access control

I am using the content profile module. After creating a content type, Bio, and designating it to be used as a user profile, users get an access denied message when attempting to view any profile other than their own. I created several Bio nodes for several users. According to the content profile release notes, those nodes are accessed through mysite/user/userid/profile/bio. Those nodes are only visible to their creators or the administrator. All others get the access denied message. I have given all users permission to access content.

I'm considering developing a module to extend the functionality of TAC to role/field combinations. TAC works wonderfully for controlling access to whole nodes based on their taxonomy, but it's all-or-nothing; the module currently has no way of leveraging the per-field access control offered by Content Permissions.

I don't think the functionality belongs in TAC itself, as my proposed module is an additional layer of complexity that's specific to CCK content types.

Hi drupal !

I'm posting here to request a review of a module i'd just coded and that i would
like to submit on drupal.org. Before doing this, i would like someone to review
my module. Even if i'm pretty confident with my code which i've been testing for last
2 weeks, i would prefer others' advice.

About the module :
This module provides taxonomy based user control for user but unlike modules already
available on drupal.org with inheritance notion. For more information please read the
README (available below).

Thank you by advance.

Code is available here on github : http://github.com/baloo/taxonomy-access-user
Or as a tgz : http://github.com/baloo/taxonomy-access-user/tarball/master

I'm currently doing a proof of concept for Drupal as our Enterprise wide CMS. Our current site is http://www.cdha.nshealth.ca/. The current site is in a complete mess, and lacks and any decent functionality. We currently have 160+ sections on this site with approximately 200 contributors managing their own content.

Not sure if the title is good enough to describe this problem, but here goes...

I've had some small input into the KML module (http://drupal.org/project/kml). This generates KML (Google Earth) files which show placemarks for content with locations. While rather cool this can be very slow when you have many nodes with location information.

Something I have had issues with on multiple sites I have worked on is administrative areas and permissions.

Example:
If I build a site for a client and then decide I want the client to be able to edit certain areas of the admin panel ("/admin/settings/site-information") but I don't want them to have full access to the administration area then there really isn't a good solution.

So, I ask... What exactly can be done about the issue? What would be some of the best work arounds?

Hi,

I have a multisite set-up, using the LDAP module for authenticating users (which means that all my users can log in to all sites). What I would like to happen is that each site inherits an "Editor" role when set up, with my list of standardised permissions. I can update the permissions in one place & this will affect the "Editor" role on each site.

What I don't want to happen is for a User to keep this role across sites - If you are in the Editor role in Subsite1, you shouldn't have the role in Subsite2, unless it is subsequently assigned to you.

Some time ago I proposed a new access control system for Drupal, which would allow the creation of access rules based on various criteria, kind of like the filters in Views.

http://drupal.org/project/content_access
http://drupal.org/project/nodeaccess
I think there are some more access / permission UI modules but those two look for me nearly absolutely identical except content_access uses ACL for user permissions.

BTW: I see sometimes a block "Recommendation: Related projects" when accessing projects.. who is maintaining those information? Is it automatically tag based? Because in both cases each other isn't showing up.

I eventually want to hunt for someone to do development on this idea, but first I'd like to find out how it can be designed to be of greatest benefit to the community.

I want to be able to manage access to a node, with CCK fields. The node should be viewable by both a role and at least a single (ideally multiple) user(s) not in the role.