Best Practice ? Group admins creating private content targeted at specific group members

We encourage users to post events happening in the community to the community events group on https://www.drupal.org.
charlied's picture

My site distributes central content via 3rd parties who each manage manage a content group (eg groups A, B ...).

Each group manager manages a group of members with whom they have a commercial relationship. (eg A manages group A with members A1, A2 ...).

Group managers supplement central content with shared group content AND add specific commercially sensitive content nodes (eg X1, X2...) which are INDIVIDUALLY TARGETED at each member in their group. (Eg A may create node AX1 which should only be readable by A1, AX2 which is only readable by A2 .... etc).

Group managers must only be able to see the ...X... content for their group, Members must not be able to see the member specific content for any other member in any group.

My current approach is to use Drupal 7 OG to manage the groups, members and group privacy and then control the visibility of the member specific content type with hook_node_access. This hook will test a target user field in the content type to check if access is allowed by that user. Is this the best approach ? Thanks.

Organic groups

Group organizers

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds: