This is what I want to do :

My users have roles that give them access to node, via TAC.
I have created an "Access" vocabulary (3 terms : Rescrict, Intranet, Web).
I have created a "Project" vocabulary with the main parts of our content (Project A, Project B, Project C, etc...).

For each node the author will define the Project and the Access (and TAC will only allow him to define the terms he has access to).

I want my main menu to link with the Project taxonomy terms, so that even unidentified users would see the "Web" content, the identified users would see the "Intranet" content and the editors of each Project would see the "Rescricted" content, but only for the Projects they have access to by their respective roles.

Is this possible ?

Can the unidentified users see the taxonomy terms leading to each Project with content filtered on "Web" term ? Do I have to specifically Allow the access for unidentified user for each Project, or do I simply Deny Access to the Intranet and Restricted Content ??

More... I want the menu to show only the terms that have visible content for the user... and that seems to be a problem for TAC.

Can someone help me solve this issue ?

Comments

joevansteen’s picture

Please see http://drupal.org/node/1339828 relative to an issue I was having that was resolved. The issue summary includes a PDF showing my configuration. From what you are describing, you appear to be trying to do something close to what I was doing.

xgougeon’s picture

Dear Joevansteen, tha was an amazingly clear PDF issue report !

Indeed I use exactly the same configuration as yours (2 vocabularies, "Access" for web/intra/restricted level; "Project" for subject compartmenting.

For example, let's take the Unidentified User role case :

  • TAC configuration Case 1 : Access/Web->Allow and Project/Default->ShowTag. Consequence: mainmenu shows all the links leading to Project terms, even if there is no public content available. This is not what I want because it reveals to the web user all the Project structure including the Restricted Subjects that don't have any public content.
  • TAC configuration Case 2 : Access/Web->Allow and nothing else. Consequence: the mainmenu does not show any tag at all and access to any Project taxonomy term is hidden and blocked for the user...

I have read the many answers to your initial PDF post, and really I got a little lost. Do you think you could help me more precisely to solve this ? Has the community recommended a patch ? Am I using TAC the wrong way ?

Many thanks in advance.

joevansteen’s picture

As I'm reading your post it seems that your main problem is with menu items.

Access control modules are "node access control" modules. They control access to nodes. TAC does not directly provide view or execute access constraints on menu items. However, if the menu item is a node, access constraints are implemented. If the menu item is a view or some other form of link, there are no access constraints. When the menu item is a view, the "view" itself, essentially the link to a query, will be seen by everyone, but the view results will be constrained as per the access control specifications.

In my configuration menu items which are associated with internal or restricted content are specified as nodes (the path for the menu item is a node specification e.g., node/7). The node is then given internal or restricted access via TAC.

Is this what you are doing?

xgougeon’s picture

OK I understand what you say about the menus. You are right : all my menu items are "taxonomy/term/xx" links...
And I was hoping that Drupal would automatically filter the menu items according to the content availability through TAC. Probably much asking !
What I could do is have a landing node for all my main Project sections.
This would ad least "filter" my main menu.

Is there any other way to do this ?

joevansteen’s picture

What I do is have the menu item for a "project item" point to a "project node" which is access controlled by TAC.

Other options include use of one of the menu modules to control access. For example, I've played a little with the "Menu Per Role" module. One problem here is that there is a DEV version available, but not a regular release version for D7. When you use this module you get a field added to each menu item when you edit the item. On that field you can choose to either HIDE or SHOW the item based on roles. So, for example, anonymous users can have menu items hidden. Or, if 'project' members who you wish to give access to 'project' menu items have a 'project' role, that role can be used to give them access to SHOW those menu items. Like I said though, this is only a DEV module for D7. You can look at other menu access modules to see if one of them works for you, or use the project node approach.

I very much agree with your philosophy. If they aren't authorized to use it, they shouldn't be allowed to see it. They shouldn't know that it is there.

xjm’s picture

Priority: Critical » Normal

Sorry for the delay in replying to this; I've been swamped since Denver. Looking into this now.