Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.We have special roles in a og. There's some internal nodes that only specific per-group roles should be allowed to get access to.
Since og already permits access to a node this feature request is not about providing additional grants, but tighter per-node permission. it adds general different functionality than we currently have.
We only could add such functionality if ogur would provide own og-realms (in addition to og's) and remove the grants from og to nodes. ogur realms would need to be per group role.
(Complexity: Users will have additional realms per group with their given ogur role.)
To make the above solution we'd need to provide global per content type configuration to remove og perms and readd (per ogur role) specific perms.
Thinking about how to make this more generic i'm resulting in 2 rules implementation.
1. Provide realms by ogur role per group
2. Action: remove og realm in node_access for node
3. Action: add ogur realm to node_access per node (based on node-group assignment)
By simply adding a rule with certain conditions we'd be able to handle the situation.
Additional rules / actions would make ogur more manageable with e.g. views bulk operations.
What do you think? Is there a more simple way? Would this be a feature set for ogur?
Comments
Comment #1
miro_dietikerBetter titling
Comment #2
miro_dietikerI've written a custom module to extend ogur with node access realms. Its name is OGURA ;-)
See http://drupal.org/project/og_user_roles_access
So this could remain in ogur contrib... but i still hope ogur is moving toward such a functionality.
Rules integration is by intention still not part of it.
OGUR guys please review and provide feedback.
Comment #3
sunCould you please elaborate a bit more about the actual use-case? Only the first sentence in your OP is about the actual use-case, but that's a bit wishy-washy.
Comment #4
miro_dietikerHey sun..
OGURA is about introducing per-OGUR realms. Same as ogur allows us to support different roles (per group) in a volatile group context, ogura makes ogur specific permissions persistent to the node_access layer.
E.g. you will be able to make only employees (role) of a specific group to publish strategy (type) nodes... while regular members won't be able to even see them.
With ogur you might be able to limit creation permissions. With ogura you will be able to push this permission into node_access and make search and other global lists to behave ogur roles...
The modules' front description tries to explain the use case too.
http://drupal.org/project/og_user_roles_access
I'm open to replace it with any better explanation. ;-)
Comment #5
sunok, your module seems to boil down to the hook_node_access_*() implementations in http://drupalcode.org/viewvc/drupal/contributions/modules/og_user_roles_...
If you turn those into a patch for og_user_roles, and add a couple of tests for this functionality, then I'd probably accept it.
On a related note though - doesn't this conflict with the og_access module? At least the tests would have to ensure that this works.
Comment #6
sunFixing some issue properties - better title, new features go into 4.x-dev, and there's no patch in here.
Comment #7
mxtSubscribing,
also I need a "user has GROUP roles" condition in Rules OG conditions to send an mail only to specific Group Moderators (in addition with the existing "User is group member" condition.
Thank you
Comment #8
sunSince this is a separate module now, I guess this can be considered fixed.