DOCman – Category versus document permissions

There’s been a lot of confusion lately about category permissions in DOCman. Many people are trying to use categories in the same way they are using documents. Let me try to clear up the misunderstanding.

DOCman uses Joomla!’s category system. This design decision dates back from the Mambo days (before Joomla! was born — yes, DOCman has been around for a while!) As you may know, categories in Joomla! have very limited access control, just like everything else: you can assign them to the Public, the Registered or the Special group. You can think of a category as just a box, with a label on it. But as you know, a label doesn’t prevent you from opening the box.

Documents on the other hand is where the cool stuff happens. Documents have two sets(1) of permissions: one for viewers, or users who can download the document, and one for maintainers, or users who can edit and update documents. The viewer and maintainer can be set to either

  • a Joomla! group (Author, Editor etc…)
  • an individual user
  • a custom group (a collection of users)

These effectively control access to a document. If the user is not in one of these groups, he can’t access the document.

The important thing to remember is that permissions in DOCman are controlled at the document level, not at the category level. Setting a category to Special or unpublishing it, will hide the category, but will not prevent access to the documents inside the category. You need to set the permissions of the document itself.

Golden rule:
Categories are just boxes.
The documents are the ones that have the locks.

(1) Actually there is a third permission, for the creator, which is the user who uploaded the document. This creator can have viewer or maintainer rights as well, even if he is not in the viewer or maintainer group. You can’t change the creator of a document. By turning on Override View or Override Maintain in Configuration -> Permissions, you can give all creators the rights to their own documents.

Read more

Optimize your Joomla! 1.5 component installer

Most developers know that a component can have an install.componentname.php, containing a com_install() function with your custom instructions. For example, copying files to different locations or inserting localized sample data. When these instructions fail, you can of course print a message about that. The result however, is that the user sees both your ‘Failed’ message, as well as Joomla!’s ‘Success’ message. Users find this is very confusing.

The solution is actually extemely simple: inside com_install(), you need to return false. This tells the installer that your custom script has failed, and a relevant error message will be displayed. There is an added benefit as well: the installer will perform a rollback, removing all the files in the process.

By the way: I’m blogging live from the Joomlatools Bug Squashing event in Brussels!

Read more

Hello world! at the Joomlatools Blog

Joomlatools blog is launched and it has already two entries on it! … Yay!

We are happy to be finally up and buzzing in the blogosphere, a great place to be! We will be blogging about what’s cooking in the Joomlasphere and especially about the things we are doing at Joomlatools.

Exciting stuff happening behind the scenes. We have a few surprises cooking. It’s going to be an great start of 2008, hint. Stay tuned for more information !

Read more