoca Downloads, the Newsletter Team can also access Phoca Downloads. What we want is for the Newsletter Team to be able to access the BW Postman Newsletter Component.
Click on BW Postman. Permissions Tab. Sadly, the Newsletter Team can not adminster BW Postman. Change this from Inherit to Allowed. Then click Save. Then click on the Information group again and note that they still can not administer BW Postman.
Next, we want to give the Membership Team access to the User Manager. Click on Users Permissions. Then click on the Membership Team. Change Access Administration Interface from Inherited (Not allowed) to Allowed. Then click Save.
We will eventually install an Events Calendar. But for now, we will simply give the Events Team access to the entire back end except Global Configurations. So click on Global Configurations at the top of the left side menu. Then click on Events Team. Change Access Administration Interface from Inherited (not allowed) to Allowed. Then click Save.
Finally, click on the Tech Team. This group has the same permissions at the Administrator group which means they have access to all Administration Interfaces (and everything else) EXCEPT they do not have access to Super User settings which means that they cannot access Global Configurations. They also do not have access to Configure Options. Change Configure Options from Inherited not allowed to Allowed. Then click Save.
Then click on the Fabrik component Permissions tab. Click on the Tech Team. Access Administrator Interface is already set to Allowed. But Configure ACL and Options is not. Change it to Allowed. Then click Save and Close. Note that we accomplished all of these Global Configuration settings without using the Deny Option for any action and without changing the settings of the Super User group.
How to Hide Components from the Control Panel Menu
The Component menu has many menu items we do not need. This includes the Banner and Multilingual Components. To simplify things on our Components menu, log into the back end as a Super User and go to Extensions, Manage Manage. Then select the Banners Module and Component. Then click Disable. Then select the Mulitlingual Association Component and click Disable.
#9 Test our New Access Control System…
Our last step is to test our new access control system. We will not be able to test our front end member access system until after we have created our custom registration form – which we will do in the next chapter. For now, we will just test our back end access system.
Back End Access Control System Tests
We next need to test the back end access control to make sure that each administrator group has the correct access to the back end of the website and to the correct tools on the back end of the website. Try to log into the back end as a Registered User. Hopefully, there is no access. Then try to log into the back end as a Service Provider. There should also be no access.
Next, log into the back end as the Information Team Coordinator. This time there is access to the back end and also access to Menus, Content, and the Phoca Downloads Manager.
Next, log into the back end as a the Newsletter Coordinator. This time there is access to Downloads Manager and the Newsletter Component.
Next, log into the back end as the Membership Coordinator. There should be access to the Downloads Manager and the Newsletter Component and the User Group (not the create user groups or access level – only the User Manager).
Next, log into the back end as the Events Team Coordinator. This group should see the same menu as the Membership Coordinator. Next, log into the back end as the Tech Team Coordinator. This group should see all of the tools in the back end with the exception of Global Configurations which is only displayed for members of the Super User group.
Now that we have a better understanding of the Joomla Access Control System, in the chapter, we will use Fabrik to create our custom Registration form.