Give TAC Lite Access Priority
pcorbett - April 17, 2009 - 00:09
| Project: | Taxonomy Access Control Lite |
| Version: | 5.x-1.3 |
| Component: | Code |
| Category: | feature request |
| Priority: | minor |
| Assigned: | Unassigned |
| Status: | needs work |
Jump to:
Description
Similar to the nodeaccess module, it would be nice if I could specify whether I wanted access permissions granted through TAC Lite to take priority over any other node access module. This patch adds a checkbox to do just that. Just check the box and a tac_lite-priority variable is added to the system variable table. It defaults to not checked (0).
In my case, I have the nodeacess module installed and I let all users view a particular node type. However, I wanted to restrict users from viewing nodes of that type tagged with a specific taxonomy term. By checking the Priority box on the TAC Lite admin form, this is now possible.
Ideally this would be a weighted setting and not just a binary on/off, but it's a start.
| Attachment | Size |
|---|---|
| tac_lite-priority.patch | 1.82 KB |
#1
#2
I agree it should be a number, not a checkbox. Frankly, I didn't even know about this priority feature. Sounds confusing.
I think it should be set per-scheme, not just for tac_lite in general, right?
I think #309007: Add drupal_alter() after hook_node_access_records() is a better approach, although unlikely to make it back to D5.
#3
I'm not sure about the per-scheme because I would assume if you install TAC, that any setting you set you'd probably want it to actually work, in which case you'd want them all to override any other module's priority. I suppose it couldn't hurt, but I'm not sure that anyone would create a TAC rule and not want it enforced :)
I don't think the priority thing is confusing, although I think the entire node access process is!
The link you provided looks like it is addressing the whole priority issue, but not sure how much different it actually is since 5 supports it... just that most node access modules don't take advantage of it. I would say if all modules could just add a "Priority" drop down... ideally listing any other modules with priorities, that would be real nice. I wonder if ACL has any of that built in?
Thanks for replying so quickly and sharing your thoughts. It sounds like "one of those things" that probably only affects a few like me. But figured I'd post and hopefully others can employ this small hack to get things working for them.
An alternative is to just add in your README.txt something along the lines of this... just letting them know what the issue is and how they might go about dealing with it.
#4
Well said. :)
The other issue address not just priority, but changes to logic. Like, "let the user edit the node if both tac_lite and forum_access allow it". That is changing OR logic into AND logic - or what have you.
The reason to have priority associated with schemes is that you could set up two vocabularies and give priority to one vocabulary over another, by refering to them in different schemes. Right? I'm still getting my head around it.
#5
As far as the logic is concerned, I think, at least with D5, that it's an all or nothing game - only one access module gets to be at the top. I think the only solution that makes much sense is to get a node/taxonomy/forum/etc access module into core :) I'm going to start using tac_lite and the node_access module in a production environment shortly. I'll let you know what comes of it...
I didn't think about competition between individual tac_lite schemes -- in that case you probably would want to assign scheme-level priorities. Thinking about it more -- everything could get much more complicated much more quickly (as it usually does with Drupal and multiple modules working together).