First off, excellent job on the new features in Acidfree. I think a lot of people will be very happy with the results. Now, for the give em an inch, and they ask for a mile.. I was wondering if it would be possible to restrict what users have access within a specific album? In my scenario, I, as root have the top level album (A). Within this album, I would like to have albums 1,2,and 3. No users will be allowed to add/delete anything within album A, but the owner of album 1, should have complete access within that album. I have not seen anything out there that allows for a scenario like this. Again, Kudos on the work so far within Acidfree

Comments

vhmauery’s picture

The policy I tried to create was that a user could add elements to an album IFF:
1) the user is user 1 (site administrator) OR
2) he has rights to 'edit own acidfree elements' AND it is his own album OR
3) he has rights to 'can upload to any album' OR
4) the owner of the album set the 'share' bit in the database

Users can edit an album (which is different than adding items to albums) IFF:
1) the user is user 1
2) he has rights to 'edit own acidfree elements' AND it is his own album OR
3) the node_access module says that that node is world writeable (which is probably rare)

This is what I thought I coded up and tested, but I suppose I might have been wrong. Is this not what you are talking about?

akaney’s picture

The coding that you did works exactly as you said it would, and it does a great job. The question that I had was if I set an album to be shared, would it be possible so that only certain users could edit the files within that album? I have more than one album, with certain users only allowed to upload to specific albums.

vhmauery’s picture

Gosh, no kidding about give them an inch!

Right now, there is no way to do what you want. But I suppose you could be the first to write something. The problem is that it requires a more complex interaction with authorization schemes than I was willing to conjure up. The shared bit is pretty straight forward.

There might be some way to do this using the node_access table, but I am not sure.

Steel Rat’s picture

The problem is that just about all access within Drupal is role-based, which will only get you so far. I have a simliar need in other modules, and in Drupal core, the ability to assign content nodes to named users instead of a role. It's just not practical to setup a new role each time for some small little thing that needs to occur for one or two users.

So, until there is role and named access control, we won't get there.

vhmauery’s picture

Status: Active » Closed (won't fix)

As it is, albums have the same permissions as Unix -- user, group, and other. Adding in per-user permissions is going to the ACL level, which gets messy. So I think I am going to mark this as a "Won't Fix" because 1) it is not really and Acidfree issue (it is a Drupal issue) and 2) it would be VERY complex and I don't want to do it. But you might want to bring this issue up for post Drupal 4.8 ideas -- a lot of people have this problem with node_access and it might be time to round up a posse and rewrite it to make it work for you. Code talks -- submit a patch when the next feature window opens up.

akaney’s picture

Thanks for your input on this vhmauery. Your work on this project is much appreciated.