I have a site using OG. To make it simple: All site members are also members in some groups and publish articles within their group. However, everyone - regardless of his group - can submit sidewide articles. Those articles are subject to a simple workflow - draft, review, publish. Only reviewers can publish articles, i.e. users have to submit an article to a reviewer. While an article is being reviewed, the author shouldn't be able to edit it. I wrote an action snippet for nodeaccess. However, I couldn't bring nodeaccess/OG work together. If I give nodeaccess precedence over OG, users have access to articles of groups they are not a member of. If I give OG precedence over nodeaccess, the author (a member of the group) has edit rights, no matter what nodeaccess says or says not. Is there a way around this? Perhaps limiting nodeaccess to a certain node type and let other node types be taken care of by other access modules?
Comments
Comment #1
Anonymous (not verified) commentedDrupal's node access system has a serious flaw, mainly that it's entirely based on granting permission. There is no way for a module to deny permission to anything, all it can do is grant permission and drupal doesn't really care what other modules say as long as one module grants it. The priority helps a little in that it gives on module the ability to declare itself more important than another, but as you've discovered, it doesn't cover all the possibilities one might need. The upshot is, with the current drupal access control system, you are limited in what you can do.
Comment #2
Steel Rat commentedNodeaccess was my last hope for being able to properly setup a role-playing site. If it and OG can't work together then I'm pretty much screwed. Damn it's frustrating that out of the box Drupal won't allow a piece of content to be assigned to specific users. Roles and groups only get you so far.
Comment #3
socialnicheguru commentedYou could use taxonomy. something like
given state A, taxonomy "grant access".
if state b, taxonomy "grant access" is removed and user no longer has access to the content.
Just a thought.
Chris