Home » Groups » Access Control

Multiple Node Access Logic Patch

You are viewing a wiki page. You are welcome to join the group and then edit it. Be bold!
public
group: Access Control

It appears that agentrickard has created the solution to the problem for which the Access Control Group was originally created: The Multiple Node Access Logic Patch: http://drupal.org/node/196922

I have used this patch to successfully get TAC and OG working together. I'm including it in the next release of OG User Roles (5.x-3.0): http://groups.drupal.org/node/3700

As great as I think this patch is, it probably won't make it into Drupal core, for a variety of reasons.

If you believe in the mission of this group, to create a mechanism in Drupal by which all Access Control Systems can not only simply co-exist, but also respect each other's permissions, then I would ask you to support agentrickard's efforts. He needs folks to not only pontificate and theorize, but test out code.

As many of you know, I came up with a mechanism to make TAC and OG work together over a year ago. The problem with my approach is that it used an unsupported hook_nodeapi('access') and required a heavily customized hook_db_rewrite_sql(). The thought of trying to upgrade to Drupal Version 6.x with this beheamoth was frightening.

What is better about agentrickard's approach is that his integration is based upon the existing Drupal core node grants system. User configured access control logic is introduced during the node_access_grants_sql process.

The most significant argument that has been made against this is that it has a potentially negative effect on performance. I don't doubt that this is true, but then, within the existing Drupal core grant system, how would you ever implement mutliple node access requirements without requiring that users have all possible grants in order to view a piece of content? In short, absent a total re-working of the core system to support multiple node access, you will always have this problem when trying to accomodate more than one Access Control System.

So, if you really need to get multiple access control systems working together, and you want to do it today, this route seems to be a good way to go.

Thanks to all who have supported the efforts here to date. Please continue to do so as that's the only way we're going to effect some positive changes.

Thanks!