Advanced Permissions: Setting Content Visibility Through CCK
Edit: Solved the problem by using nodeaccess and the cck user reference field. Added the user reference field to my CCK content type called "Settlements". Then I created a view which would display all the settlements on one page. Then I told nodeaccess to use the user reference field to grant view permissions to the user value specified by the author and set the default visibility of the settlements to restricted. Seems to work./Edit
I'm trying to create a dynamic site where one administrator can upload settlements for 150+ drivers weekly. Each driver, after logging in as a unique user, must only be able to see their own settlements so permissions are very important. This creates two obstacles:
1.) Uploading 150+ .pdf documents a week can be very tiresome so the uploading process must be very quick and streamlined. I've created a content type "settlements" via CCK with a filefield for the settlements and an autocomplete options field tied to the drivers. I've got auto_nodetitles and pathauto so this is a pretty streamlined two-step process, yes? But this leads me to my main problem:
2.) I'd like drupal to recognize the "Select Driver" options field as linking that content to a specific driver(user). In other words, I'd like the administrator to be able to set the permissions/visibility for that node for a specific user when they create the node. I'm not quite sure how to approach this. I've thought about a few taxonomy based solutions but they were really clunky.
I'm not a Drupal newbie, but my capabilities with PHP are still very limited.
I appreciate any feedback or suggestions.
Ben H.
_
I'm not sure I understand your question-- the author of a node is associated with that node by virtue of being the user that creates the node. If you're then interested in restricting access control you'll want to look at one of the available access control modules (ie content_access, simple_access, nodeaccess, etc.).
_
Don't be a Help Vampire - read and abide the forum guidelines.
If you find my assistance useful, please pay it forward to your fellow drupalers.
The author will always be the
The author will always be the same, a single administrator who will upload the settlements weekly. These individual settlements pertain to a user base of 150 drivers. Each driver will be a user and must only be allowed to see their own settlements. So when the content is created, the author would select a driver and only this driver could view the settlement.
So I see two issues here: the permissions need to be USER based not role based or module/content based like Drupal default. The second issue is, the content author needs to be able to set the user/driver the content pertains to while creating the content, so it requires some CCK integration.
Is this clearer?
_
ah ok... now I see what you're going for. I think you should be able to get what you want with a combination of http://drupal.org/project/author_taxonomy and http://drupal.org/project/tac_lite or http://drupal.org/project/taxonomy_access.
And you don't really want to have multiple access control modules installed-- I would completely uninstall the ones you're not going to use and rebuild permissions.
_
Don't be a Help Vampire - read and abide the forum guidelines.
If you find my assistance useful, please pay it forward to your fellow drupalers.
Tentative Solution
Thanks for the recommendation on the access control modules. I feel like you helped me on another issue a month or two back too.... Either way, thanks.
I already had nodeaccess installed, and I just installed content_access and ACL(content_access uses ACL for user based permissions...I think).
Anyhow, I tentatively have something that works. I'm using both access control modules right now, but I don't think I need both modules. I'm going to try to trim this down to the leanest setup that will get the job done.
I'll update with my final setup in case anyone else is looking to do something similar.
But where is the .pdf located?
I follow how you did this, but it seems like you are blocking access to the "settlements" page except by those users with proper permission access, but what about the actual .pdf itself? When I create a filefield in CCK it doesn't give me a choice of really where to put it other then in the default/files directory, which is unprotected. When a user accesses the pdf, they could then distribute that URL to anyone. I know they wouldn't do that for your settlement paperwork, but I'm looking to block access to research white papers. My use case scenario is having someone fill out a form (webform) and then giving them access to a .pdf. Unless you fill out the form, you don't get access. And I don't want one person filling out the form and then distributing the URL to others (albeit, they could just distribute the .pdf, right?) Any insight?
view_own?
http://drupal.org/project/view_own
http://drupal.org/project/nodeaccess_autoreference