Taxonomy and Roles
pixel13 - March 8, 2007 - 12:36
Is there a way in Drupal to create a "link" between taxonomy terms and user roles?
I want to show some nodes only to some users. I think the obvious way to do it is define user roles and then set permissions on nodes based on user roles (e.g. with Nodeaccess module).
I think, however, that this approach is not so simple to use (you have to define content, then you have to enter the grant tab and check user roles). On the other side, I like taxonomy very much, I found it simple and powerful. So, I wonder if there's a way to define a user role associated with a term, so I could tag every content and I could say, for example, that Bob is associated with term "Boss" and this should mean that he can access all nodes tagged with "Boss" term.
Take a look
At the various taxonomy modules. For example Taxonomy Access Control and TAC_Lite. Some of the others may be useful to you too.
Nancy W.
now running 5 sites on Drupal so far
Drupal Cookbook (for New Drupallers)
Adding Hidden Design or How To notes in Your Database
Duplication
Thank you for your answer, but I already looked at TAC and TAC_Lite modules. My problem is that using these modules I have to duplicate the structure of my company to give the right access grants.
For example, let's say my company has this structure:
Boss
|
|- Sector A
|
|_ Sector B
Well, I create a vocabulary with the terms: Boss, Sector A, Sector B. And then I tag every node.
What I'd like to have is a simple way to say, for every user: Bob belongs to Sector B (and so he can access everything that is tagged Sector B).
Instead, AFAIK now, the only way to do it is creating three roles, called (again): Boss, Sector A, Sector B. Then, using TAC or TAC_Lite, I have to say that:
- All users that belongs to role "Boss" can access all nodes tagged with "Boss" term
- All users that belongs to role "Sector A" can access all nodes tagged with "Sector A" term
- All users that belongs to role "Sector B" can access all nodes tagged with "Sector B" term
Finally, I can say that Bob belongs to "Sector B" role to achieve my goal.
As you can see, in this way I have to duplicate my structure. For such a simple example is not so hard to mantain it, but when you have dozens of terms in the vocabulary it could be not so practical.
I wonder if there's a simpler way to do it.
Okay
You say "company" so I'm guessing this is a corporate site. You might want, instead to look at using LDAP to determine access rights. This is over my head, but I've been places where they did that. I believe I've sen some modules that look at LDAP.
Nancy W.
now running 5 sites on Drupal so far
Drupal Cookbook (for New Drupallers)
Adding Hidden Design or How To notes in Your Database
Sorry, could you explain how
Sorry, could you explain how that is duplicating your structure?
Are you just saying that all users should have access to "Sector B" by default?
Duplication
In my example I have a duplication of my company's structure because I have to create the same structure twice in my system. In fact, I have to create and structure the vocabulary (first formalization of the structure) and then I have to create the roles and associate them with the terms (second formalization of the structure).
I mean, if my company decide to create a new Sector - let's say Sector C - I have to manage two different structures (vocabulary and roles). And the worst thing is that every one of these two system could live alone!
I try to explain it better: to add Sector C I have to:
1) add term "Sector C" to my vocabulary, with "Boss" as parent term
2) add role "Sector C" and then associate role "Sector C" with term "Sector C"
I call it "duplication", since in my head I have to add "Sector C" twice!
Moreover, these two operations are not linked in any way, so what happens if I forget to do one of these? Obviously, the system doesn't work as expected, but I prefer creating a system where the users (and also the superusers!) are not obliged to remember the right way to do a thing (in this example, you have to remember by yourself to do step 2 after step 1!).
What I was looking for is a module to link users with taxonomy, in the same way a vocabulary is linked with a node. In other words, if I decide to use taxonomy to grant access, I don't want to have to use another access system (roles)!
I would have something that let me do all the work this way:
- I create vocabulary and terms that reflect my company's structure
- I create nodes and associate one (or more) terms with them
- I create users and find the same taxonomy on their profile, so I can say that a user belongs to "Sector A", "Sector B", ecc.
In this way I mean that every user that belongs to a term, can access all nodes that belongs to the same term. Unfortunately, I think there's no way to achieve this goal.
I hope I made myself clear.
Tiziano
Not sure what to say
I'm not sure what to tell you. This is the way every access control system I know does it - including mainframe systems that have been in existence since before there was a world wide web.
Users must be assigned to a group of some kind (role) and content (nodes, pages, files, etc.) are assigned to a control state (vocabulary in Drupal) that allows or denies access by a set of groups.
It's not duplication, it's completing the process. It's two halves of the process.
I am sure that someone could construct a module that hides (automates) some parts of the process, but the whole thing must be done one way or another.
One big piece that is missing, and may be applicable in your situation, is an access control system that "protects all by default." I have run into a few other Drupallers who want that, but I know of no Drupal access control that does it that way.
Nancy W.
Drupal Cookbook (for New Drupallers)
Adding Hidden Design or How To notes in your database
Don't agree
Sorry, but I don't agree with you. Of course it's true that every system has its own control, based on some kind of role or group concept, but it seems to me that using taxonomy force me to have 2 different control systems (roles and taxonomy).
The other systems are quite different. For example, let's consider Linux resource control system.
We can say that a Linux user is something like a Drupal user (both have some attributes and both belong to some groups/roles).
In Linux, once defined the groups (roles), if I want a user accessing a file, I simply have to assign the file to the right group. In my example, if I have a Linux group called SectorA, to make every user of SectorA accessing a file, I simply change the group of the file to SectorA. I don't have to define a FileSectorA group, change the group of the file to FileSectorA and then associate users that belong to SectorA to files that belongs to FileSectorA.
What I'm trying to say is that Linux (like every big data processing system) use the same entity (the group) to tag users and to tag resources (files). So, the association is implicit.
Drupal, on the contrary, uses an entity (the term) to tag resources (nodes) and uses a different entity (the role) to tag users. This is the reason why I have to duplicate the structure, because for every entity of my structure I have to create both a term and a role. And then I have to make an explicit association between terms and roles.
Tiziano
Hmm...
You're saying the same thing I did.
On one of my sites, I use TAC_Lite. When I create content I merely tag it with a taxonomy term that is assigned to a role (basically, a yes or no to access). That's all I have to do unless I add a new role, in which case, I have to go back and add the new term to everything, but that can be easy, depending on how much needs to be available to them.
Nancy W.
Drupal Cookbook (for New Drupallers)
Adding Hidden Design or How To notes in your database
Same Problem!
I know roles would be the standard way of solving this , but the thing is I have 119 terms for my vocabulary.... it would be totally unmanageable ....
Check taxorole and taxonode
Hi,
I had exactly the same problem, and I decided I had to do it myself from scratch. So I created two modules (which I hope they will be soon uploaded to the Drupal project/CVS system), Taxonode and Taxorole.
* Taxonode allows a term to be inserted to a vocabulary when a node of a specific type is created. This is intended to be used in conjuction with the next module:
* Taxorole adds/synchronizes a vocabulary with the Drupal roles. For example let's suppose it's configured to be used on vocabulary 'Teams', and there are already some terms in the vocab: eg 'Managers', 'Auditors', 'Developers', etc. Taxorole, will offer the option to prefix each new term with the vocab name and with a configurable delimeter ('_' by default), ie:
-> Teams_Managers
-> Teams_Auditors
-> Teams_Developers
Needless to say, that this will happen not only on configuration, but also whenever a new term is inserted (hook_taxonomy() is used for that).
But this is not all. If the 'Mass Contact' module is installed, Taxorole, will offer the possibility to automatically create a new category to be inserted to the Mass Contact's categories.
Finally, if TAC_lite is installed, Taxorole will automatically configure the acl for the new term/roles. So, by default, only 'Teams_Managers' role will have access to the nodes tagged with 'Managers', etc.
For now, you can find both modules on:
http://people.debian.org/~markos/drupal/taxonode-5.x-1.0.tar.gz
http://people.debian.org/~markos/drupal/taxorole-5.x-1.0.tar.gz
I haven't gotten to writing proper documentation yet, but if there is need I will do so, eventually.
Konstantinos Margaritis
Codex
PS. You might also be interested in my patch for mass_contact to allow multiple categories to be selected when sending a mail. It's on http://drupal.org/node/154056
Synchronize taxonomy term with one ("taxonomy") node
Hi Konstantinos,
since there is no Taxonode module yet: Is there any progress getting your modules into drupal.org? I'm looking for something different, but somehow similar (synchronizing one taxonomy term with one ("taxonomy") node, or another way to make taxonomy terms more node like) and was hoping to get some ideas from your code ;-)
Thanks & greetings,
-asb