By thrice on

I have a website that is pretty much open to all - it's public information. However, there are one or two pages that I'd like to restrict access to. I'd like a user to email me in order to get access to those pages. It doesn't have to be really secure, it's a marketing idea more than anything. I get to find out who they are and they get that bit more information.

My initial approach was to create a single new user and just hand over the username/password to someone who asks. I then used the simple_access module to restrict access to my senstive pages to that user. In theory it sounds OK, but in practise it doesn't really work. The user, once logged in, get access to the "my account" page for what is basically a public account, so they can change the username and password - not what I want. They also get the idea of logging in and out, which is a bit much for this application. All I want is for them to type the appropriate password when they want to see a particular page.

Is there a better, simple way to implement this?

Comments

Tobias Maier’s picture

Tobias Maier commented

we have such a lot of access tools
http://drupal.org/project/Modules/category/74

take one give one specific role the permission to view this nodes
if someone wants to get access to this nodes you assign him to this role too.
so he can view it...

Dublin Drupaller’s picture

Dublin Drupaller commented

Hiya thrice,

the simple_access module is superb for restricting access to nodes...it's one of the best access control modules out there. but restricting access to the MY ACCOUNT page is a different story.

Which version of Drupal are you using?

It's possible to tweak the USER.MODULE by adding in an extra "EDIT OWN ACCOUNT" permission that you can control, as admin, under the ADMINISTER -> ACCESS CONTROL page.

for example, if you setup a USER ROLE type called "GUEST USERS"...who are the users you give out a username/password to, they will be able to login, but not be able to EDIT OWN ACCOUNT and only view pages that you allow them to using the simple_access.module. Furthermore. You can hide the navigation menu for those users as well.

I hope that makes sense..if you need a hand with that, give me a shout. The bottom line is that it's very doable. the tricky bit is doing a little tweaking to the user.module..

Dub

Currently in Switzerland working as an Application Developer with UBS Investment Bank...using Drupal 7 and lots of swiss chocolate

thrice’s picture

thrice commented

I've pondered over my situation, and what you and guckie said, and the more I thought about it, the more I thought I really don't want to get the concept of users involved here. The fact is I don't want "users" on this public website - it opens up a whole bunch of problems about restricting changes to user login details, which is largely going against the flow of what Drupal provides to users. I also don't want to say to visitors "your username is xxx, you password is xxx" - the concept of the site is such that they're not my "users" and will be puzzled if I start giving them the idea that they are.

So, I figured a new module, probably based on "page" might be in order. It would look exactly like "page", except that if the visitor hasn't entered a password it will show a password prompt, not the page. Once the password has been entered it will show the page (and other pages defined by the module) as normal. The password can be defined on a settings page.

This sounds simple enough - no users involved, just a "you need the password to see this page" concept. Sounds like a module for a beginner to write. That'd be me then... :o)

guckie’s picture

guckie commented

I am doing something similar to this. Maybe describing the methods I'm using could help you. (Applicable to Drupal 4.7)

In my case, I have an "explicit language" area of a site that has restricted access. A user has to complete a short online agreement called "Consent to View Explicit Language" before he/she may access these areas. All other areas of the site are public and language is censored in all public areas. I've created a user role called "subscriber-x" which has access to the restricted (explicit language) areas of the site.

I used the webform module to create the online agreement. In the future, I plan to incorporate custom code that will automatically grant the user role subscriber-x (increased access privilege) on cron run based on the existence of the appropriate completed webform for particular users... but for now, I can manually check for completed agreements (in the webform table) and manually assign the user role (i.e. subscriber-x) that should result from a user having completed the agreement. Webform can also be configured to send an email to whatever email address you'd like upon submission of a form by a user.

Now, for actually restricting access to particular roles for certain areas:

I'm using the TAC_lite module, which I find works very well. TAC_lite allows you to allow or deny access to certain taxonomy terms, based on user role.

Since, as you say, you want to limit access to just a couple of pages, you might find the path access module sufficient for your purposes. I've experimented with the path access module and found it to work pretty well. (I don't recommend combining the TAC_lite and the path access modules, however.)

I think, assuming you're using drupal 4.7, this can hopefully get you going in the right direction.