The absent ARO tables
are scheduled to be implemented in a later version of Joomla!.
Error Handling and Security
[ 326 ]
In the short-term, when we create extensions that use Joomla!'s implementation of
permissions, we should create a separate file with all the necessary calls to the ACL
_mos_add_acl() method (as demonstrated in the preceding example). This way
when Joomla! ultimately supports the ARO tables, we will be able to easily refactor
our code to incorporate the new implementation.
Calls to the _mos_add_acl() method must always be made prior to
any permission checks. If they are not, the extra permissions will not
have been applied in time. The best place to add the permissions is in
the root extension file (this will depend upon the extension type).
Once we have added all of our permissions we will probably want to check if the
current user has permissions. There are various ways of achieving this; we are
encouraged to use the authorize() method in the JUser class:
$user =& JFactory->getUser();
if( ! $user-> authorize('com_myExtension', 'manage') )
{
JError::raiseError(403, JText::_('Access Forbidden'));
}
If we are developing a component using the MVC architecture we use the JController
object to automatically check permissions.
Pages:
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450