Another aproach

Events happening in the community are now at Drupal community events on www.drupal.org.
neurojavi's picture
Posted by neurojavi on May 28, 2007 at 11:41pm

Hi:

I've read the posts about having TAC and OG access control systems working together...
I think you have done a great job with t¡hose patchs but I like to avoid using patch as much as possible so I have been thinking in a way of doing the same with existing modules...

Modules used:
- OG promote
- TAC
- OG
- Node Auto Term [NAT]

The idea is to use the way TAC works with multi term nodes. From admin/help/taxonomy_access:
"The DENY directives are processed after the ALLOW directives. (DENY overrides ALLOW.) So, if a multicategory node is in Categories "A" and "B" and a user has ALLOW permissions for VIEW in Category "A" and DENY permissions for VIEW in Category "B", then the user will NOT be permitted to VIEW the node. (DENY overrides ALLOW.)"

Think of this as an logical AND of permissions (ALLOW=1/DENY=0)

Procedure:
First we need to create a vocabulary named Groups in which the terms would be the different groups names.
We need to activate this vocabulary for all content types planned to be used in groups.

For each new group we need to take the following steps:
1.- We create a term in Groups vocabulary for each new group created (this can be automated with the NAT module by creating a term in Groups vocab for each node of type Group created).
3.- We create a role for each new group created (this can't be automated)
4.- We go to TAC an set permissions for the new role to deny all actions in all terms but its own term (we can set the defaults to deny all to allow automatic deny of all actions in future groups), so we only have to change it one time.
5.- We need to tag each node created in the group with the corresponding Groups vocabulary term.
6.- We can now assign all the other taxonomy terms we want...

This way the TAC permissions given to regular taxonomy terms would be ANDed with the permissions for the Groups term and this would result in any user who access a group node to be forgiven to do any action if it doesn't belong to the group.

This is only an idea for discussion... I haven't tried it.

If this is feasible, we can think in a solution to automate all the process.
Perhaps with a modification in OG to allow optional creation of a term (if we don't want to use NAT) and a role for each group (and setting TAC permissions) plus a way to do automatic tagging of the nodes attached to an OG would be enough?
Or perhaps it would be better to do it in a new module to avoid unneeded add dependencies to OG.

Bye.-

Access Control

Group organizers

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds: