Closed (fixed)
Project:
Taxonomy Access Control
Version:
6.x-1.x-dev
Component:
Documentation
Priority:
Normal
Category:
Support request
Assigned:
Unassigned
Reporter:
Created:
29 Jan 2009 at 18:33 UTC
Updated:
27 Feb 2010 at 23:25 UTC
I have set anonymous user not to access forums.
However, this seems to have only effect on the ability to access containers and forums.
Forum topic nodes themselves can still be viewed through tracker (or google) for example
To prevent this illegal backdoor access, I had to enable a second vocabulary for forum topics by wich I can prevent accessing the content nodes themselves.
Is that normal?
Comments
Comment #1
vm commentedwhy not use the forum access.module ?
Comment #2
jvieille commentedChanged the title
Comment #3
jvieille commentedThanks for the info
I'll try it
Comment #4
jvieille commentedI found a simpler way because I really don't need a sophisticated access handling for forums - just an internal, simple communication tool.
Just add in the TAC permissions for anonymous all terms corresponding to all forums and block their access.
It works.
What I have difficulties to grasp with TAC is that it needs both positive and negative access permissions:
- granting a specific role to access something does necessarily not prevents another role to access it
- preventing a specific role to access something does not necessarily implies that all other will get throught.
(I guess this is because ot somewhat compete with Drupal core permission handling. The core has only one pemission to authorize the view of any type of content, so it has to be enabled
The only secure way is to do both...
Comment #5
xjmComment #6
xjm