Guidance please: access control module comparison
Help me wade through the morass of access control modules! There are a ton available, and the information on them ranges from sparse to overwhelming. Rather than downloading ten separate modules and testing each of them individually, I thought maybe I could narrow the list first... given the guidance of anyone who's actually used some of these modules. :)
I want to have sophisticated control over access to and the visibility of:
- nodes
- blocks (menus, etc.)
- modules
Based on:
- user role
- user ownership
- workflow state
- node type
Here are a few examples of things I'd like to do:
- Have menus that are only visible to certain roles
- Have menu items that are only visible to certain roles.
- Have an admin user's development blog that is visible only to users with a site development role, and not accessible at all publicly
- Allow created content of a certain node type to go through a peer review process, with access based on role and workflow state. For example:
- When a document is a draft, only the owner can see it.
- When the document is up for review, a certain role can see it and add comments
- Comments on this node type are never visible to users without this "document creator" role or an administrative role.
- When an administrator approves a document in a review workflow state, it becomes published and visible to either (a) all users or (b) all authenticated users, depending on an "internal/external" setting that will exist for that node type.
Here's a list of the modules I found that provide access control. I've sliced out a few already that did not seem to fit.
- Path Access
- Simple Access
- Taxonomy Access Control
- Tac_lite
- Tree Access Module (pacs)
- Node privacy byrole
- OG Block Visibility
- node_access_arbitrator(shying away from this one since it's advertised as "in its infancy" and I need a stable modulee)
Please note that I want to avoid hacking existing modules to reduce the overhead in applying patches and upgrades. Also, I am assuming that, in general, the modules above would probably conflict with each other--if you know two can work together, I'd love to know that too.
Any recommendations for modules you've used (or developed!) and whether they can do what I'm looking for would be quite helpful. Thanks in advance.
Reviewing permission modules
Hi xjm.
How is your testing going? I'm interested on the same question and I've found that you haven't received any feedback. I think is a tricky issue. I'm building company sites and a big national community site and all require complex permission rules that go beyond what Drupal offers as standard.
I've tested some of them and the trickiest point in your list is 2: controlling menu items on menus by roles. All of the mentioned modules work properly with their nuances that could make fit each one on concrete projects, but where all of them fail is on assigning permissions to menu items. At least this is my experience, maybe some do it, but the lack of clear documentation (and clear implications with other modules) makes me think that any one of them do it. That point is not important but having a branch of menus (beautifully rendered by nice_menus module nowadays) accessible to everyone that drive to pages with restricted access that displays a "you have not access to those pages" is not elegant, if some pages have restricted access and I've set their menu position from the node edit form I should be able to declare that the menu item have the same role permission. I see things advancing firmly on that sense on the last Drupal versions but still lack integration.
Regarding the different modules you list I would say:
I wouldn't mind to keep your thread alive :-)
Two levels of needs
BTW, I guess that this permission question is complex for Drupal itself, because it means the possibility to offer two levels of use: a simple one for general users (blog-like sites) and another very sofisticated one for big complex (company-like sites) ruled by full-time administrators. I see that controversy on many other areas which sometimes leads me to hack some code (and thus loosing compatibility with the official branches).
update
Just wanted to put in an update in case anyone finds my thread in a search. Here are the things I've done to manage access control on my site:
It's not a complete solution--I'd still like to control the visibility of individual menu items by role--but it's a start.
The issues related to workflow are another can of worms, and I'll post more on them if I remember once I've tackled it.
=======================
Just another newbie.
XHTML Strict: it's the way to be.
=======================
Feature request: HTML Source Formatting in TinyMCE
Two new mdules
I discovered two new modules that could be listed here:
- http://drupal.org/project/content_access - allow per node content access or extend ACL base on content type
- http://drupal.org/project/forum_access - As the name suggest refers only to forum content