Access Control

Hello everyone,

I'm a complete newbie to writing Drupal apps and having not yet found anything which fits my needs properly, I'm setting out on writing a node access module which uses the site's primary navigation menu structure to define access permissions.

I'm still at a very early stage of planning, and the use case for the module is pretty specific, so I haven't even begun to consider all the "what-if"s associated with, say, what happens when the site admin decides to reassign the primary menu.

I'm considering developing a module to extend the functionality of TAC to role/field combinations. TAC works wonderfully for controlling access to whole nodes based on their taxonomy, but it's all-or-nothing; the module currently has no way of leveraging the per-field access control offered by Content Permissions.

I don't think the functionality belongs in TAC itself, as my proposed module is an additional layer of complexity that's specific to CCK content types.

Hi drupal !

I'm posting here to request a review of a module i'd just coded and that i would
like to submit on drupal.org. Before doing this, i would like someone to review
my module. Even if i'm pretty confident with my code which i've been testing for last
2 weeks, i would prefer others' advice.

About the module :
This module provides taxonomy based user control for user but unlike modules already
available on drupal.org with inheritance notion. For more information please read the
README (available below).

Thank you by advance.

Code is available here on github : http://github.com/baloo/taxonomy-access-user
Or as a tgz : http://github.com/baloo/taxonomy-access-user/tarball/master

Something I have had issues with on multiple sites I have worked on is administrative areas and permissions.

Example:
If I build a site for a client and then decide I want the client to be able to edit certain areas of the admin panel ("/admin/settings/site-information") but I don't want them to have full access to the administration area then there really isn't a good solution.

So, I ask... What exactly can be done about the issue? What would be some of the best work arounds?

I created a list of content permission modules that I have encountered with their weights on my system.

1. Can we create a comprehensive list?
2. How can they work together or should they. From your experience, what has been the worst and best combinations ?
3. what effect does module weight have on implementation of access? is it true that if access is already granted, it will not be restricted by another module that comes into play later?

Weight/ Name/ Version/ Brief description

0 Content Permissions 6.x-2.x-dev Set field-level permissions for CCK fields.
(admin determines)

Hi to all,

Our organisation recently decided to change our CMS from Joomla to Drupal. We would like to use groups on our site and organic groups seemed the obvious choice. I suggested this to our site designer but he immediately flag a concern with incompatibility of the Organic groups module with the ACL module as he found information in the OG handbook stating that "you can't use this module with other node access modules". He sent a query 2 weeks ago at http://drupal.org/node/384094 but has so far received no replies.

I also found a thread at http://drupal.org/project/og_user_roles which states that the OG user roles modules supports ACL. Does "support "mean that it is compatible? And does this mean that the OG module is as well?

Is the Organic groups module compatible with the ACL module? How can we use both OG and ACL modules together?

Hi,

Currenty i upgrade my version 5.9 to 6.2. What r the changes in my own module for drupal 6.7. What is the difference between 6.2 to 6.5. If u know any document recommend to me.

thanks & regards,
Gnanasekar Boju

Joomla has announced availability of new ACL: http://is.gd/iA5B and they seem pretty excited about it. Is that something for Drupal community to be jealous of?

If you come from a Java/J2EE background the clear answer is: NO (yes, in capital letters). You have to actually suffer from a structured, strict ACL to really appreciate the simplicity of a security system like that of Drupal.

Now, you may argue that Drupal security is slightly over-simplistic and too code-oriented (makes us, the developers happy) for "business" use.

A client of ours -- a university -- has quite an extensive hierarchical menu structure. They want the ability to take a top-level menu item, such as "Current Students" and control which roles can manage (create/edit/delete, based on their role's permissions under admin/user/permissions) and view the content under that section. Permissions should cascade down to sub-items in the tree unless explicitly overridden. They also need to then restrict access to adding new pages underneath menu items they do not have access to.

Here's a mock-up that describes what we're after, since it's easier than me explaining. :) Also, I should point out that this is for Drupal 6.