How to Make OG and TAC Work Together: Step 1

Events happening in the community are now at Drupal community events on www.drupal.org.
somebodysysop's picture
Posted by somebodysysop on April 11, 2007 at 5:11am

As I stated in the Group Description, my goal is to figure out how to make various access control mechanisms work together. I started this by trying to make OG and Taxonomy Access Control work together: http://drupal.org/node/122712

I now intend to share with you all exactly what I did. There are a number of hacks involved that I'm sure most of you won't want to get involved with, but the idea here is to demonstrate what I did, step by step, in order to solicit ideas from others on betters ways to accomplish the goal.

Step 1:

Install the OG User Roles 5.x module: http://drupal.org/node/87679

I created this module in order to define roles that are restricted by group. This plays a major role in my access control as my site is group oriented -- that is, virtually all of it's content is organized by groups.

The module can be downloaded here: http://ftp.scbbs.com/pub/drupal/og_user_roles/

Buyer Beware: It is not an official Drupal contribution, but my own hack to accomplish the stated goal. You may want to read the background on it (http://drupal.org/node/87679) thoroughly before deciding to install.

Anyway, this is step one to getting TAC and OG working together. I'll continue with the next step shortly.

Good luck!

Categories:

Comments

Done - note to others

Posted by Ricco on April 11, 2007 at 6:25am
Ricco's picture

I followed the instructions, and all went smooth as silk. To save others time, here are some notes;

*) you must have the og_forum module installed first. I hadn't, you can find it here; http://drupal.org/project/og_forum

*) it seems that you must disable the og_roles module before you try to enable the og_user_roles module. I hadn't and when I tried to enable the module, i got the happy message;

Fatal error: Cannot redeclare _user_roles() (previously declared in /...mypathinfo.../modules/og_roles/og_roles.module:199) in /...mypathinfo.../modules/og_user_roles/og_user_roles.module on line 244

that seems to lock me up for a few seconds... and would not let me even view my site... so use FTP and delete the og_user module (bring it down to your site of course first for backup) and then refresh your browser, and you can get back in, and continue.

??? note sure if I should put the og_roles module back, but will continue without until a problem developes, and/or will wait for a heads up from ron.

*) i have never applied a patch, but it is a simple line command via a terminal window. You can find instructions here; http://drupal.org/node/60108. And in effect it is s single command. In a terminal window position yourself in the directory you are making the patch, in this case the USER module. put the "user.module.og_user_roles.patch" file in that directory (found in the module that Ron created) and simply type;

patch < user.module.og_user_roles.patch

That's it... it all seems to work for me... can't wait till step 2

Cheers! Ricco

Well done

Posted by chrisroditis on April 24, 2007 at 9:54am
chrisroditis's picture

Somebodysysop, I would like to congratulate you for your efforts, and for sharing your results here with us!
Your module is imperative to building communities that are self managed and function as real life groups of people allowing each person to have a different role in each group he belongs.

What I was wondering is why you do not get a cvs account and maintain this module as a project in drupal.org? I think there are some modules already there that modify core in some way or another. Is this a new drupal.org policy or something?
My main concern is related to installation profiles. I would like to see an installation profile that incorporates your module and why not, even I would be interested in making one. As far as I understand, installation profiles can only include modules that don't modify core, is that right?

I hope you succeed in your quest to modify core(!) and include the hooks you need, till then you'll have a niche audience that will follow your footsteps and provide feedback when you need it!

{never give up}

A healthy disregard for the impossible.

Thanks for the Encouragement.

Posted by somebodysysop on April 24, 2007 at 5:46pm
somebodysysop's picture

Appreciate the kind words. It has been a tough road. When I applied for a CVS account, the CVS admin asked me to float my idea on the developers list and here in groups to get feedback. They aren't keen on modules that reqire modifications to core. And, of course, I can understand that.

So, I complied, but basically didn't get a lot of feedback. What feedback I did get generally was around the concept of using grant_records and other existing mechanisms to achieve my goals. With OG User Roles, that is simply not possible, for reasons I've explained time and time again.

One developer did give me a pretty good idea that I decided to run with: Since my module required only one change to Drupal core, albeit a pretty modest one, why not request a Drupal "hook" that would allow any module to incorporate the same functionality? Essentially, my change to core is to the user_access function, allowing it to accept additional roles from my og_user_roles module before returning a user's permissions to access a particular node.

Before requesting such a change, I needed to be completely sure that it was all I needed. And, at this point, I'm not. There is at least one place where user->roles is called where it should return all roles including og roles.

At this point, I'm still mulling over how the hook should work. Should it simply add roles to the results of user_access (easier), or should it add roles to user->roles (harder, but possibly more complete) depending upon what the current group context is?

With these other core changes that I've been making, I'm actually strengthening my knowledge of Drupal access control and putting myself in a better position to decide what will and won't work. I'm also hoping to attract more individuals such as yourself who see the potential in access control systems that work together to deliver content in a much more secure environment. Without folks other than myself actually participating and contributing and testing this stuff out, it still remains a long and lonely road.

Again, thanks for the encouragement.

Finally Solved the Issues that required Core patches

Posted by somebodysysop on May 27, 2007 at 9:26pm
somebodysysop's picture

I've pretty much resolved the issues that required patches to the Drupal core in order to use OG User Roles. The latest resolution noted here: http://groups.drupal.org/node/3377#comment-12507

I will post the update module once I've completed all changes and testing. I also intend to request a CVS account immediately for OG User Roles.

Thanks to all of you who have supported this particular project.

Latest OG User Roles Distribution Posted

Posted by somebodysysop on May 28, 2007 at 7:20pm
somebodysysop's picture

The latest OG User Roles distribution is now available here: http://ftp.scbbs.com/pub/drupal/og_user_roles/

Version: 5.x-2.x-dev

Please test out and let me know if you find any problems.

Thanks!

Access Control

Group organizers

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds: