Organic groups and ACL compatibility

We encourage users to post events happening in the community to the community events group on https://www.drupal.org.
prcph's picture
Posted by prcph on March 13, 2009 at 10:10am

Hi to all,

Our organisation recently decided to change our CMS from Joomla to Drupal. We would like to use groups on our site and organic groups seemed the obvious choice. I suggested this to our site designer but he immediately flag a concern with incompatibility of the Organic groups module with the ACL module as he found information in the OG handbook stating that "you can't use this module with other node access modules". He sent a query 2 weeks ago at http://drupal.org/node/384094 but has so far received no replies.

I also found a thread at http://drupal.org/project/og_user_roles which states that the OG user roles modules supports ACL. Does "support "mean that it is compatible? And does this mean that the OG module is as well?

Is the Organic groups module compatible with the ACL module? How can we use both OG and ACL modules together?

I apologise if I have not posted this query to the right group, but I am only a user of Drupal and our site designer will not go ahead and install the OG module unless he has "some facts" to assure him that using the OG module will not cause any incompatibility with the ACL module, especially with regard to security and site-wide access control.

Can anyone point me in the right direction?

Categories: ,

Comments

OGUR, TAC, OG and ACL

Posted by SomebodySysop on March 13, 2009 at 6:23pm
SomebodySysop's picture

Thank you for your post. Before you go any further, please note that the moderator of the Organic Groups module also does not support OG User Roles. See his comments and my response here: http://drupal.org/node/313291#comment-1029133

That said, OGUR support of ACL is explained in detail here: http://groups.drupal.org/node/5392

There are a number of posts in this group where people have reported their success (or lack of) in getting this to work.

The opening paragraphs at the top of this group http://groups.drupal.org/access-control lay out my reasoning and guiding philosophy for both the OGUR module and it's TAC/OG integration functionality. In the almost two years since that original post, a lot has been said, but little done beyond what is available in OGUR for addressing the issue of OG / TAC / ACL integration.

Hope this helps.

Clarification

Posted by agentrickard on April 5, 2009 at 10:27pm
agentrickard's picture

It should also be made clear exactly what "incompatibility" means.

OG generally works fine with other node access modules -- it is, in fact, the ur-node access module from which all others are derived. However, node access in Drupal is an -OR- permission system, not an -AND- permission system. That means if one node access module grants access, another cannot take it away.

Attempts to correct this in D5 and D6 have met with limited success. In D7, however, the new database layer makes this much. much more likely. (sombodysysop and I had a patch that almost worked, but breaks pagination.)

(Note also that the newest version of OG allows you to use drupal_alter() on its grants before they are written to the database, which makes creating custom OG rules much easier.)

--
http://ken.therickards.com/

--
http://ken.therickards.com/