Home » Groups » Churches

Trying to come up with a private Journal module

mdlueck's picture
public
group: Churches
mdlueck - Wed, 2008-09-03 18:04

Greetings-

We have a need to come up with a Journal module for Drupal 5.x. I thought to start with Blog from the Drupal Core and adjust that to come up with Journal.

The trouble comes that Blog is very public, whereas Journal needs to be private on a per user basis, with possibly admin oversight. (I envision a check box on the "Access control" to enable this "root capabilities" mode.)

I keep trying suggestions, and always it seems when the suggestions do not work, then the last resort suggestion of installing one of the Access Control modules (TAC or TAC Lite) comes up.

Must I go to that extreme in order to have nodes that only the creator is able to access?

TIA!
Michael


Topic: Modules
» Login or register to post comments
 

Check out the Private Module

NonProfit@drupal.org's picture
NonProfit@drupal.org - Thu, 2008-09-04 01:19

Hi Michael, Private looks like it would work as would the more comprehensive Nodeaccess. There are certainly more options to be found in the list of User access/authentication modules. Also, I'm uncertain regarding 5.x, but Views2 for 6 allows you to grant access by role or permission.

However, all this begs the question; if the author is the only one able to access the content, why do you want it published?

Blessings!

-NP


Login or register to post comments

Published / Non-Published

mdlueck's picture
mdlueck - Thu, 2008-09-04 01:53

I received a direct response suggesting why not flag the Journal node as non-published. When browsing other user's /journal/# indeed nothing shows up, however there is still access to other user's /node/# which are the actual Journal entries. Not Good!

I still wrestle with why would I need one of those contrib modules to successfully turn Blog into Journal?

Could I not harvest the magic those modules do and stick it into Journal?

When Drupal receives a request to display /node/#, what hookable methods fire early and I could do a check of if that node's creator ID is the ID that is requesting it be displayed? (Then later add "or admin permission happens to be checked")


Login or register to post comments

Getting closer...

mdlueck's picture
mdlueck - Thu, 2008-09-04 02:54

Seems the hook_view gets called when a page display request comes in. So at the begging of that method I inserted:

<?php
/**
* Implementation of hook_view().
*/
function journal_view($node, $teaser = FALSE, $page = FALSE) {

//Testing area...
  if($user->uid != $node->uid) {
    return drupal_access_denied();
  }
?>

And indeed I can no longer see other user's journal entries. Well, almost...

However, the page displayed is "doubled up" and the second page below the first page also starts out "Access Denied" but then shows content anyway.

Getting closer...

** I added the return; and now it does not display the content, but still doubles up the page. Getting ever closer...

**** I noticed that the "top page" has the "You are not authorized to access this page." text whereas the "bottom page" has the RSS link but not the text. I suspect this hook_view() is being called twice. So how is the correct way to bomb out of generating a page if a simple call to drupal_access_denied() is not the correct way?


Login or register to post comments