I have a snippet of PHP that extends nodeaccess to create an intrAnet.

Here is the process.

Create an "IntrAnet" username and add it to a "known anonymous" user role.

If a visitor has an IP address within a certain range (right now I am doing on a Class B IP Scheme so it's fairly easy to figure this out) it forces that user to BE logged in as the "IntrAnet" username, therefore forcing them into the "known anonymous" user role.

Fairly simple:

global $user,$ip_subnet_check_arr,$ip_subnet_check;
$ip_subnet_check_arr = explode(".",$GLOBALS['user']->hostname);
$ip_subnet_check = $ip_subnet_check_arr[0].".".$ip_subnet_check_arr[1];
if ($_GET['q'] != "user/login" and $_GET['q'] != "node/357" and $GLOBALS['user']->uid == "0" and $ip_subnet_check == "192.168") {
	$GLOBALS['user']->uid = "29";
}
if ($title == 'Access Denied') { header( 'Location: http://www.engr.sjsu.edu/admin/login/?destination=' . substr($_SERVER['REQUEST_URI'],1) ); exit; } 
?>

BTW the additional code at the bottom is because this essentially makes YOU as the admin or any other users you want to login, already logged in, it effectively throws itself into a loop even if you attempt to logout, and then go directly to the login page. So to resolve this, I had to force all Access Denied errors to "redirect" to the login page. I also created a Node with the title "Access Denied" that has this in it:

Access Denied
<?php
$GLOBALS['user']->uid = "0";
?>

So before the redirect occurs, the visitor gets logged back into an "Anonymous" only user. So they can effectively reach the login page. What happens is that if you are already logged in, except as Anonymous, you can't reach the login page, it displays the Access Denied page set in drupal (Administer > Site Configuration > Error Reporting), which I set to the Access Denied page I created above.

I know it seems really roundabout, but you'd have to see it working to realize why and how I did this.

The crux of this, is that once you resolve the user login and forcing a user into a role. You can just use the default nodeaccess UI to effectively lockout only users on your network to certain content. I know this is no replacement for a good firewall and a separate domain, but if all you need to do is let only users on your network have access to certain content that outside users cannot for some reason or another. In my situation we recorded a video of a speaker, and he didn't want the whole world to see it, but determined it was fine if the school used it for internal educational purposes.

Comments

jonfrancisskydiver’s picture

jonfrancisskydiver commented

beekerstudios, thank you for trying out the ipAuthenticator. I hope that it works well for you.

I am interested in hearing if you are having the same redirect issue as you described above with ipAuthenticator. I didn't have any issues myself and thus didn't add any code to account for the problem that you described above.

To me it looks like you only wanted a specific IP ranges 192.168.*.* to view node 357. So you did this by setting the user id equal to 29 if the web viewer falls within 192.168.*.* or in ipAuthenticator syntax, IPs between 192.168.0.0 and 192.168.255.255. Then you had to correct for a redirection error when trying to log out by setting the uid equal to zero if the page title is equal to 'Access Denied'.

Thanks,
Jonathan

mantyla’s picture

mantyla commented
Status: Active » Closed (fixed)

I get how you did this, but I don't really get the why. I don't see why this should be part of the Nodeaccess module - it seems like a separate module by itself, and in fact there already is a module which does this, as mentioned above: http://drupal.org/project/ipauthenticator. Are you sure you couldn't get the functionality you want by using Nodeaccess in conjunction with that module?

There are of course lots of ways Nodeaccess could be expanded, but rather than make an already complex module larger and more bug-prone, it makes sense to specialize in one field and let other modules do their stuff. Nodeaccess is for providing view, edit and delete access to nodes (and possibly to files attached to nodes, as planned by debtman7), and not for forcing users to be logged in as a specific role or user.