Hi,
I'm two days away from my Drupal site launch only to discover a major flaw in my setup. I've been dragging myself along the drupal learning curve fairly well for the past month, and posting topics along the way. While none of my topics have been responded to, can someone please help me with this? I'm rather desparate.
Basicallly, I have two (non-admin) roles with equal read/write/etc permissions and two forums. Each role gets their own forum. Under Administer>Access Control>category permissions I have the checkboxes appropriately set up so that each role can only create/view/edit their own forum content.
I have the default permmissions for the forum content type set so that both roles can make/view forum content and posts are immediately published. So, in essence the default permission set on the forum content type is for both roles, but the access control is set so that only each role can view/edit/etc their own forum content. So here's what happens:
This works fine when they go to the "forum" menu item in the main block -- only their respective forum shows up in the forums list. And again, when they create content, and make a topic, only the correct categories appear in the drop down box.
BUT, When they click on "recent posts" in the main block, **ALL** of the forum posts display for all roles, including those that they do not have access to. And then, what's worse is that when they click on the forum topic that they should not be able to see in the recent posts lists, they get immediate access to that topic, in a forum they're not supposed to be in! Then they can backtrack to the forum through the breadcrumbs. !!
Now, in tryng to think of workarounds, I thought of this: I have an extra block for each role, and those are filtered correctly by role type. So I thought that maybe I could create a link within each role's block that would show recent nodes/forum topics by role. But I can't make heads or tails out the instructions for node_type_filter (the "documentation." The readme for the node_type_filter.module only says "Lets you filter node listing pages simply by &type=story,blog to the URL (for example). So now you can have recipe specific feeds, or blog+story specific tracker page (i.e. recent posts). Also works for the taxonomy/term pages."
What is the syntax to show all recent nodes filtered by role? How would I append the /tracker to only show nodes by role?
Lastly, is there a single documentation page that shows the URL address "commands" if you will. I've seen a lot of posts where users are just totally confused on how to fiilter, when the answer was to just type /or/1,2,3 or something like that. The documentation for individual modules is abominable, if it even exists. It should be a requirement that in order to submit a module, you also have to explain in moderate detail how to use it.
I thank you for your help in advance.
Desparately,
-edudx (Alex)
Comments
nodeperm_role?
Have you tried then nodeperm_role module at http://drupal.org/project/nodeperm_role. I have not tried it myself but it logically sounds like what you are looking for.
Another possibility might be the organic groups module.
My experiments with
My experiments with node_type_filter were pretty unsuccessful.
What I would recommend is that you create a static page and use a PHP snippet. Which might be slightly difficult for you, not really knowing PHP, but there are several available on the site (though I have to admit that the quality of the existing snippets is a little low).
Here's one that might do what you want: http://drupal.org/node/23232
Let me know if this works for you. If not I may be able to help you tweak it a little; my guess is your biggest issue will be display.
To make this work for you, you'll need to find the taxonomy id of the forum you want. This is most easily done by going to administer->categories, and clicking on the edit link edit term link of the forum. The last part of the URL will be the id for that term.
-- Merlin
[Read my writing: ehalseymiles.com]
[Read my Coding blog: Angry Donuts]
Ok, in looking at this, I
Ok, in looking at this, I think that snippet won't quite work for you. But...depending on how handy you are with PHP, you might be able to pull the SQL query from forum.module, in the forum_block() code, and use that instead. It looks like it might be a little hairy.
Also, I may do this as an exercise, because it's a snippet I would like, but I don't know if I'll be able to get to it in time for your launch. (Then again, I may, if I decide to tackle it tonight).
Now, the one I'm looking at will only do forum posts; if you want that melded in with other content, that might be trickier.
Tho actually, I looked at the recent posts query in tracker.module and it's using the right logic to restrict posts by node permissions. I'm not quite sure why it wouldn't be.
-- Merlin
[Read my writing: ehalseymiles.com]
[Read my Coding blog: Angry Donuts]
Tracker
merlinofchaos -- thank you for your rally. I'm convinced of the power of drupal, it's just that it really lacks good documentation to explain how components work together, and user testing -- both achieved before components are released. THis kind of sporadic php snippets and patches is not good. It's a frustrating aspect of community development unfortunately. I"m glad there are advanced users like you.
I've tried removing modules and narrowing the problem down, but no matter what I do, the term filtering by access control still works, except when the user goes to /tracker. I suspect that it may be due to the fact that when I define the "forum topic" content type, i assign the default view/edit permissions to both roles, but then I restrict the content by term (ie. forum) in the access control > category permission page. So somewhere the tracker module it is following the permissions based on content type, and not on taxonomy.
That no one else complains of this makes me feel utterly at a loss. It seems such a basic thing, to restrict "recent posts" in the /tracker just like everywhere else.
I have 2 flexinode content types set up. Tomorrow I'll try configuring them so they conflict in the same way, content type permissions vs. taxonomy permissions as defined by taxonomy access module and see if i can get the same results.
Thanks you so much for your help.
-edudx
I agree with you, it does
I agree with you, it does seem like a basic thing to offer this sorts of restriction. Unfortunately, it's not there yet. My belief is that it will be. Just...not at the moment.
When I have some time, I will try to set something up that is similar to yours, and see if I can get the same behavior. Recent posts *should* restrict, just like everything else; Robert may well be right, it may be nodeperm_byrole and taxonomy_access writing conflicting permissions, but I'm a little iffy on that, because I should think that would fail everywhere, not in just one query.
-- Merlin
[Read my writing: ehalseymiles.com]
[Read my Coding blog: Angry Donuts]
node_access permissions
node_access permissions (which both modules use) depend on grants. That means all content is not permitted unless a grant is present in the table. If one module bans content (absence of any grant) and the other mdule permits it, it will be shown. So if module A has a checkbox "private" and you check it, the module makes it private by *not* setting a grant. If module B goes and sets a grant for that node, module A will loose.
- Robert Douglass
-----
Rate the value of this post: http://rate.affero.net/robertDouglass/
I recommend CivicSpace: www.civicspacelabs.org
My sites: www.hornroller.com, www.robshouse.net
Possible Workaround
Something that might work, (although it would be a very long workaround) would be setting up multiple sites off of the same installation and then keep separate module databases for the forums. That would at least ensure that the content was separate and would allow you more customization with the permissions.
I'm new at this too though, and am running into enough problems on my own...BTW - if you have the class.smtp.inc file for setting up the smtp wrapper I desperately need it. phpguru.org - the site that apparently houses it is down.
I have set up three sites all running off the same database and it works pretty well - I haven't tried separating out the module databases yet - but it looks like it can be done.
Hope this helps,
Evan
Setting up multiple sites
A true CMS should be flexible enough to handle projects that operate as discrete entities within the system, through a permissions and roles setting, without projects/users knowing about each other. Imagine if you had to form a new construction company everytime you wanted to make a new building. No, you use the same company. In my opinion, the same thing should be true of drupal. It has the power to be so, but it is just way too disorganized. I hope that will change, and I believe in what I've seen enough so that I'm trying to stick out the learning curve so I can be a contributor.
My sense is that very few drupal users are using drupal as a true CMS. Their conception of users is an authenticated user and an admin, and maybe a few roles in-between that have degrees of authorial control. Essential control over 1 set of content. But truly separating dividing content between an array of users seems to be rare.
Thanks for you suggestions. I really appreciate them.
node_access table?
Please explain how you've made it so that users only see "their" forum. This isn't core Drupal so either you programmed it that way or you're using a module to do it.
If you are using the node_access table (the solution you're looking for, I think) and the forum posts show up in recent posts, then this is a bug in Drupal and needs to be investigated and fixed.
More info, please.
- Robert Douglass
-----
Rate the value of this post: http://rate.affero.net/robertDouglass/
I recommend CivicSpace: www.civicspacelabs.org
My sites: www.hornroller.com, www.robshouse.net
Seeing their forum
Thanks for the reply.
I'm just using the modules as they are. II have 2 roles in addition to admin, a Board of Director role and a ProjectA role, which is a project we're working on (not really projectA, but good for example). I set up the forums under a Board of Directors forum and ProjectA forums containers. I installed the taxonomy_access module, and I went to the Access Control > Category Permissions, and I clicked on Board of Director role and clicked the appropriate checkboxes to allow the the Board of Director role to access the Board of Directors container and inclusive content.
I think the bug is a conflict between the settings for forum topic content type and these taxonomy permissions. I have to set view/edit permissions in the content type settings to both Board and ProjectA roles, and have their posts automatically published, b/c I can't moderate all the topics. Yes I could restrict content manually, but that's not an option.
The filtering works by role, except when I view "recent posts." That is, when a board member user with board member role logs on and clicks on "forums" in the main block, they only see the Board Members forums (all the terms under the Board container) and the content.
Right I have installed for node and taxonomy modules:
node
node_privacy_byrole
node_type_filter
taxonomy
taxonomy_access
taxonomy_block
Thank you. I can't say it enough.
-edudx (Alex)
2 node_access modules
An initial problem I see is that you are using 2 access modules; node_privacy_byrole and taxonomy_access. The current access implementation doesn't really take into consideration how these two modules should work together (and the module authors didn't write them as a team), so it isn't surprising that you're running into quirks, and it is also probably not a bug in Drupal core.
I'd have to think about this issue quite seriously to come to a solution and I'm not in a position to do so at the moment. Are you a programmer (sorry if you said so in previous posts)?
- Robert Douglass
-----
Rate the value of this post: http://rate.affero.net/robertDouglass/
I recommend CivicSpace: www.civicspacelabs.org
My sites: www.hornroller.com, www.robshouse.net
Tracker.module does not filter
I've done some considerable workaround on this issue and have the site now hacked together, but functional. The crux of my issue appears to be the simple fact that the tracker.module does not filter content in accordance with the taxonomy_access.module, or the node_privacy_byrole, whether they are enabled together or separately. From what I can tell based on other posts, fixing the tracker.module to filter content by taxonomy permission would be a tremendous help for may users.
Thanks for all your help.
Alex
Completely possible that it is a bug
Please open an issue and describe the bug:
http://drupal.org/node/add/project_issue/drupal
- Robert Douglass
-----
Rate the value of this post: http://rate.affero.net/robertDouglass/
I recommend CivicSpace: www.civicspacelabs.org
My sites: www.hornroller.com, www.robshouse.net
Did this ever get entered as
Did this ever get entered as a bug?
Having taken an interested in this suddenly, I actually found that tracker is working for me, and I'm curious as to whether this has gone anywhere.
-- Merlin
[Read my writing: ehalseymiles.com]
[Read my Coding blog: Angry Donuts]
bug entered in tracker, and deemed not a tracker bug
See http://drupal.org/node/29228
The problem appears to be in taxonomy_access permissions, not tracker.
and, has finally been entered as an issue with taxonomy_access
'tracker.module ignores taxonomy_access permissions' ( http://drupal.org/node/69315 )
This apparently remains an open issue -- one I found the hard way with 4.7 in shiny 2006.
We found the same issue with
We found the same issue with our (4.7.2 with taxonomy access) forums five minutes after they opened. Can't see a fix for this anywhere. Taxonomy Access works with everything else we can see, rss feeds, recent comments etc. (except comment rss module, but we've also disabled that for now) - so is it not an issue with the tracker.module?