Provide realms: additional ogur per node permissions
| Project: | OG User Roles |
| Version: | 6.x-4.0 |
| Component: | Code |
| Category: | feature request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | needs review |
Jump to:
We have special roles in a og. There's some internal nodes that only specific per-group roles should be allowed to get access to.
Since og already permits access to a node this feature request is not about providing additional grants, but tighter per-node permission. it adds general different functionality than we currently have.
We only could add such functionality if ogur would provide own og-realms (in addition to og's) and remove the grants from og to nodes. ogur realms would need to be per group role.
(Complexity: Users will have additional realms per group with their given ogur role.)
To make the above solution we'd need to provide global per content type configuration to remove og perms and readd (per ogur role) specific perms.
Thinking about how to make this more generic i'm resulting in 2 rules implementation.
1. Provide realms by ogur role per group
2. Action: remove og realm in node_access for node
3. Action: add ogur realm to node_access per node (based on node-group assignment)
By simply adding a rule with certain conditions we'd be able to handle the situation.
Additional rules / actions would make ogur more manageable with e.g. views bulk operations.
What do you think? Is there a more simple way? Would this be a feature set for ogur?
#1
Better titling
#2
I've written a custom module to extend ogur with node access realms. Its name is OGURA ;-)
See http://drupal.org/project/og_user_roles_access
So this could remain in ogur contrib... but i still hope ogur is moving toward such a functionality.
Rules integration is by intention still not part of it.
OGUR guys please review and provide feedback.
#3
Could you please elaborate a bit more about the actual use-case? Only the first sentence in your OP is about the actual use-case, but that's a bit wishy-washy.
#4
Hey sun..
OGURA is about introducing per-OGUR realms. Same as ogur allows us to support different roles (per group) in a volatile group context, ogura makes ogur specific permissions persistent to the node_access layer.
E.g. you will be able to make only employees (role) of a specific group to publish strategy (type) nodes... while regular members won't be able to even see them.
With ogur you might be able to limit creation permissions. With ogura you will be able to push this permission into node_access and make search and other global lists to behave ogur roles...
The modules' front description tries to explain the use case too.
http://drupal.org/project/og_user_roles_access
I'm open to replace it with any better explanation. ;-)