Custom content access question

Posted by andystox on September 3, 2010 at 10:15am

I have an access control use case that does not appear to be suited to any of the contributed access control modules out there, so I am considering writing my own custom module, but as I have never done so before would appreciate a sanity check.

The use case is as follows:

I am using Organic Groups to create Project nodes which are private groups and content posted to the project is only visible to members of the project.

While there is only one "project" OG content type, there are actually many different kinds of project (for the sake of illustration lets just say that there are only 2 - "standard" and "custom"). I can't have a separate OG group content type for every project type (e.g. instead of having one "project" content type, having separate "standard project" and "custom project" content types) as this will be very cumbersome in the long run. So I need to have only one "project" content type and be able to set what type of project it is by a CCK field, so when you create the project.

Independent of the project types is a set of documentation that I need to share with users. While a lot of documentation is shared between content types, some documentation should only be visible to certain project types. In this case, users that are members of "custom" projects should not be able to see "standard" documentation.

This is where the problem comes in - this restricted documentation has to be restricted according to the project type, but I obviously can't upload the document into each and every group of that type.

As I said, none of the popular content access modules work for this particular case, so it's looking like I will need to write my own module, and it will need to go something like this:

1. The project, document and user profile content types all have a common "project type" CCK field.
2. Users can only be created within the context of a project and they inherit the project type from the project as a profile CCK field.
3. When assessing whether or not a user can see a document, the module will need to compare the user's CCK field with the documents CCK field and if they match, access is granted.

However this seems to be at odds with the way permissions in Drupal works (it can't seem to be done on the fly, it looks like the permissions needs to be saved in some way).

I would massively appreciate anyone with more Drupal experience than I reviewing the problem case and letting me know if I am wasting my time going down the module route I described. After a couple of weeks looking into this it does unfortunately appear to be my only option.

Comments

_

Posted by WorldFallz on September 3, 2010 at 4:36pm

Instead of using OG-- why not just use taxonomy and taxonomy_access or tac_lite. If you really want to use og, you could probably integrate with taxonomy access but you may need the module_grants module.

__{Don't be a Help Vampire - read and abide the forum guidelines.

If you find my assistance useful, please pay it forward to your fellow drupalers.}

Just some more info

Posted by Wolfflow on September 3, 2010 at 5:26pm

I'm surely not an expert about OG but as I'm also searching for a long time an access control for my own project. I can share with you some of my focused contibuted modules that may contain similar or usefull code for building a custom module:

Access related Modules:

Module Grants as mentioned above by WorldFallz
Content Access
Accessible Content
Node Access
Access Private
Restricted content
User Reference Access
Node Access User Reference
Content moderation
Access Permision Grouping
CCK groups

Permission related Modules:

Documentation:

Searches

Search for "Content access control" filter by Drupal 6 modules and Most installed

-WJZ
---------
_{Thanage Community on COMMONS 2}

This may be interesting for

Posted by Wolfflow on September 3, 2010 at 5:36pm

This may be interesting for you too:

Project / task feature requirements
especially comment -> In re: tasks / subtasks

-WJZ
---------
_{Thanage Community on COMMONS 2}

Thanks for the assistance

Posted by andystox on September 7, 2010 at 8:56am

Thanks for the assistance all. After looking into it I have to agree that it looks like TAC is going to get me closest to what I need. But lots of useful information all round, many thanks!

Out of interest, while I was looking into how to write a module to do what I need, I came across the following comment that explains access grants better than anything else I found so figured it's worth sharing if any of you find yourselves trying to get your heads around the concept at any point.

Check out the comment by Jay here http://drupal.org/node/689458

Very good post

Posted by Wolfflow on September 7, 2010 at 3:52pm

Hi @andystox, thank you too for your suggestion. It's really a good explanation about Access Realms.

Regards

-WJZ
---------
_{Thanage Community on COMMONS 2}