When I make an album private/restricted using a node_access module, is it acidfree's or the node_access module's job to make all images _within_ that album also private/restricted w/ the same restrictions (realm, in node_access terminology) as which are applied to the album? It seems to me this should be done in acidfree, but it does not seem to work as such. Does anyone have more info on this?

Ian

Comments

Ian Ward’s picture

Ian Ward commented

I did a little more research, and I see the privacy_book module does something similar to what I am talking about here - a hierarchical approach to node access, where you have a parent node and child nodes. In the privacy_book module the parent node is a page in a book, and the child nodes are any pages beneath that book which are child pages (as defined by the book module). In the case of acidfree, a child node would be an image node within an album.

The way that privacy_book deals with access to child nodes when a parent node is made private is that it 1) gives the user the choice whether they want to apply the privacy downward to child nodes when making a book node with children private. 2) when the user decides to pass the privacy down to child nodes as well, it inserts into the node_access table for all child nodes as well.

What I'm wondering is if there is a way to instead apply a check to see if a node has an entry in node_access, then see if it has any children (children may be defined differently depending on the module) and to then not necessarily insert into node_access table for every child, but idetify if there are children for nodes after the node_access table is checked, and apply the same access rules to the children as the parent.

Does this seem logical? Then, is it feasible given the current node_access system? Maybe this is something to be addressed in the core node_access system, or does anyone think it can be easily done from a contributed module?

Ian

vhmauery’s picture

vhmauery commented
Status: Active » Closed (won't fix)

This does make sense. It really should be the node_access module (I use my own simple custom one) that does the change. Acidfree is really agnostic of all node_access stuff. Drupal was written in this manner. The idea of having the node_access module do the work is intriguing. There just needs to be some way of knowing which node types have children and then a way to get the children. Then it can do with the children what it needs to to protect them accordingly.

To determine whether or not to check for children:

<?php

    // in the update secion of the node_access module
    // something like this could make sure the children are
    // appropriately protected.  Of course you might want to 
    // make a way to allow children to override the parent
    // protection as well if desired.

    if ($node->type == 'acidfree' && $node->class == 'album') {
        // get all of $node's children
        $children = _acidfree_get_children($node);
    }

    if (isset($children)) {
        foreach ($children as $child) {
            !! apply parent protection to child
        }
    }
?>

I hope this code snippet helps you get what you want. I think I might encorporate it into my node_access module.