What does it do?
It extends the og_acces Module and adds an additional form, where you can define an "private-viewer-group". The groups that have that status can view into private groups. They are though not able to modify any content through that permission.

Why would that be needed?
If you want to elevate a group and have them kina moderate all the other groups without actually being able to edit all nodes. So far the persons would need administer nodes permission. This is though to wide.

I hope get's in there. There is not much to say about the code. It's pretty straight forward. When you apply the code you need to rebuild node access table.

Only local images are allowed.

CommentFileSizeAuthor
og_access.module.patch3.86 KBrapsli
og_patch.png24.11 KBrapsli

Comments

amitaibu’s picture

amitaibu
Primary language Hebrew
Location Israel
commented

I think you can already achieve this by using OG subgroups module.

Set a group of maintainers and under it all the other groups. When an admin will be created in the maintainers group, she will be propagated down the groups and become and admin there as well.

rapsli’s picture

rapsli commented

well, problem though is: those user's can't have admin status, but are only able to view content in private groups.

Antoine Lafontaine’s picture

Antoine Lafontaine commented

I've done some customization to OG for a client in order to achieve this myself.

Use case: system has all private groups where members can upload files which are only accessible by members of the said group. There is a 'moderator' role which can access and see all the files uploaded in all the groups, but that moderator role can't edit nor delete any file. If they find something that needs to be removed, they report it to an admin which will take any required action.

I haven't reviewed rapsli's code, but I would say this kind of permission would be quite useful. (this removes the need to add the moderator to any newly created group) My approach was just to add a permission "view all groups" to the permission I could give to a role.

Maybe this is a very limited use case...

rapsli’s picture

rapsli commented

"My approach was just to add a permission "view all groups" to the permission I could give to a role"

IMO this doesn't work if you enable og_access module

Antoine Lafontaine’s picture

Antoine Lafontaine commented

Yes, you are right, my post was probably too vague. I've added the permission in the og.module and added some conditional checking in the og_access_node_grants function in og_access.module.

It probably isn't "good" code and is quite "narrow minded", but here's the code I've used to give "subscriber acess" to any role that as "view all groups" permission assigned (maybe it should be called "suscribed to all groups")

if ( user_access('view all groups') ) {
    $groups = og_all_groups_options();
    foreach ($groups as $key => $val) {
      $grants['og_subscriber'][] = $key;
    }
  }

IMO, it feels like a quick and dirty hack, but in the context I'm using it it works as intended (time limitations played against me).

My comment was intended to support the idea that a clean and well tested implementation of such a feature would, indeed, be useful.

rapsli’s picture

rapsli commented

hi
Thanks for the support. I guess this does work ;) Let's see what moshe thinks about it.

Anonymous’s picture

Anonymous (not verified) commented

This is a great feature and IMO should be implemented.

Can this patch be applied to the 5.x branch?

moshe weitzman’s picture

moshe weitzman commented

yeah, maybe. i'll think about it. not for d5 though. thats on bug fix only.

moshe weitzman’s picture

moshe weitzman commented
Category: task » feature
Status: Needs review » Closed (won't fix)

I am not inclined to add this feature. Feel free to do it in Contrib using node access api and hook_og().

rapsli’s picture

rapsli commented

http://drupal.org/project/og_superadmin