Access Control

Events happening in the community are now at Drupal community events on www.drupal.org.
This group should probably have more organizers. See documentation on this recommendation.

Several months ago, I was tasked with creating some way to assign roles to users in groups. I installed the og roles module. What I discovered was that this module simply assigned a role to a user, not to a user in a particular group. I realized what I needed was a way to assign a role to a user in a way so that the user would only have this role in this particular group, not sitewide and certainly not in all groups. To do this, I needed to understand Drupal permissions and Access Control worked. My progress on this particular task is here: http://drupal.org/node/87679

Fast forward a few months later, when I was trying to use OG and Taxonomy Access Control (TAC). To my horror, I discovered that if a node was posted to a group, a user who was not in the group could access the node if he had access to the Taxonomy term. And, vice versa, if a user was in a group that the node belonged to, but DID NOT have access to the Taxonomy term, he could still access the node. This, in my opinion, was two Access Control systems tolerating each other, not working together. My progress on ths particular task is noted here: http://drupal.org/node/122712

So, I set about, merrily hacking my way through, until I had resolved both issues. Unfortunately, hacking Drupal core code is not a very good long term solution. And, when I applied for a project for my og user roles module, Drupal Admin told me as much.

What I needed was an environment where I could discuss my ideas with like minded folk who wanted to achieve the same goal: Get Drupal Access Control to open up so that various ACS (access control systems) from various modules could work together instead of at cross purposes as they do now.

That's why I created this discussion group. My first task is to work on getting og user roles approved as a project. For that, I need to figure out how to get it working without hacking the user_access function in the user.module.

That's the plan.

Question about content access module

Posted by michaelbr on February 17, 2009 at 12:31pm

I just downloaded the content access module and installed it, it was late and I was pretty sure that it was working, but this morning when I tried to check the module and start playing with it, and I can't find it any longer, the module is still there and enabled, I was pretty sure that I saw it in Administer > Content management > content type where there was a tab, but today I couldn't see it any longer, I've been through the whole menu and couldn't see it and couldn't find detailed documentation.

Read more

ACL or Rules-Based Security for Drupal?

Posted by irakli on February 6, 2009 at 7:26am

Joomla has announced availability of new ACL: http://is.gd/iA5B and they seem pretty excited about it. Is that something for Drupal community to be jealous of?

If you come from a Java/J2EE background the clear answer is: NO (yes, in capital letters). You have to actually suffer from a structured, strict ACL to really appreciate the simplicity of a security system like that of Drupal.

Now, you may argue that Drupal security is slightly over-simplistic and too code-oriented (makes us, the developers happy) for "business" use.

Read more
2 comments Categories: , ,

LDAP Integration Help Module and Documentation Update. Looking for non Active Directory LDAP users

Posted by johnbarclay on January 13, 2009 at 8:50pm

I've been working on an LDAP help module to help admins configuring ldap integration ( http://drupal.org/project/ldap_integration ).

I use Microsoft Active Directory for LDAP. I wanted to get some people who were using other ldaps together to:
1) test andgive me feedback so I can finish the help modules
2) work with me to update the documentation for ldap_integration: http://drupal.org/node/62217

Its functionality is based on what support requests from the ldap integration issue que:
- to make support and bug reports better by getting a more complete set of information

Read more

Node Access by Menu Position -- Does this exist, or should we build it (and can it be built)?

Posted by webchick on October 23, 2008 at 7:55pm

A client of ours -- a university -- has quite an extensive hierarchical menu structure. They want the ability to take a top-level menu item, such as "Current Students" and control which roles can manage (create/edit/delete, based on their role's permissions under admin/user/permissions) and view the content under that section. Permissions should cascade down to sub-items in the tree unless explicitly overridden. They also need to then restrict access to adding new pages underneath menu items they do not have access to.

Here's a mock-up that describes what we're after, since it's easier than me explaining. :) Also, I should point out that this is for Drupal 6.

Read more
22 comments1 attachment Categories:

Using OG for a e-learning & access control setup

Posted by mpaler on September 23, 2008 at 9:02pm

Hello access control group,

I have been tapped with setting up an e-learing site with the following characteristics:

  1. Super administrator must manage (setup, delete) intructors.
  2. Instructors must administer (invite, accept, delete) all students to their class/group. Ideally, there is a way for the instructor to customize the registration/login page for their students.
  3. Once a student has access, they all have access to the same exact content (a set of lessons).
Read more

Question on OG user roles functionality

Posted by tborrome on September 10, 2008 at 3:41pm

Hi, I sent this question to Drupal forums but dint get a response. I think this group is more apprpriate for it. Based on what I read here, seems like thr OG User roles is designed to do what I'm trying to accomplish, but couldn;t get it to behave as expected. I'm pretty new to this so just might need some clarifications on how to get this working.

Basically, I want to setup certain users with permissions to submit blogs only for specific groups (not system wide).

So here's what I did.

As admin:

Read more

First implementation of og_access with ACL

Posted by paolomainardi on August 4, 2008 at 4:25pm

Hi,

I'm a little bit frustrated by the User access implementation proposed for OG, it's too much complicated and i don't think that TAC/CA/ACL/OG combination with many many many hacks is the right way (but it's a very very good work too).

So, i really need for my project, this simple things:

1) Organic Group
2) User can post in Public or in their suscribed groups
3) AND they must have the possibility to grant other users that can be outside of his group

Read more
Anonymous's picture

Language Based Access Control

Posted by Anonymous on June 20, 2008 at 6:10am

Hello,

I'm building a multi-lingual site, where I would like different translation groups/roles to be able to work on their language (and only their language) to translate source content. In some cases translating in response to content being posted, and at other times originating the content.

Read more

Multiple Node Access Logic Patch

Posted by somebodysysop on May 9, 2008 at 5:54pm
Last updated by somebodysysop on Fri, 2008年05月09日 17:54

It appears that agentrickard has created the solution to the problem for which the Access Control Group was originally created: The Multiple Node Access Logic Patch: http://drupal.org/node/196922

I have used this patch to successfully get TAC and OG working together. I'm including it in the next release of OG User Roles (5.x-3.0): http://groups.drupal.org/node/3700

As great as I think this patch is, it probably won't make it into Drupal core, for a variety of reasons.

Read more

module-based multiple node_access?

Posted by gcassie on May 4, 2008 at 3:28pm

I had a notion the other day of a module to bypass node_access. It seems if you had a module with a very heavy weight and hook_node_access_records, it could fire after all the other hook_node_access_records calls. Then it could:

  1. Copy all the other modules' node_access records into a table of its own with the same structure as node_access.
  2. Set all the other modules' node_access records to DENY for everything.
Read more

Case study: running a small college site with drupal

Posted by David.Hamilton on March 28, 2008 at 8:35pm

Hi folks,

I'm following up on promises I made during the Birds of a Feather sessions at Drupalcon Boston to post a case study of how we're using Drupal at Amherst College. We've developed a module to facilitate hierarchical content creation and permission control that's also of potential interest to folks outside of the academic community.

Preamble aside - about 3 years ago the college decided to fundamentally change the way it was approaching the web, and a little over 2 years ago we started building on top of Drupal. The project had some broad goals:

Read more
95 comments Categories: ,

Partial forum sharing

Posted by Flying Drupalist on March 8, 2008 at 9:06pm

Here's my setup: I have a network with different forums and different content but shared users on one codebase on the same database with different prefixes.

What I'm hoping for is a way for all of these sites to share the same 'off-topic' category but different overall forums. What's the best way to achieve this? Thanks.

Read more

TODO list: Eventual Version Control migration for drupal.org

Posted by hunmonk on January 10, 2008 at 5:14pm
Last updated by dww on Mon, 2011年06月27日 22:05

This is a loose checklist of items that need to be taken care of to get Version Control API working on drupal.org. The bulk of the required work has been done, and the current plan is to get the 6.x-1.x branch deployed on drupal.org before the d.o redesign is done.

  1. Script for migrating from cvs.module to versioncontrol_cvs -- partially done
  2. (削除) http://drupal.org/node/346362 -- Print warning message after branch creation to update workspace (port over from cvs.module) (削除ここまで) -- done
Read more

What to do about node_access_rebuild()

Posted by agentrickard on January 3, 2008 at 8:22pm

So I am researching Taxonomy Access Control (TAC) and Domain Access (DA) integration (though this applies to Organic Groups (OG) and other modules as well). And here's the problem.

node_access_rebuild(), as far as I can tell, is only designed to work with a single access control system.

Read more
5 comments Categories:

TAC as multisite solution -- groups and domains as roles, using roles.

Posted by john.freebury on December 16, 2007 at 8:27pm

There's a new tutorial at http://drupal.org/node/200631 which is a different approach to Taxonomy Access Control than I have seen, a very different approach to Groups (as a concept), and multiple Domains (hence a multisite solution). I am trying to discern what is going on with og, mulltisite, domain access, and TAC generally.

Read more

Request for comments -- Setting OG group defaults on a group type by group type basis

Posted by bonobo on November 17, 2007 at 12:44am

Currently, within OG, all the group settings are set sitewide for all types of group nodes. We are looking to implement group type by group type default permissions to allow for different types of groups within the same site --

We will be working out a solution to this issue and releasing the code back as a contrib module -- however, before we start coding we want to get some feedback/see if anyone else was thinking along similar lines.

The issue is here: http://drupal.org/node/192933 -- please centralize any discussion on the issue queue.

Cheers,

Bill

Read more
Categories: ,

Least permissions and node_access

Posted by agentrickard on November 13, 2007 at 3:24pm

OK, so I'm working on integrating Domain Access with OG.

Problem is, the current node_access system uses OR based permissions. What I really need is the option to set AND based permissions. For example:

-- Current node_access rules

return TRUE IF (og == TRUE) OR (Domain Access == TRUE);

-- Desired rules

return TRUE IF (og == TRUE) AND (Domain Access == TRUE);

See http://drupal.org/node/191375 for a full discussion and some possible options.

Read more
3 comments Categories:

Domain Access uninstall and update questions

Posted by agentrickard on November 10, 2007 at 2:23am

OK, beta6 is out and the release is looking pretty good.

But I introduced the Domain Prefix module -- it creates a UI for dynamic table prefixing. So, for example, each of your subdomains can have a different watchdog table. The $db_prefix array is dynamically set on bootstrap.

Two big issues -- notwithstanding the lack of pgSQL support, which I'll get to shortly.

  • I have not found a way to run a function any time hook_uninstall() is run.
    Attempts to add a #submit handler using hook_form_alter() failed. As a resut
Read more

Domain Access

Posted by agentrickard on October 4, 2007 at 9:12pm

For a project, we just came up with another way to skin the multisite problem.

Domain Access is a node access module that enables multiple sites to be run from one installation.

The beta has been released.

See the module in action at http://skirt.com/map

Read more

Help needed understanding Access Control in OG

Posted by blahblahblahblahblob on August 27, 2007 at 11:48pm

Hello,
I'm here because it seems like the only place I am likely to find some help with Access Control, having scoured the internet for help elsewhere...

Read more
1 comment Categories: ,
Categories:
Subscribe with RSS Syndicate content

Access Control

Group organizers

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds:

AltStyle によって変換されたページ (->オリジナル) /