Hello,

I'd like to have the role/permission system to be more integrated with the rules module. Would such functionality be adopted in this module, or should I create a seperate module? If it would be adopted I'd like to provide a patch for this.

Comments

casey’s picture

What I have in mind:

Datatypes

  • Role (rules_data_type_role)
  • Permission (rules_data_type_permission)

Events
As far as possible; catch form submissions.

  • Role has been created
  • Role details have been updated
  • Role has been deleted

Conditions

  • Compare two roles

Actions

  • Create role
  • Load a role
  • Remove role
  • Load a permission
  • Grant permission to role
  • Revoke permission from role
  • Add role to user
  • Remove role to user
fago’s picture

Hm, why have a separate load permission action? I think a default input form for permissions would suffice, that just shows a select off the available permissions?

Also, roles are currently treated as "configuration setting" not as parameter. As in rules 1.x both at the same time isn't possible, we would have to change it to "parameter" all the way - but that would be bad for usability. So as of now, integrating this would be hard, so better go with a separate module for now. :)

In rules 2.x things will be improved and we can have a role a "conifugration setting" and a "parameter" for one action at the same time. Then we can think again about adding this stuff directly to rules.

However, I wonder what are the use-cases for this? Usually this is something the admin defines once, but doesn't need rules for.

casey’s picture

I want to use this as an alternative to the og.module (which I think is not very flexible). I use several contenttypes that act as group types. Groups should have their own permissions, so I need a role per group. I need permissions to be loadable since I want to dynamicly grant them to roles.

But thanks for your comment. I'll stick to a seperate module for now.

mitchell’s picture

Marked #272972: Event: user roles created and deleted as a duplicate of this issue.

Anonymous’s picture

However, I wonder what are the use-cases for this?

My issue (#517396: 'Has role' condition unavailable at account creation) requires an email to be sent to new users of a certain role (i.e. if a user registers as a 'Suppler', they get sent an email explaining how to add products to the site).

garywiz’s picture

Let me just place a strong vote in favor of further discussion.

We use OG, and believe me, if there were another way, I would love it. OG itself isn't that bad, but when you look at things like og_user_roles..... omg.... it is like a house of cards. There is so much code that does so many things which could easily break, and is filled with special cases and URL rewrites. I have no confidence in using stuff like that.

Rules, on the other hand, has been a robust solution to so many problems of customization for us. For example, if I could create a rule such as:

  1. If a user has the "group admin" flag (flags module)...
  2. and if they are visiting a page which belongs to a particular taxonomy item...
  3. then temporarily grant them the "group admin" role.

Wow, this would be great.

Right now, I noted that that there is no rule trigger for "hook_user_load()". It would be great if there were, since this would allow modifications to user's permissions and other characteristics based upon page or other context.

Of course there are gotchas to this, but I can definitely see a day when these types of rulesets could almost completely replace many other modules.

konrad1811’s picture

Maybe little simmilar to this:
I'd like to block node edition by a user that a node has field with this user name in it.
So I have a node with field with some value = name "SomeName" and if a user with called "SomeName" is going to edit this node - he's redirected to only view this node.
Or with uid number - the same...
But haven't found any event like "Content is going to be edited".
There is "Content is going to be viewed" or "...saved" but it's not enough... If someone is going to save - he already lost he's job as he didn't notice he should not edit such node at all...

Bilmar’s picture

subscribing

robby.smith’s picture

I am needing this as well. For my situation, when a role is removed or added (Event: Role details have been updated) I need an action to be taken by rules. Currently, I can only do this through Event "User account details have been updated" but I don't wish this rule to be executed/evaluated each time the user account details have been updated but rather ONLY when the role has been changed. Hope this helps to show there is demand for this. Thanks!

BenK’s picture

Subscribing...

robby.smith’s picture

To confirm, is 'Role details have been updated' for the event when a User receives/loses a role?
Or is this when an administrator updates a Role, for example the name?

casey - if you could provide a patch I would be more than happy to test it. Thanks

robby.smith’s picture

kindly bumping

planstoprosper’s picture

Subscribing. Is this still in the works?

fago’s picture

Status: Active » Closed (won't fix)

No I have not been working on that. Additionally I think this is rather sophisticated stuff, which should not ship with the main module as the usual user won't need it. Best this would be added as a separate add-on module.

mitchell’s picture

Component: Provided module integration » Provided Module Integrations

Updated component.

fadgadget’s picture

sorry is this now updated to use role changes have a rule? I am trying to create new content when a member has new role (welcome post)

thanks