access control

Here's my setup: I have a network with different forums and different content but shared users on one codebase on the same database with different prefixes.

What I'm hoping for is a way for all of these sites to share the same 'off-topic' category but different overall forums. What's the best way to achieve this? Thanks.

For a project, we just came up with another way to skin the multisite problem.

Domain Access is a node access module that enables multiple sites to be run from one installation.

The beta has been released.

See the module in action at http://skirt.com/map

Hello,
I'm here because it seems like the only place I am likely to find some help with Access Control, having scoured the internet for help elsewhere...

Trong cuốn Building Online Community with Drupal trang 36 nó có cái hình này:

http://trunga.com/tmp/drupal_comment_access.JPG

Sao khi mình cài Drupal lên thì ko có thêm 2 cái quyền mà mình đánh dấu trong hình nhỉ?

I am reporting some findings that I hope will help others who decide to try any access control module currently available to Drupal 5.1 or earlier.

I've put some work into a 5.x nodeaccess module. It could be the superior from the current nodeaccess module, and perhaps also from the simple_access module. I'm waiting for feedback from the authors..

So my module provides extended role based access control per content type, but it can be configured to manage per user access control per node - it does this by integrating with the ACL module, as well as role based per node access control.

Like simple_access it doesn't touch any permissions when it's activated. It also does some performance optimizations and tries to keep the UI simple.

Read a more detailed description or download and test the module at http://drupal.org/node/135693.

How does one handle access control when doing Ajax requests? Take a completely hypothetical example: I have my Drupal install setup in a way where only authenticated users may attach comments. I also want to add comments using an Ajax call instead of a normal fom submission (I said this was hypothetical, not that it was practical).

How would I make this secure? The comments box is stripped automatically for anonymous users, but anyone who knows where the Ajax call submits to will be able to send along the usual arguments. How do I make sure it was a validated user who submitted?

I have read some general articles on security and Ajax.

I've been thinking about some of the specifics of creating a personal workspace within Drupal -- although my main area of interest is education, these thoughts have applications outside education -- these are some rough notes, and I'm curious to see/hear reactions about what I'm missing/overlooking. These notes are not intended to be comprehensive, but a starting point in a conversation about some specific functionality

Some basic functionality--

<

ol>

To accomplish this, I was thinking about some integration between BuddyList (http://drupal.org/project/buddylist) and the ACL (http://drupal.org/project/acl) or NodeAccess (http://drupal.org/project/nodeaccess)module -- members of a user’s Buddylist can be used to form an access control list on a node by node basis-- I’m leaning toward the ACL module as I think a generalized API that can be used by other modules provides some advantages long term. However, was the ACL module designed to work primarily with roles, or with individual users?