------------------------------------------------------------------------------
Simple Access Module for Drupal
developed by: Jeff Robbins | jjeff | robbins (att) jjeff (d0t) com
------------------------------------------------------------------------------
After testing out most of Drupal's node-access modules, I found myself
frustrated with their tendency toward confusing user interfaces,
defaulting to hiding all nodes, or allowing me to inadvertently make
nodes editable or deletable by non-administrators.
Simple Access is an attempt to solve these problems with a focus on
simplicity and ease of use. This module provides an easy way to make
nodes accessible by only a group (or groups) of users. It defaults to
only managing access of viewability, so that administrators can simply
make some nodes "private". However, the module can also manage
editability and deleteability of nodes as well, allowing for nodes that
are editable by anyone in a certain role.
Access groups are based on roles. So for example, my site has roles
entitled "Coach Level 1", "Coach Level 2", and "Coach Level 3". I can
create an access group called "Coaches" and assign all of these roles to
it. Then when I assign a node to be viewable only by "Coaches", only
users who are a member of these roles will be able to view.
Nodes that are not assigned to any access groups will remain viewable by
all users, so all nodes will remain viewable when activating this
module. And nodes only become private when they are assigned to an
access group.
-------------------------------------------------------------------------
The following is an summation of an email exchange that sheds some light
on the way that simple_access works and how node access works in Drupal
in general.
-------------------------------------------------------------------------
On Jun 27, 2005, at 8:45 AM, David Norman wrote:
I'd like to try Simple Access. If I don't like it, does it make any
changes other than the two tables it comes with that I wouldn't like if
I decided to deactivate it?
Jeff Robbins wrote:
Yes it does. All modules that manage node access need to alter Drupal's
node_access table. They need to remove the entry that allows all users
to see all nodes. Many of those modules don't give you any control over
this, however simple_access allows you to add and remove the appropriate
stuff from the node_access table from its settings pages. So enabling
the module is a two step process: 1) enable the module in admin/modules,
and then 2) go to the simple access settings and enable the database.
To deactivate the module: 1) Go to simple_access settings and deactivate
the database, 2) disable the module in admin/modules. This should put
you back to where you were before you installed and all nodes should be
viewable.
-Jeff
On Jul 11, 2005, at 11:03 AM, David Norman wrote:
I put simple_access together with og.module (Organic Groups) and it
seems simple_access rights don't get enforced. I'm still investigating
it, but is there something you can think of that would cause that?
From: robbins@xxxxxxx
Subject: Re: simple_access.module
Date: July 11, 2005 12:43:50 PM EDT
To: deekayen@xxxxxx
Hi David,
Yeah, that's a tricky one. I haven't looked at how OG handles its node
access stuff. But this actually may be more of a core Drupal problem
than a problem with the modules.
Drupal doesn't handle the node access as restrictions, but rather as
"grants". And if any module grants access to view, edit, or delete a
node to a certain user, another module cannot take it away.
In order to
make simple_access "simple", it grants view access to all nodes when it
is enabled and access only becomes restricted (i.e. there is no 'grant'
for all users) when access groups are assigned to a node. It's
confusing, I know! The intent of this is to be able to enable
simple_access without needing to assign specific permissions to every
node in order to make them viewable. That is how most of the other
access modules work, and what happens is that all of your nodes "go
away" when you enable them.
So my guess is that simple_access' default view grant for all users is
in conflict with OG's tendency toward hiding all nodes. The only
workaround that I can think of for this is kind of dodgy:
1. Create a new user role without any users assigned to it. You could
call it 'nobody'. 2. Create an access group in simple_access called
'Nobody' and assign this role to it. 3. Select 'Only viewable by'
'nobody' for nodes that you want managed by Organic Groups.
This will remove simple_access' universal view grant for those nodes and
leave it up to OG to grant or deny access.
Although I have to admit that this solution makes simple_access look not
so simple anymore. :-)
-Jeff
View source
- ------------------------------------------------------------------------------
- Simple Access Module for Drupal
- developed by: Jeff Robbins | jjeff | robbins (att) jjeff (d0t) com
- ------------------------------------------------------------------------------
-
- After testing out most of Drupal's node-access modules, I found myself
- frustrated with their tendency toward confusing user interfaces,
- defaulting to hiding all nodes, or allowing me to inadvertently make
- nodes editable or deletable by non-administrators.
-
- Simple Access is an attempt to solve these problems with a focus on
- simplicity and ease of use. This module provides an easy way to make
- nodes accessible by only a group (or groups) of users. It defaults to
- only managing access of viewability, so that administrators can simply
- make some nodes "private". However, the module can also manage
- editability and deleteability of nodes as well, allowing for nodes that
- are editable by anyone in a certain role.
-
- Access groups are based on roles. So for example, my site has roles
- entitled "Coach Level 1", "Coach Level 2", and "Coach Level 3". I can
- create an access group called "Coaches" and assign all of these roles to
- it. Then when I assign a node to be viewable only by "Coaches", only
- users who are a member of these roles will be able to view.
-
- Nodes that are not assigned to any access groups will remain viewable by
- all users, so all nodes will remain viewable when activating this
- module. And nodes only become private when they are assigned to an
- access group.
-
-
-
-
- -------------------------------------------------------------------------
- The following is an summation of an email exchange that sheds some light
- on the way that simple_access works and how node access works in Drupal
- in general.
- -------------------------------------------------------------------------
-
- On Jun 27, 2005, at 8:45 AM, David Norman wrote:
-
- I'd like to try Simple Access. If I don't like it, does it make any
- changes other than the two tables it comes with that I wouldn't like if
- I decided to deactivate it?
-
- Jeff Robbins wrote:
-
- Yes it does. All modules that manage node access need to alter Drupal's
- node_access table. They need to remove the entry that allows all users
- to see all nodes. Many of those modules don't give you any control over
- this, however simple_access allows you to add and remove the appropriate
- stuff from the node_access table from its settings pages. So enabling
- the module is a two step process: 1) enable the module in admin/modules,
- and then 2) go to the simple access settings and enable the database.
-
- To deactivate the module: 1) Go to simple_access settings and deactivate
- the database, 2) disable the module in admin/modules. This should put
- you back to where you were before you installed and all nodes should be
- viewable.
-
- -Jeff
-
-
- On Jul 11, 2005, at 11:03 AM, David Norman wrote:
-
- I put simple_access together with og.module (Organic Groups) and it
- seems simple_access rights don't get enforced. I'm still investigating
- it, but is there something you can think of that would cause that?
-
-
- From: robbins@xxxxxxx
- Subject: Re: simple_access.module
- Date: July 11, 2005 12:43:50 PM EDT
- To: deekayen@xxxxxx
-
- Hi David,
-
- Yeah, that's a tricky one. I haven't looked at how OG handles its node
- access stuff. But this actually may be more of a core Drupal problem
- than a problem with the modules.
-
- Drupal doesn't handle the node access as restrictions, but rather as
- "grants". And if any module grants access to view, edit, or delete a
- node to a certain user, another module cannot take it away.
-
- In order to
- make simple_access "simple", it grants view access to all nodes when it
- is enabled and access only becomes restricted (i.e. there is no 'grant'
- for all users) when access groups are assigned to a node. It's
- confusing, I know! The intent of this is to be able to enable
- simple_access without needing to assign specific permissions to every
- node in order to make them viewable. That is how most of the other
- access modules work, and what happens is that all of your nodes "go
- away" when you enable them.
-
- So my guess is that simple_access' default view grant for all users is
- in conflict with OG's tendency toward hiding all nodes. The only
- workaround that I can think of for this is kind of dodgy:
-
- 1. Create a new user role without any users assigned to it. You could
- call it 'nobody'. 2. Create an access group in simple_access called
- 'Nobody' and assign this role to it. 3. Select 'Only viewable by'
- 'nobody' for nodes that you want managed by Organic Groups.
-
- This will remove simple_access' universal view grant for those nodes and
- leave it up to OG to grant or deny access.
-
- Although I have to admit that this solution makes simple_access look not
- so simple anymore. :-)
-
- -Jeff