Closed (won't fix)
Project:
Taxonomy Access Control Lite
Version:
5.x-1.3
Component:
Miscellaneous
Priority:
Normal
Category:
Support request
Assigned:
Unassigned
Reporter:
Created:
19 Oct 2008 at 17:18 UTC
Updated:
26 Jan 2010 at 01:43 UTC
Greetings
We're on a drupal 5 install and we're struggling to find a way to get TAC_Lite and Workflow_Access working together.
Currently, TAC_Lite bypasses the workflow_access restrictions, while we'd like it to operate afterwards and grant refined access thereafter.
Let's say, users have access to workflow states like they would access to a building's floor, but they couldn't enter any room without it's term access grant (which can be accumulated).
In other terms, we'd like to arbitrate priorities between those access modules. Workflow first, then TAC_Lite. No AND, no OR. Any idea on how to achieve this?
BTW, we're working on it, but time's almost up... And we're aware of those topics:
- drupal 4.x #56394: Node_access vc. Node Access Arbitrator (na_arbitrator)
- drupal 6.x #305136: TAC Lite (and TAC) Compatibility with ACL Module [Drupal 6.x]
- or eventually (6.x) #320728: Workflow and TAC Lite - can't edit unpublished node
- Hints would be greatly appreciated!
Great great job anyways (love the ressource-efficient+user-usability care)! Best regards,
Arsène & Ali
Comments
Comment #1
Dave Cohen commentedGive this patch a +1: http://drupal.org/node/309007, because its goal is to make this sort of thing possible.
It's a simple patch, so you could make the equivalent core patch for Drupal 5, then write your own alter hook to tweak your grants with your custom logic.
Without that patch there's no good way to accomplish this.
Comment #2
doc2@drupalfr.org commentedDone.
BTW, I think the issue #309007: Add drupal_alter() after hook_node_access_records() your pointing out is a revival of an old drupal concern (since 4.x), as witnesses the old Node Access Arbitrator module from MerlinOfChaos.
I was considering to port na_arbitrator.module's code but actually your current suggestion to rather backport from a more recent development would probably better fufill code sustainability concerns...
Comment #3
arbel commentedany luck with this, I have same situation, I have nodes with two different work flow status, and I need to allow access to the nodes to user who have the same taxonomy term as the node and are allowed to view the current status.
currently the workflow access rules are trumping the tac lite rules.
Idan
Comment #4
Dave Cohen commentedarbel, You can't revive these old threads with "won't fix" status. read the earlier comments, especially #1.
Comment #5
adshill commentedarbel, I believe this is that you need : http://drupal.org/project/module_grants
Comment #6
webel commentedI just read the entire Module Grants page, installed it, and tried it out with Taxonomy Access Control and Content Access together.
It does NOT seem to offer any to give a DENY from one access module general priority over an ALLOW from another access module.
Example:
I have a custom type Document (for handling extensive metadata on an attachments). By defauly, anonymous users should have access (most fields of) the Document node.
I have a Vocabulary Copyright with tags (Drupal "terms") for various degrees of access for different roles. When a node is tagged by 'restricted' it should not be visible to 'anonymous' users, expressed by a VIEW DENY for role anonymous on that term.
However, when I enable Content Access for node type Document it overrides (
ALLOWS) the Taxonomy Access Control setting; I need to prioritise TAC over Content Access, which seems to be the same as required by this TAC Lite posting.