Hi JJ,

If you are wanting to implement a security layer so that people can't access information that they should not be allowed, then you have to implement this very carefully. You may be aware that in Joomla there are often lots of different URLs that can be used to access the same articles or component pages, so any time you try to protect things via URL or menu item you have to ensure that you have covered all bases. In fact, protection by URL or menu item [e.g. by assigning a module to a particular menu item] is usually not sufficient.

My disclaimer is therefore that if you want tight security over people accessing certain parts of your site, a scheme such as you have proposed with MetaMod is unlikely to be sufficient unless you have a very good knowledge of Joomla and can cover all the different ways that content can be accessed.

Disclaimer over.

Ok, so some practicalities:
1 - if you want to simply remove a main menu item with MetaMod, then remember that MetaMod only works at the level of modules, not menu items. It can swap between 2 different modules, so if you can set up 1 module that has the menu item and 1 module that doesn't, then that's fine. However on your site it looks like the main menu is provided as part of the template rather than as a menu module, correct? In that case, MetaMod would not even be able to swap these in or out.
2 - Chameleon, on the other hand, is able to remove individual menu items, in most cases irrespective of the module or other structure used to display the menu. So I would recommend the use of Chameleon to remove menu items, rather than MetaMod in this case.
3 - Chameleon also has GUI controls for most things (you can code in PHP as well if required). e.g. you can get it to detect conditions such as article id, menu item, domain, device, URL etc, then in the "actions" section you can tell it which menu item(s) to hide, which template variation to use, and if required do a redirect to a certain page or URL.
4 - Detection of client IP address in Chameleon is not a GUI control but is easy to do in PHP.

So I think Chameleon would be a better fit for this task.

Off the top of my head I would suggest setting up some rules in Chameleon such as the following:

rule 1 - detect "full access" ip address range. If detected, bypass the rest of the rules for performance reasons.
rule 2 - detect "external" ip address AND attempt to access internal databases. If detected, redirect to an error page.
rule 3 - detect normal "external" access. If detected, remove certain menu item(s).
rule 4 - detect "staff" ip address AND attempt at illegal access. If detected, redirect to an error page.
rule 5 - detect normal "staff" access. If detected, remove certain menu item(s).

To detect IP address ranges you might be able to use something as simple as this in the PHP box in the rule:

if ($core_genius->check("clientip startswith 192.168.1.")) return true;

Returning true makes the rule "succeed", and the succeed action will be run (though if you have specified other conditions then all of them would have to succeed for the succeed action to be run).


Hope that helps,
Stephen