By cooperaj on
I'm trying to figure out how to mix up my permissions a bit and get things really fine grained (corporate intranet) and I figured one of these two may help. You see what I really need is something like good old unix permissions. Being able to set a 755 on a node would be fantastic.
One of the above plus OG and taxonomy access (or tac_lite) should do it but I'm not sure exactly where to go. esp. in regards to a future upgrade path.
Any hints?
Thanks
Adam
Comments
Nobody can see the future.
Nobody can see the future. Currently all these access control modules serve different needs. With some of them, permission are set by the author of a node at creation time. Ohers assign permissions according to some specifications.
About Node Arbitrator, I think it is intended to allow using more than one access control modules together, because currently it is safe to use only one of them.
Edited to add: I am not sure what "Node_access" which you mention in the title is.
Um
Sorry, perhaps I wasn't clear. I understand what na_arbitrator does but there is also node_access. An unpublished module available only as an attachment to a post on this site. You need to search for it. As far as I can make out both serve exactly the same purpose. I was asking which is the way to go.
na_arbitrator needs compatable modules whereas node-access works with current code. However node_access seems to have not been developed for a while whereas na_arbitrator is being developed right now. Wierdly enough the na_arbitrator module seems to have started development at about the time node_access ceased.
Are they related in any way?
And is there anything that even comes close to a unix like 755 permission system?
Thanks
Adam
Oh, this one. I
Oh, this one. I see.
http://drupal.org/node/24868
About "755"-like access, TAC was trying to take a similar approach.
Work will continue on node_access
I contacted robb about his node_access module and it sounded like work would continue for a 4.7 version, although he has been very busy with other things. I'm currently using node_access in 4.6; things seem to work well.
The arbitrator is built on
The arbitrator is built on top of Drupal's node_access stuff, so it's not really different. It's an API designed to make it easier for modules to work together.
Right now it's only a good solution if any of the modules that utilize its API do what you want; I've been trying to get ahold of ankur to do node_privacy_byrole for it, which'd give you about the closest thing to a good ol' chmod that Drupal can give you.
-- Merlin
[Point the finger: Assign Blame!]
[Read my writing: ehalseymiles.com]
[Read my Coding blog: Angry Donuts]
-- Merlin
[Read my writing: ehalseymiles.com]
[Read my Coding blog: Angry Donuts]
I think they may be doing different things
I am not sure arbitrator is doing the same thing as my node_access module. na_arbitrator seems to provide an improved API for handling roles and access. My node_access module provides a mechanism for controlling access to individual nodes based on custom access control language. For example node_access supports private sections of a site using any existing node type, I am not sure na_arbitrator does that.
In any case node_access is being upgraded to 4.7. The delays had to do with a little thing called buying a house and the intrusion of work so my company could continue to fund my Drupal forays. I am currently working on an API that hopefully will remove all the nasty queries and caching I did to maintain compatibility with existing modules. While it was a great experiment and I learned a lot (and it worked!) I have been uncomfortable with the design for some time.
Node_access and Taxonomy access
Will the 4.7 node_access allow taxonomy_access and simple_access to work together still? Or will it include the functionality of these modules? I'm wondering, based on your comment about existing modules... thanks for the update.
Taxonomy Access by Role via Node Type | Alternative
- - - - - - -
Node Access - The simple access module works fine.
Taxonomy Access - The taxonomy_access Control module. I have not been able to get this to work, but you might.
Taxonomy Access Lite - The taxonomy access Control LITE (TAC module) might do it for you. I have not been able to hide access to the vocabulary, but you might.
- - - - - -
Another possible solution:
- - - > Create another node type for your users.
- - - - - - - - > ie copy and modify the story module and call it 'document module'.
How to create your own simple node type (from story node)
How to create your own simple node type (from story node) (Drupal 4.7)
Both links are to the Drupal Handbook
This works great for me.
- - - - > Create different nodes, assign some Taxonomies/categories/vocabularies/terms to some node types and not others.
- - - - - - - - >Assign node access by role to some Nodes and not others.
Thus via node type you have Taxonomy Access by Role.
Hope this helps.
t4him
Roles?
na_arbitrator has nothing to do with roles.
All it really does is handle the writing of the node_access table so that an individual module doesn't have to; that way multiple modules can use the API and not worry about it. Without something like that, a node access module has to control access to every node.
It doesn't care how you a module determines that access grant, and it doesn't have anything to do with roles.
-- Merlin
[Point the finger: Assign Blame!]
[Read my writing: ehalseymiles.com]
[Read my Coding blog: Angry Donuts]
-- Merlin
[Read my writing: ehalseymiles.com]
[Read my Coding blog: Angry Donuts]
node access is available for
node access is available for Drupal 4.7 (BETA). It has been renamed to na_multi in anticipation of changes to make the API saner.
The latest version can be found at:
http://www.lab.canfield.com/projects/na_multi
Please use only on a test site and following the install instructions carefully.
You're 755 example may be a
You're 755 example may be a bad choice. You get 755 by using a permission like 'edit own pages'. Only the creator can edit them, others can view. You don't need any fancy access control. You can even get 775 or 750 if your unix "groups" correspond exactly to Drupal roles, and you have the right permissions set up. The limitation is that these permissions apply to all nodes of a type. It's not like a unix file where you can have one set of permissions for one file and something completely different for another.
The philosophy of tac_lite is that roles and permissions control what a user can do, but taxonomy controls what a user can do it to. So for instance if a user has 'administer nodes' permission, they are able to edit any nodes they can see. but tac_lite might hide some nodes from them. Those "hidden" nodes they could neither view nor edit. Tac_lite allows you control what users can see based on their roles, or based on a specific user.
Regular TAC lets you assign permission to view and update/delete. The permissions are based on roles, not specific users. You might be able to come up with a set of taxonomy terms that encapsulates unix-style permissions and use TAC to enforce it. For example a vocabulary called 'anonymous user priveleges' with terms in it like 'r--', 'rw-', etc... and make another vocabulary like that for each group (role) i.e 'registered user privileges' and so on. You'd be able to assign terms from those vocabs to each node.
Related issue
#323360: How to arbitrate priorities between TAC_Lite and Workflow_Access grants?