Tacle Rules

Description

This module is an extension between the TACL (Taxonomy Access Control Lite) and the Rules modules.

Put simply (Hmmm,) it lets you assign TAC permissions to users & roles via triggered rules.

This module is sponsored by Made to Order Software Corp..

Requirements

Obviously, you need the TACL and Rules modules. As of today (Jun 14, 2009), however, some of the features I mention on this page are not available in the Rules module. And there is a security issue with TACL (although most certain quite benign, you probably want to apply the patch.) The other TACL patches are not required.

So... it will work with the stock versions of TACL and Rules, but you won't get all the functionality and the use of the Taxonomy in Rules is very limited in version 1.0. And obviously, to use TACL, you kind of need a lot more functionality in the Taxonomy selection to make it all work!

* #490892: Assign parent term to term
* #456328: Taxonomy actions: Add/Delete term
* #490902: Load term by name
* #491984: New user 'data' field not supported! (REQUIRED to support new users!)
* #490898: Condition: does term exist?
* #490520: Rules module support...
* #491562: Security issue in both form (this one is fixed.)
* #461074: tac_lite_db_rewrite_sql() inefficiency
* #310373: Support free tagging vocabularies

Capabilities

Condition

Check a role tac_lite access

Requirements

• Loaded or added a role
• Loaded or added a category
• Loaded or added a term

Setup

• TAC Lite Setting number (1 through 8)
• Whether the permission is added or removed

Check a user tac_lite access

Requirements

• Loaded or added a user
• Loaded or added a category
• Loaded or added a term

Setup

• TAC Lite Setting number (1 through 8)
• Whether the permission is added or removed

Actions

Change a role tac_lite access

Requirements

• Loaded or added a role
• Loaded or added a category
• Loaded or added a term

Setup

• TAC Lite Setting number (1 through 8)
• Whether the permission is added or removed

Change a user tac_lite access

Requirements

• Loaded or added a user
• Loaded or added a category
• Loaded or added a term

Setup

• TAC Lite Setting number (1 through 8)
• Whether the permission is added or removed

Example

Hmmm... okay! I guess I'll give you an example.

In my case, I have 6 roles:

* Anonymous
* Authenticated
* Parent
* Child
* Editor
* Admin

Their permissions goes like this:

* Anonymous -- view public pages (i.e. no TAC assigned)

* Authenticated -- view public pages, can purchase a service which makes them Parent automatically

* Parent -- Parents can view public pages and view & update a set of posts they make; a parent can create a Child and is automatically given permission to view the Child's posts

* Child -- the Child can view public pages and view their own posts only

* Editor -- the Editors work on the back-end and get all the necessary permissions to view all the Parent and Children posts, but no edit of those posts. Of course, they can also see other public & private pages, but that does not need to be dynamic

* Admin -- In regard to Parent & Child posts, pretty much like the editor, can also do some other things but no delete, no update

So... there are the steps in the Rules setup:

1. Anonymous users come visit your site

2. Anonymous user decides that he wants an account and registers

3. Once registered, the logged in user can purchase the service

3.1 At that point the user is assign the role Parent

3.2 At that point the user is assign a term "user-[uid]" where uid is his user identifier

3.3 At that point the user is assign permissions to view & update pages assigned the term "user-[uid]"

3.4 At that point Supervisors & Admins are assigned permissions to view pages assigned the term "user-[uid]" (NO UPDATE)

4. Once registered, the Parent user can create any number of Child users, he does that and

4.1 At that point the child is assign the role Child

4.2 At that point the child is assign a term "child-user-[uid]" where uid is the child user identifier

4.3 At that point the parent is given "child-user-[uid]" as a child term of his "user-[uid]" term

4.4 At that point the child is assign permissions to view & update pages assigned the term "child-user-[uid]" (although some type of pages are NOT editable via the regular node permission settings.)

4.5 At that point the parent is given view & update permission over the Child pages

4.6 At that point Supervisors & Admins are assigned permissions to view pages assigned to the term "child-user-[uid]" (NO-UPDATE)

5. A Parent or a Child create a new node

5.1 At that point the new node is assign their respective term "user-[uid]" or "child-user-[uid]"

6. A Parent user is being deleted

6.1 At that point all of its children get deleted (this is not yet implemented though...)

I think that's about it. As you can see, it is not exactly straight forward.

Downloads