Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.
By EricT206 on
I am building a site that will be used by 2000-3000 organizations. Each organization will have 1-5 users. Each user will belong to one and only one organization. All users should have the ability to:
- create content of a specific Content Type that has several CCK fields
- view content created by any organization
- edit own content AND content created by any user within the same organization
Additional requirements:
- The entire system is closed, i.e., all users and organizations (and association of user to organization) will be created by an admin.
- Organizations may come and go from the system and there needs to be a way of hiding all the organization's content when it leaves as well as unhiding it when it returns.
- There needs to be a way to store information about each organization. Like the Content Type above, some of the fields should be viewable by all users and some should be viewable only by users within the organization (also some should be admin-only viewable). Also, some of the fields should be editable by users within the organization while others should be editable only by admin.
Being new to Drupal I have scoured docs and articles and looked at a number of modules including OG, Node Access, Taxonomy Access, and others. None of these appears to do exactly what I want, although, I confess I may not understand all the capabilities. I also considered creating a role for each organization but this seems like it would be an administrative nightmare down the road.
What approach do you recommend?
Thanks,
Eric
Comments
OG is the yat to go... I think.
I'd focus on OG. It can be set up in such a way so that only a single administrator can create groups. You can make group posts public to the whole website easily, And use OG User Roles to give users within groups permission to edit other posts within that group.
As far as your additional requirements:
Closed System:
OG can do this. It sort of eliminates the "Organic" part, though.
Hiding the group:
Groups are just nodes, so you simply unpublish them, and they go away. The users won't though. Posts will be visible only if there is another way to access them (such as search). It may be possible to use the content administration screen to list only nodes of a certain group, then you can hide them all manually.
Group Info:
This is more tricky. But still doable, I think. The group node would hold all this information. Then, you would use CCK Field Permissions to hide the fields from various roles. The key to making this manageable is to limit the number of roles you have. You could alternately use CCK Blocks to place the fields in blocks, and use the block admin page to hide them from certain roles. You would be using a combination of these modules and OG User Roles to grant these permissions. You could also use CCK Fieldgroups to group the info, then use CCK Field Group Tabs to display the info, then use CSS to hide the fieldgroups based on Role. Not secure, cause you would still be able to view the info in the source code, but it's an option.
A non-OG approach would be to use Taxonomy to "Tag" a group CCK content type with a unique groupname. You could use CCK userreference to "assign" folks to groups, and views to display everything, but I have no idea how the access control would work in that scenario.
Bottom line is that this is Drupal, from D6 and beyond: There is no more single-module solution for anything. The community wants to get away from that in favor of more modular solutions. It isn't as user-friendly as turning on a module, but it's WAY more powerful.
Blessings,
Tony
Anthony Pero
Project Lead
Virtuosic Media
http://www.virtuosic.me/
OG is the way to go
Thanks for the tips, Tony. I believe the crux issue is that all organizations should be able to view the content (a custom Content Type--not blog) and that all users within an organization that creates an item should be able to edit the item. I have not figured out a way to do this with OG or anything else. Also, the system needs to be set up so that it works this way automatically. Users should only create and edit their content; they should not have to set permissions on it, especially since it's the same every time.
OG User Roles
This is what OG User Roles does... The sitewide Admin goes into the OG User Roles permission settings and can grant certain roles additional privileges (such as edit all content) as long as they are inside the group. So as long as every user has this role, they will be able to edit all the content within their group.
Tony
Anthony Pero
Project Lead
Virtuosic Media
http://www.virtuosic.me/
OG User Roles
You are right. I finally stumbled on how to do what I want using OG. The only real hurdle was not understanding OG's terminology.
The key is: when setting up the Content Type, use "Wiki group post" in the OG settings. Seeing the word "Wiki" had made me think this was the way to set up an actual Wiki site. After playing with it, I realize it's exactly the setting I need. It means Wiki-style of access control, where everyone (in the group) shares permission to modify.
If anyone who works on OG happens to read this, it would be clearer, at least to the uninitiated, to omit "Wiki group post" from the label and only use what's now in parenthesis: "Any group member may edit."
Thank you, Tony! for coaching a newbie and even coming back for a second helping.