Hi folks,
I've run into a problem that I hope someone can help with. My library district has a lot of vendor database subscriptions, but a handful of these databases are only available at certain branches or just inhouse.
Currently we use a vbscript file that defines the branch IP range for each branch. If the vendor database is tagged with that branch in a home-grown SQL database access is limited to that branch.
I can't figure out how to limit access to vendor databases in Drupal using an internal IP range. We won't be having users log in at this point, so that isn't an option.
Currently, our databases are entered as a Content Type.
Are there any libraries out there that are doing this in Drupal? If so, can you please please drop me some hints?
Thank you so much in advance!
Virginia Franklyn
Web Developer
Pikes Peak Library District
Comments
I've never tried it, but you
I've never tried it, but you might want to check out Access Content Type by IP. While it is a relatively new module, and with few users, a brief code review shows the pieces fairly solidly in place.
Did it work
Virginia,
Did the "Access Content Type by IP" work for you.
I took a look at the module and it looks decent however I think it might be best to map ip address/ip ranges/hostnames to roles.
Might consider whipping out a module for that.
Thanks,
Arman.
Try ipAuthenticator
The ipAuthenticator module will map ranges of ip addresses to a role. I've installed and configured it and it seems to work as advertised. If someone is authenticated via username/password it will use that users roles rather than the role defined for the ip range they're on. We haven't put it into production but I had checked out for possible use by the circulation desk staff (which is often covered by students).
I haven't tried it yet
Hi there,
Right now we are going to try to restrict the IP range of certain databases on our Firewall, or if that doesn't work through EZProxy.
I'm guessing that Access Content Type by IP only lets you restrict by content type, but I need to restrict only certain entries in one content type.
With IPAuthenticator, I think the user would need to be signed in for it to work, but our users will all be anonymous, at least for now. Am I right about that?
But I haven't looked that closely at the modules because we're going to try the Firewall or EZProxy method.
Thanks to everyone for the input!
Cheers,
V
iPAuthenticator
"With IPAuthenticator, I think the user would need to be signed in for it to work, but our users will all be anonymous, at least for now. Am I right about that?"
Nope. The whole idea behind authentication via IP address is that one does not have to log in to authenticate. Essentially the way it works is that a user working on a machine within a specified IP address range, would be assigned to a designated role in addition to the "anonymous" role. I haven't looked at the Access Content by IP modules but I know that there is an "Access Content" module that basically adds an Access Control page for content types. I have not tried this module but it could be used with the ipAuthenticate module to provide roles based access to content types. I'm not sure what you mean by "restrict entries in one content type". Are you talking about field level restrictions?
More input
If you have relatively few IP-address-based roles, ipAuthenticator is great. With it, regardless of whether you're logged in or not, in addition to having either the "anonymous" or "authenticated" role, you also get the role(s) that match your IP address, so you get permissions that the role has. Virginia, you mention that each branch has its own IP range and would need its own access rules, and if you have a lot of branches, I recommend considering an alternate model than "branch = role". There's no hard cutoff, but the more roles in Drupal, the more administrative hassle there is. A very rough guideline is that administration starts getting cumbersome after 20 roles or so, but it's a gradual increase in hassle: it's not like 19 roles is a breeze and 21 roles is unworkable. Other than wanting to avoid a massive amount of roles, roles are the best way to manage permissions in Drupal.
The Content Access module is great for managing different permissions (by role) on a node by node basis for the same content type.
You can manage field by field permissions (by role) for a content type using the "Content Permissions" module that's bundled with CCK.
Finally, if you are using EZProxy, you may want to check out the EZProxy module.
Ah ha!
I didn't know that! Thank you everyone! I'll try out ipAuthenticator and let you know how it goes!
I'm a new mom and my head is mushy, so I REALLY appreciate the advice!
Update
Hi folks,
Just waiting for my server admin to return from FMLA, then I'm actually going to try to do this through EZProxy. Wish me luck!
Final Update
We managed to filter our databases using EZProxy. If anyone needs instructions on how to do this I can post them, thanks to Scot Colford at Boston Public Library.