I've set up my site successfully, each teacher has access to their particular class group(s), and all seems to be going well. What I would like to do is create an FAQ page that only my roles "instructors" and "principal" have access to. This is a page where I will post FAQ teasers to. It could work by creating a Content Providers FAQ group, and subscribing all of the instructors and the principal to it. However, I don't really want it to show up in their personal "my groups" listing, I'd really rather it was just a page in the menu that shows up when the user fits that role. I can handle the menu part, but how do I do create a page that is only visible to certain roles, without creating a new "Content Providers" group? And how do I get my new "faq" content type to show up on that page, if I'm not using a group/audience? Can it be done?
Comments
Figured it out
For any other newbie out there who is as overwhelmed as I am by all the options, this was actually quite easy to do, once I remembered to forget my traditional "HTML page" concept! I created a new content type (FAQ_for_providers) that only I have access to create and edit. I created a View as a Page that only contains this FAQ_for_providers content type, then choose who had access to it (my instructors and principal). I gave this view a menu listing. Now it shows up for all my logged in instructors and principal, and no one else sees it.
This could also be done via either workflow access
or content access --
You would just need to be careful and make it so your various node types are only subject to one form of access control, ie, a node type subject to OG isn't also governed via workflow access.
This method would actually restrict access to the page, making it securely private, as opposed to difficult to find.
Cheers,
Bill
FunnyMonkey
Tools for Teachers
FunnyMonkey
thank you
Thank you for posting that answer. It is exactly this type of recipe that is valuable to me, as a fellow newbie.
workflow and content access?
Hi, Bill.
Hmmm, two questions. First, if I log in as a parent and type in the URL to my FAQ for Providers page, it gives me an access denied page. Is there really a security concern? Not that the content is really private, but it seems to me it is securely private, so maybe I'm missing something?
Second, you've lost me. What do you mean by workflow access and content access?
Thanks,
cindyr
ps - nadavoid, you're welcome!
If I understand what you are saying --
The view that collects the node types is off limits to people not assigned to a specific role -- so, the entire view (accessible at the url specified when you created the view) returns an access denied message.
However, the individual nodes collected in the view are all accessible individually. So, a determined/bored user could navigate to http://example.com/node/somerandomnid and see the page -- just because a specific node is included in a view that is forbidden, it doesn't make the node itself forbidden.
RE Workflow access and content acccess -- workflow access is an access control module that comes with the workflow module, and content access is a contrib access control module.
FunnyMonkey
Tools for Teachers
FunnyMonkey
Content Access module
I'm struggling with this one. I already have access to most nodes and views being controlled by organic groups, and everything except this one providers FAQ is functioning as I want it. I enabled the Content Access module, but gave it a low weight because I want everything that is already working to continue working as it is. I very much do NOT want it to override my OG access control, for everything except this one content type.
I went in and changed Content Access to the content type of "faq_provider" (this is the only thing I've changed the "content access" for). I set it to only show for the roles I want. My problem is, I had already assigned it to the site-wide organic group I had created, essentially (without using the named module) a mandatory group for all users. So this is taking priority over my content access, and everyone has access to it. Unfortunately, it's the only group that ALL of my teachers/providers are in.
I know how to disable the og audience requirement for the content type faq_providers. If I do that though, doesn't it make that information publicly available to anyone who types in http://example.com/node/somerandomnid and finds it? I'm beginning to think the Providers group is the only way to go. :(
~cindyr
Custom theme solution?
You might be able to solve this with a custom theme for nodes.
In your node.tpl.php file, try separating the file like so:
<?php
if ($node->type === 'faq_provider'){
if (user_access('view faq_provider content') ) {
$user_access = TRUE;
}
else {
$user_access = FALSE;
}
}
else {
$user_access = TRUE;
}
if ($user_access) {
?>
// put current node.tpl.php here
<?php}
?>
Using the php tags above as shown. Also check to make sure that 'view faq_provider content' is exactly the right text that you chose your permissions for your users who are allowed to see the content.
aha!
Sorry, again my newbie overwhelmed state blindsided me. You're totally right, the nodes are still accessible. Thanks for the pointer, it means I definitely need to look into the two modules you mentioned to make sure our information really is private!
~cindyr
Not sure why you wouldn't
Not sure why you wouldn't great a content provider group to sort this out. I try to stay away from too many modules because when drupal 6 comes out, only the latest 5.x will be available. So if the modules are not upgraded regularly (many aren't), you'll be stuck with an old version of drupal because of a dependence on modules that aren't keeping up.