Quick links: Content - sections - sub sections

If a module has to implement access control or right management, you have to:

  • create some rights you'll use.
  • optionally store them with the driver setup for jAcl2, an LDAP driver or a database driver like jAcl2.db
  • then, use jAcl2 static methods to check if the current user has this or that right on it.

If your jAcl2 driver supports user groups, you don't have to bother about them, your driver will take care of. Of course a jAcl2 driver can use jAuth as authentication system.


First step: you must install the jacl2 module.

php dev.php module:configure jacl2
php install/installer.php

You must also indicate the driver to use.

Drivers are plugins in jAcl2 system. They are stored in acl2 folder of a plugins repository. A jAcl2 plugin is a class fooAcl2Driver (foo being the plugin name) implementing jIAcl2Driver interface and located in foo.acl2.php file. As for example, "db" driver is the class dbAcl2Driver in db/db.acl2.php file.

To set the driver, you have two choices:

  • if it is provided by a module, like jacl2db, just install the module. If you want to use jAcl2.db, see configuration of jAcl2.db for details.
  • If a plugin is provided without a module, just indicate its name into an acl2 section in your application configuration:


Since Jelix 1.6.8, there is also a "dbcache" driver, which is similar to the "db" driver (it works with jAcl2.db) but stores also rights results into a cache using jCache.

Check a right with jAcl2

As jAcl2 discovers on its own the current user, you have on 99% cases only one method to use: jAcl2::check().


It will probably be the most used method for checking rights. It returns right or false, of course. Its parameters are a right name, and optionally a resource id. Example:

if( jAcl2::check("cms.articles.create")){
   // current user has the right to create an article
   // current user has no right to create an article

If you want to check a right about a precise resource:

$article_id = "opinions";

if( jAcl2::check("cms.articles.update", $article_id)){
   // current user has the right to modify THIS article
   // current user has no right to modify THIS article

If the value of the resource is empty or equal to "-", it means "every resources".


This method act like jAcl2::check(), but for a specific user, not for the current user.

if( jAcl2::checkByUser("john", "cms.articles.create")){
   // the user "john" has the right to create an article
   // the user "john" has no right to create an article

Automatic checking

The installer of the jacl2 module, setup a coordinator plugin for jAcl2. This plugin check rights automatically before calling a controller.

You should have this configuration:

jacl2 = "1"

The plugin have a configuration in a coordplugin_jacl2 section:

  • on_error should be equals to 1 for web service entry points (soap, jsonrpc, xmlrpc...)
  • error_message indicates the selector of the localized string containing the error message
  • on_error_action indicates the selector of the action where the application should redirect when check fails.

The plugin will try to retrieve these plugin parameters in your controllers: jacl2.right, jacl2.rights.and, jacl2.rights.or.

To check only one right, use jacl2.right:

   public $pluginParams = array(
        '*' => array( 'jacl2.right'=>'right', ...)

Or, to check a sequence of rights about the current user, use jacl2.rights.and:

   public $pluginParams = array(
     '*' => array( 'jacl2.rights.and'=>array('right1', 'right2', ..)

Or else, to check if current user has any of a sequence of rights, use jacl2.rights.or:

   public $pluginParams = array(
     '*' => array( 'jacl2.rights.or'=>array('right1', 'right2', ..)

template plugins ifacl2 and ifnotacl2

jAcl2 comes with two template plugins useful to conditionnally generate content upon rights criteria. Their arguments are the same of jAcl2::check().

  {ifacl2 "cms.articles.create"}
    <input type="button" value="create an article" />
   <p>You cannot create an article.</p>

{ifnotacl2} is of course the contrary to {ifacl2}, ie. it tests if the user does NOT have the given right.

You can also indicate resources:

  {ifacl2 "cms.articles.update", $article_id}
    <input type="button" value="Edit article" />