access control in Drupal 6?
sciman - June 26, 2008 - 19:22
I'm wanting to control access of my site users as they download software. I see that for version 5 there was a Taxonomy Access Control Lite which might work, though nothing is as yet posted for Version 6, and I've not found the right search terms to figure out how to go about what I need. Some users should be free to download trial versions of software, but I have various levels of paid user who should have different access to various product downloads. Any general suggestion for how to go about this is Drupal 6 would be much appreciated.
drupal.org --> Modules -->
drupal.org --> Modules --> User access/authentication --> Filter for D6.
Basically, the only one with an official d6 release (AFAIK) is http://drupal.org/project/node_privacy_byrole. Though http://drupal.org/project/taxonomy_access and http://drupal.org/project/content_access are getting close I think.
===
"Give a man a fish and you feed him for a day.
Teach a man to fish and you feed him for a lifetime." -- Lao Tzu
"God helps those who help themselves." -- Benjamin Franklin
"Search is your best friend." -- Worldfallz
The only available access
The only available access control module for Drupal 6 at this moment is node_privacy_byrole.
http://drupal.org/project/node_privacy_byrole
http://drupal.org/handbook/modules/node_privacy_byrole (Documentation)
As you can see, among other things, it allows a node's editor to specify user roles who can access the node. So, it supports direct permissions for a node (or default permissions for a node type). Not via categories, like taxonomy_access or tac_lite do.
With any of these modules you can attach your files to "file download page nodes" and control them.
If the way node_privacy_byrole works does not fit well with your workflow, maybe it is better to stay with Drupal 5 until more modules are ported.
what is the status on access control?
It looks like TAC still is not available for Drupal 6.
What options does exist for Drupal 6 today?
I need to set up sections (books, pages, forums) for different user groups. Should I stick to Drupal 5?
TAC still has only a devel
TAC still has only a devel release, but judging by its stats (1,123 sites are reporting using the 6.x-dev version) it shouldn't be bad. And you can also consider tac_lite if you don't need "create" permissions (who is allowed to tag with some terms).
However there are lots of other well-developed access control solutions now, by content type or even by individual node (content_access, node_privacy_byrole, nodeaccess), by subscibription (og), even by domain or subdomain.
Are there any comprehensive
Are there any comprehensive lists of which access control modules working with drupal 6? Up to date howtos?
I need to set up separate pages/books/forums etc for different departments, available only to their members, and with superusers in charge of adding/changing content. And I need it to be completely transparent to the users (i.e. the users should not need to set/view taxonomy access terms every time the create content)
The taxonomy-acess control combo of Drupal, am I not sure if it is really powerful, or a total hack and a mess, or all of the above... :-\
thanks for your help!
If you want section admins,
If you want section admins, probably http://drupal.org/project/og is the most simple and natural choice. You just subscribe users to groups.
Or, if you want to use the more flexible role system, any access control module combined with http://drupal.org/project/role_delegation or http://drupal.org/project/roleassign
It is up to the site developer whether it will look like a hack to the users or not.
Sections which depend on taxonomy are more flexible. Sections which depend on different content types offer links like node/add/here. A well-designed set of roles with access to content types each of which accepts only some taxonomy terms could help.
You could provide users with many "small" roles which add only a few permissions each if you want the section admins to be able to remove those permissions from users without modifying the whole permission system every time.
Organic groups
I really appreciate your help.
I tried a new install of D6 with organic groups.
But it seems I stumble once again. I can set up groups, but I can not assign e.g. a book or a forum to a group so that all posts/content of these are restricted to the group? Instead every node must be given group membership...?
I saw mention of a OG forum module, but somewhere else I read that use of it was discouraged, so I have not installed it...
edit: It looks like organic groups doesn't work well with books without hacking: http://drupal.org/node/111064
Books is an alternative way
Books is an alternative way to achieve access control by section (for example using http://drupal.org/project/book_access). I am no big fan of mixing together different site structuring methods, because I am easily confused (and easily confusing).
What I want, is to have
What I want, is to have sections of my site accessible only to some groups, which can contain *any* content/nodes (books, forums, pages). If possible, the permissions should be inherited, so that the permissions of the root page of a book determines the permissions of the content.
I thought this might be possible with OG, I'd like the setup to be as simple as possible, without the need to install lots of (beta) access control modules...
Should I go back to Drupal 5?
Drupal 5 has fewer and worse
Drupal 5 has fewer and worse maintained options for structuring and for access control. Even taxonomy_access, although it does have a stable 5.x release, that is not better maintained.
Generally you must not install lots of access control modules, beta or not. You need to choose and rely on only one, with any limitations it may have.
In my opinion the only reliable options today (with their limitations) are either og (perhaps with some different content types allowed in each book) or a role-based approach based on an access control module by content type.
Options which are not available or stable yet, such as whole hierarchical structures of nodes within a group (og_book) will just need more future development work.
Two extremely useful Drupal 6 modules which can bridge many kinds of gaps in the logic of a site are the rules module (or the trigger module, in core) and the flag module (like "when a node is saved, if this condition is true, then automatically do that action").
domain access module
Hmmm, coming back to this discussion, now it looks to me like the best and only way to create hierarchically separated user groups, is to create *multiple* sites/subdomains with separate access rules.
I will give Domain access module a shot ( has already been mentioned in this thread, thanks to rusty!)
http://drupal.org/project/domain
I have a very similar need, curious about your results
Hi Dovry, I am new to Drupal, am running a test site as I consider whether or not to migrate from Joomla 1.x. Our main need is to control content as you mentioned. We have customers, employees and other types of users that should be allowed to see certain types of content. For example, an anonymous user would see a limited set of books, menus and pages. A customer would see what the anonymous user can see plus others, and the employees would see both of those plus others. This is actually the main reason I'm looking away from Joomla, but I can't seem to pin it down in my Drupal research. Have you had any luck yet?