I solved a common OG problem and I would like to know what others think, if it's a bad idea or not. I'm using OG for the first time so I'm not sure if what I did is a good idea.

My Drupal website has relied on Taxonomy Access Control and TAC_Lite to control permissions of forums and other content. My forums were imported from phpbb and I needed the user specific access that TAC_Lite provides.

I just installed Organic Groups and love what it can do. Then I noticed that anonymous users have full access to my forums (a very bad thing!). After searching Drupal and Google I couldn't find any recommendations except to only use one access module at a time.

After snooping in the database, I noticed in the node_access table that all of my nodes (at least in the forum) where set: realm=og_all grant_view=1. I did a quick sql command, UPDATE node_access SET grant_view=0 WHERE realm="og_all" and everything works as I had hoped.

Changing the grant_view to 0 means that a node is default blacklisted unless another access module approves it. Is this right? Will this cause any problems?

Thanks for your advice!

Comments

jasonwhat’s picture

Was supposed to deal with these issues, http://drupal.org/node/55594 however it is a new module and I don't know how well tested it is. Plus, it requires 4 new modules which I imagine is resource heavy. I wonder if your solution is a better way to simply lock forums to users.

myriad’s picture

I saw the arbitrator a few months ago, but there might have been warnings as it was still young so I passed up on it. Using Tac_Lite to control forums to a specific user works well. It allows user specific permissions, not just roles. Kudos to the author!

myriad’s picture

I am successfully using Taxonomy Access Control, TAC_Lite, and Organic Groups to control permission on my site. I have a fairly complicated ruleset where I have a teacher and student as one group. The teacher can have many private students but the student's can't see eachother's groups. By carefully setting up the permissions in Taxonomy Access Control and changing "grant_view" to 0 for "realm = 'og_all', I am able to have all three modules work together.

The trick for me was to create a Vocabulary called "group" that is mandatory for the "group" node type to have then set the TAC to limit its viewing. This allowed me to hide groups from other users, like having a private and hidden forum. You could set og_all only for group nodes you want to restrict access on, overriding TAC.

You must be carefull. I have to test all the roles on my site to make sure it works how I expect. It's pretty easy to make a mistake and let anonymous users have full access where normal users don't. A module to show example users from each role that can view or update pages would be extremely useful in this case.