Several months ago, I was tasked with creating some way to assign roles to users in groups. I installed the og roles module. What I discovered was that this module simply assigned a role to a user, not to a user in a particular group. I realized what I needed was a way to assign a role to a user in a way so that the user would only have this role in this particular group, not sitewide and certainly not in all groups. To do this, I needed to understand Drupal permissions and Access Control worked. My progress on this particular task is here: http://drupal.org/node/87679
Fast forward a few months later, when I was trying to use OG and Taxonomy Access Control (TAC). To my horror, I discovered that if a node was posted to a group, a user who was not in the group could access the node if he had access to the Taxonomy term. And, vice versa, if a user was in a group that the node belonged to, but DID NOT have access to the Taxonomy term, he could still access the node. This, in my opinion, was two Access Control systems tolerating each other, not working together. My progress on ths particular task is noted here: http://drupal.org/node/122712
So, I set about, merrily hacking my way through, until I had resolved both issues. Unfortunately, hacking Drupal core code is not a very good long term solution. And, when I applied for a project for my og user roles module, Drupal Admin told me as much.
What I needed was an environment where I could discuss my ideas with like minded folk who wanted to achieve the same goal: Get Drupal Access Control to open up so that various ACS (access control systems) from various modules could work together instead of at cross purposes as they do now.
That's why I created this discussion group. My first task is to work on getting og user roles approved as a project. For that, I need to figure out how to get it working without hacking the user_access function in the user.module.
That's the plan.
Video on Node Access by hefox and drupaldojo
Check it out.
http://drupaldojo.blip.tv/file/3966199/
Read moreThis session will cover how drupal controls access (who can view, create, edit, and delete) nodes/content. It will cover how drupal checks access, what modules can do to expand on that, and what you can do to insure that access is being checked. There will be some code, but mostly as background images.
Node access per user
I need a way for one or two super users to grant access to nodes on a per user basis. I have tried nodeaccess but I don't get a list of which users have access to which nodes which is very important. And in order to grant access I need to type in a user's name. In the node edit, I would like a list of user names in the system with a checkbox for access. With nodeaccess I can't see how to remove access for a user, I only see a way to grant it. I don't want to grant accesss by role, that would mean making a new role for every new user.
Read moreHow to stop nodes from being added when js is disabled
Hi
Is there any way to prevent nodes from being added to the site if javascript is disabled?
Read moreCloning permissions from one node to another
I have a gallery setup whereby a gallery is a node and a gallery can have many child image nodes.
So far so good.
However, I would like to configure the setup so that when a user sets the node access permissions for the gallery (using UserRElationships Node Access), that same permission is applied to all child nodes.
I was thinking that this could be achieved in triggered rules, eg after a gallery is updated and after an image is created.
However I cant find out how I:
a) get the permissions of a particular node
and
b) set the permissions of a node.
Read moreMultiple Calendars
I wanted to poll this group to see what is the best way to manage access control multiple calendars in drupal.
I have a site where I need to be able to create some calendars public and some calendars private.
I need to control which users / roles has permissions to add an event to the calendar and which users /roles can view the calendar's events.
So far the only techniques I can think of are
1. Use Event content type with tags - create a vocabulary for Calendars with each term as a calendar - restrict with a taxonomy access control module
Hierarchical corporate structure for an intranet
We are building our new intranet on Drupal. We are a group of companies, i.e. our organizational structure consists of sub-companies, which again have sub-companies or departments, which also can have sub-departments and/or employees belonging to them. We need to have this organizational structure in our Drupal-based intranet system, both:
1) in terms of content: displaying the corporate structure as a hierarchical list of companies, sub-companies, departments; displaying employee listings per company and department;
Impossible to do with Drupal?
Hi everybody, and sorry if I'm not in the right place.
I'm desperate. After 4 months of every kind of exsperiments studies and tests, I can't achive this simple (i think) site configuration:
<
ol>
Access control with Organic Groups
Hi!
I have a site with organic groups. When a user submits a content type within a group I would like the user to choose between three levels of access for the node:
1) Open: the whole world (anonymous)
2) Restricted: authenticated
3) Private: members of the current group
Point 3) is achieved with the 'Public' check-box provided by OG, but how do I get point 1) and 2)?
I have tried simple_access and nodeaccess, but it doesn't seem to go well with OG. I am running D5.
Any ideas how to get this three levels of access on each node submitted within a group?
Read moreIdea: Menutree Permissions module - cascading menu-level access control by role/user ID - input needed :o)
Hello everyone,
I'm a complete newbie to writing Drupal apps and having not yet found anything which fits my needs properly, I'm setting out on writing a node access module which uses the site's primary navigation menu structure to define access permissions.
I'm still at a very early stage of planning, and the use case for the module is pretty specific, so I haven't even begun to consider all the "what-if"s associated with, say, what happens when the site admin decides to reassign the primary menu.
Read moreProposal for a module: TAC fields
I'm considering developing a module to extend the functionality of TAC to role/field combinations. TAC works wonderfully for controlling access to whole nodes based on their taxonomy, but it's all-or-nothing; the module currently has no way of leveraging the per-field access control offered by Content Permissions.
I don't think the functionality belongs in TAC itself, as my proposed module is an additional layer of complexity that's specific to CCK content types.
Read moreMaking content type only for groups
I have site where we are introducing groups, problem where i am stuck right now is i want to create new content type which can only be added by members who belong to atlest one group. if they are not member of any group they cant add that content type. I cant make audience required as there are other content types in system which can be added on site without any audience.
Any ideas ? any solutions ? any work around ?
Abi
Read moretaxonomy_access_user module review
Hi drupal !
I'm posting here to request a review of a module i'd just coded and that i would
like to submit on drupal.org. Before doing this, i would like someone to review
my module. Even if i'm pretty confident with my code which i've been testing for last
2 weeks, i would prefer others' advice.
About the module :
This module provides taxonomy based user control for user but unlike modules already
available on drupal.org with inheritance notion. For more information please read the
README (available below).
Thank you by advance.
Code is available here on github : http://github.com/baloo/taxonomy-access-user
Or as a tgz : http://github.com/baloo/taxonomy-access-user/tarball/master
Multisite or Access Control Model?
I'm currently doing a proof of concept for Drupal as our Enterprise wide CMS. Our current site is http://www.cdha.nshealth.ca/. The current site is in a complete mess, and lacks and any decent functionality. We currently have 160+ sections on this site with approximately 200 contributors managing their own content.
Read moreAccess Control for Administrative Tasks/Areas
Something I have had issues with on multiple sites I have worked on is administrative areas and permissions.
Example:
If I build a site for a client and then decide I want the client to be able to edit certain areas of the admin panel ("/admin/settings/site-information") but I don't want them to have full access to the administration area then there really isn't a good solution.
So, I ask... What exactly can be done about the issue? What would be some of the best work arounds?
Read moreFlexible access control
Some time ago I proposed a new access control system for Drupal, which would allow the creation of access rules based on various criteria, kind of like the filters in Views.
Read moreComprehensive list of Content access modules and how to enable them to work together
I created a list of content permission modules that I have encountered with their weights on my system.
- Can we create a comprehensive list?
- How can they work together or should they. From your experience, what has been the worst and best combinations ?
- what effect does module weight have on implementation of access? is it true that if access is already granted, it will not be restricted by another module that comes into play later?
Weight/ Name/ Version/ Brief description
0 Content Permissions 6.x-2.x-dev Set field-level permissions for CCK fields.
(admin determines)
Multisites and shared databases
Hi,
I am planning a multisite project where I want to be able to share users and some content between sites.
All sites will be more or less clones of each other, but they will have different target markets (countries mainly).
What I want to do is:
<
ul>
Organic groups and ACL compatibility
Hi to all,
Our organisation recently decided to change our CMS from Joomla to Drupal. We would like to use groups on our site and organic groups seemed the obvious choice. I suggested this to our site designer but he immediately flag a concern with incompatibility of the Organic groups module with the ACL module as he found information in the OG handbook stating that "you can't use this module with other node access modules". He sent a query 2 weeks ago at http://drupal.org/node/384094 but has so far received no replies.
I also found a thread at http://drupal.org/project/og_user_roles which states that the OG user roles modules supports ACL. Does "support "mean that it is compatible? And does this mean that the OG module is as well?
Is the Organic groups module compatible with the ACL module? How can we use both OG and ACL modules together?
Read moreDomain Access BoF -- Drupalcon Thursday at 11:30
Domain Access and You
Building networked sites with Domain Access. Check the BoF board for details.
http://drupal.org/project/domain
Read moreHow to change my 5.x module to 6.x
Hi,
Currenty i upgrade my version 5.9 to 6.2. What r the changes in my own module for drupal 6.7. What is the difference between 6.2 to 6.5. If u know any document recommend to me.
thanks & regards,
Gnanasekar Boju