By simonaut on

I have been working on creating some kind of module or using one already made to store some employee data which they will be the only ones that can see. I have a unique employee # for each person and I am trying create a CCK field for things I want to store like last name, date of birth, etc... I only want that employee to see that information not everyone. Of course someone in the HR department would need to see this. Will the Views module allow me to do this??
Simon

Categories: Drupal 6.x

Comments

WorldFallz’s picture

WorldFallz commented

No, you'll need to add one of the access control modules (content_access, simple_access, tac_lite, taxonomy_access, nodeaccess, etc).

jainrutgers’s picture

jainrutgers commented

Yes follow this step

1) Create a content type for employer let say "Employer" (with require cck filed like name. DOB etc.)

2) Create a role for the employer. So once they registered the admin will assign them this role.

3) Create a new view let say "myprofile". Now in filter section select the node type Employer(the one that you created in step 1)

4) Now again in filter section use Current User "Yes" (most important)

5) Creat a view page and name it "myprofile"

6) Now you can create a menu for logged in user only which say suppose "Edit my profile" which will link to view page "myprofile'

7) Now when current user click that link he will only see his profile and if you set permission correctly for each cck filed then he will be able to edit it.

8) Make some role for HR people and grant them permission to see anyones profile. When i say permission i mean you can configure permission of each cck field individually so that you can display it to HR people and one who owns the profile.

9) I created a job-portal http://bio-1.rutgers.edu having same functionality.

10) Lastly if you lost or didn't understand let me know...

Chetan

WorldFallz’s picture

WorldFallz commented

Just beware-- I don't see any access control with this method. Views does not control access to nodes-- anyone with the URL or who can guess the url (or who randomly browses 'node/nid' urls for that matter) will still be able to see the actual node. With this type of information you need to be really careful to test the access control thoroughly.

jainrutgers’s picture

jainrutgers commented

You are right that people can go to url direct but even they will not be able to see anything except the title. Because all filed have view permission on them. If you want you can use NODE ACCESS module which will overcome the problem mentioned above.

Thanks

Chetan