I'm creating this issue because Berdir and I decided we wanted this feature, but thought we would wait on it until we had completed the D7 port.

There are a lot of benefits of a simple "Grant access to a node" Rules action. That one action could largely replace the need for an entire API for granting access.

A primary use case for me would be to use Userpoints Nodeaccess in conjunction with Drupal Commerce. Because Drupal Commerce is entirely rules-based, if a user bought access to a node (instead of trading in points) this rules action would allow the user to be added to the node's access list upon purchase.

I'd love to see this as the first thing we implement after concluding the D7 port.

--Ben

Comments

mcfilms’s picture

This would be great. Any chance this feature would receive a backport to D6?

BenK’s picture

Since I'll be using Userpoints Node Access in production within the month, I'm bumping this to the top of the issue queue. It's one of the last missing features I need to make this work in production (and to integrate it with Drupal Commerce).

--Ben

P.S. @mcfilms: Berdir and I haven't been working on the D6 version of this module... only D7. There are a variety of other things that would need to be fixed first in the D6 version. So it's probably unlikely to get a backport unless someone else picks it up.

BenK’s picture

Just wanted to flesh out what is needed here:

Basically, we need the rules action to update the userpoints_nodeaccess table. Within that table, here are the fields that we need updated:

* pnaid: The userpoints nodeaccess id (this is just an auto-increment field)
* uid: The user id
* nid: The node id
* timestamp: The date/time of the action

So there's not that much here... for implementation with Drupal Commerce, we'd just need Drupal Commerce to pass the user id of the user who purchased and the timestamp. A product condition could be placed on the purchase event, so that we're only granting access for a particular product during the action. And then the nid to be granted would be chosen manually by the site admin as part of the rules action.

--Ben

berdir’s picture

Status: Active » Needs review
StatusFileSize
new1.52 KB

Patch is quite trivial (for rules ;)), please test.

Spent maybe 10 minutes writing the patch and an hour to have a working rules installation again (fatal errors after updating and so on..) ;)

BenK’s picture

Awesome!!! :-) Testing this now!!!

--Ben

BenK’s picture

Status: Needs review » Needs work

First, the patch in #4 works great. No problems at all. Works perfectly and everything in the userpoints_nodeaccess table looks just as it should. :-)

Just a couple things I'm wondering about:

A. Is it bad if a rule grants access to a node that a user already has access to? Basically, there would be a duplicate entry in the userpoints_nodeaccess table (but with a different auto-increment pnaid). Should we prevent this by first checking if the user already has access to that node before actually granting it? In such a case, we'd want to prevent the duplicate node access grant, but not cause a fatal error.

B. It occurred to me when testing that if you mistakenly grant a user access to a node (perhaps via an incorrectly configured rule), there's no way to remove that user's access. Same thing goes if a user mistakenly grants himself access to a node (and wants a "refund"). So would it be difficult to add a complementary "Remove access to a node" action? This would simply delete that row from the userpoints_nodeaccess table.

We'd just want to make sure that we could gracefully handle the case where the rule says to remove a user's access to a node, but the particular user hasn't actually been granted access to that node. So like A, we'd need to first check that the user has access (before trying to remove the access). If the user doesn't already have access, then we wouldn't want to cause a fatal error by trying to remove something that doesn't exist. This may be another reason why we need A: So we can be sure that the same user isn't granted access to the same node more than once. (That would make it unnecessarily complicated to remove access.)

Thoughts? Thanks again, Berdir!

--Ben

berdir’s picture

Status: Needs work » Needs review
StatusFileSize
new2.48 KB

A. Converted to a merge query, it's not going to add duplicate rows now :)

B. Added the revoke action. It doesn't matter if a row exists or not. We're just telling the database to remove all entries for the given nid/uid. Doesn't matter if there are 0 or 1000 rows which match the condition.

BenK’s picture

Status: Needs review » Reviewed & tested by the community

This is working great. Duplicate rows are gone and the revoke action is working well (especially after Berdir helped solve my rules confusion). This is RTBC! :-)

--Ben

berdir’s picture

Status: Reviewed & tested by the community » Fixed

I've commited this quite some time ago but forgot to mark it as fixed.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.