I have og and taxonomy access control (TAC) installed.

I defined a vocabulary and terms. I grant access to the terms in roles using TAC.

I created some group content and marked it as NON-public. I assigned to it terms from the vocabulary.

What I see is that if a user role has access to a term in an node that has been marked as private to a particular group, the user will be able to access that node even if he doesn't belong to the group.

Is this supposed to happen? If not, how do I prevent it? Thanks.

Comments

moshe weitzman’s picture

moshe weitzman commented
Status: Active » Closed (won't fix)

i can't support exotic setups like this. the two modules are supposed to work together, but that about all i can tell you.

somebodysysop’s picture

somebodysysop commented

Can you tell me this: With respect to permissions, where (what function(s)) can I look at to see how I might implement my own modification that would respect category and/or taxonomy restrictions?

somebodysysop’s picture

somebodysysop commented

Here is why I don't think it's quite so exotic. I just installed og vocab to test.

I have a group of documents that are distributed by location. There are 2 document types: private and group viewable.

I create my locations as groups and my document types as vocabulary terms.

I'm saying that in Location A, if a user only has access to the group viewable term, then he should not see the private documents, even though he's in the same group as the documents.

This, in my humble opinion, is og and taxonomy working together. As it stands, in the instance I have just described, og basically ignores taxonomy, and it ignores og. I'd like to try and do something to correct this.

Which is why I ask if you or someone could point me in the right direction for addressing this issue. I'd like to try and get these two access controls actually working in concert, as opposed to being exclusive to each other.

Thanks for any info provided.

Ricco’s picture

Ricco commented

I have found the same problem with Organic Groups, and TAC, or any of the other access modules I have tried with it. I also has public and private groups, and I installed TAC and was totally excited. I wanted to extend my system, by make my wiki pages only viewable by logged in members... well, I install and set all the settings, etc... and what I found was that if you give a role access via TAC it overrides the OG permissions, so all of a sudden all of your private group data is visiable be any logged in member. I tried for days different combinations, and such, and can simply get nothing to work.

I am hoping that I can find some group interested in monitoring this, so that if ANY possibility becomes availabe so that I can continue my existing OG setup, but simply make a particular node content (in my case my wiki pages) not visiable to anonymous visiters, I would be very stoked!

flamingvan’s picture

flamingvan commented

I'm in agreement here. I think that if a group is non-private then it makes sense that TAC should govern permissions, but if the group is private then it should only be accessible by members of the group. I might try and come up with something...

flamingvan’s picture

flamingvan commented

Here's something I developed to help with this problem: http://drupal.org/project/og_access_boost
Could somebody test it out? Feedback welcome!