I’ve created a »Group Content« content type, let’s call it »movie critics«. The idea is, that basically authenticated users can create movie critics (with the customized fields and stuff), but also group memebers of specific groups are being able to create movie critics based on that certain content type but for their own group audience.
I’ve set proper permissions (People, AUTHENTICATED USERS permission I’ve set a tick in »movie critics: Create new content« and also in »movie critics: Edit new content« | In OG permissions overview I’ve set ticks for NON-MEMBER in the field »Edit own movie critics content« and for each specific fields used by this content type. The field »Create movie critics content« is greyed out however)
Now when an AUTHENTICATED USER which is not in a certain group tries to create a movie critics, there will just appear the title field. He can insert a title and submit the entry; It will be approved, although requered fields, which he can’t access, but accordant to the settings should, are not filled.
Now the strange thing is this: When this certain user tries to edit his own movie critics all the fields, that do not show up while creating that content, will show up now and he can fill in everything.
That seems to be very strange. I really would apreciate if the authenticated user could access all those fields while creating the content in the first place and just after, when he edits again.
Can you reproduce this and/or know the solution to this issue?
I would really apreciate some help here (also can attach requested files if you tell me which to access)
Comments
I’m still concerned with this
I’m still concerned with this issue :S Can anyone help please?
My attention span in reading
My attention span in reading is sadly lacking, I have some difficulty trying to piece together what has been done .
What I understand about OG security is that it is a second set of security filter on top of the drupal wide restrictions. In other words if your drupal wide restriction allows him to create movie critic, he will be able to create it.
if the group restriction forbids him to create it inside a particular group - he will be restricted from creating that content as part of the group.
However if he has edit access, he can later change this content that does not belong to any group to be part of the group by editing Group Audience / reference field. In other words creating a security loop hole group security wise.
This is in contrast to group securities that completely override the site wide securities altogether. In which case once a user becomes a member of a group, the group restrictions become
applicable and the drupal wide restrictions are discarded - in other words he cannot create content anymore.
In the case of what you want to do, non members are just allowed to subscribe to a group and content creation or editing is reserved for members only, the fact that you allow non member to edit does not really make sense - in Creating the content Drupal gives him access but thee group forbids it. The problem you describe happens because both drupal and the group allow editing of content so a loop hole is created. In the case of what you want to do, the best way to do this is to use rules to subscribe him to the group once he starts making content.
Makes sense?
Makes perfectly sense! Thanks
Makes perfectly sense! Thanks you alot for your answer. Im not sure yet, if that’s the solution, that works for my project, but I am eager to try it out.
Can you explain me, how one does use rules for assigning members to a certain group, when they create content for the first time? Or any good site/documentation for an approach like this?
Thank you very much in advance
reply use RULES
You will need to get used to the "Rules" modules /admin/configuration/workflow/rules. Rules are triggered by events and creating content or joining Drupal or an OG are events. Rules allow you to define action items and processes.
The place to start are the help facilities and drupal.org. If you know PHP and using dbquery() it should be a breeze for you, the thing I struggled with initially are the availability of the data, I had some expectations on what are available and they are not there - this is due to my initial ignorance of the processes involved - example is I need the entity type but it is not visible before I create an entity because it is not yet saved in the DB .....
The authors of Rules tried to facilitate the process through tokens - I am figuring out that this severely limits the ability to create rules that I need... PHP is the way to go.
One other thing
Don't allow non members to edit content - you should be a group member before you create edit and delete. admin can edit and delete any. That will fix the loop holes. .... You need to automate subscription to the group - there is a subscription field available the non member can use this to subscribe once done he can create content. In your particular case putting in rules to post content maybe over kill but if the only reason to be a member is to contribute content then you can create a rule that automatically create content after subscription.